Legal Compliance

Privacy Policy

Effective Date: June 27, 2026

Medical Disclosure Statement

APOS is not a medical device. The tools, algorithms, and telemetry data provided are strictly designed for high-performance athletic monitoring, training load tracking, and workload management. All recommendations, alerts (including Workload Spikes and Neuromuscular Fatigue flags), and scenarios are descriptive decision-support helpers. They do not constitute diagnostic medical advice or training prescriptions.

1. Scope & Identifier

This Privacy Policy applies strictly to the APOS mobile application and ecosystem, officially registered with the App Store under Bundle Identifier: com.athleticsci.APOS.

2. Data Security & Hosting Architecture

All user and organizational information is hosted in a secure database workspace powered by **Supabase**. We enforce high-grade security protocols:

Encrypted Transport: All data is securely transmitted in transit using strict HTTPS (TLS) connections.
Encrypted Storage: Telemetry logs and structural database segments are encrypted at rest.
Role-Based Access Control: Strict database schemas verify organizational authentication states before allowing read or write actions.

3. Advertising & Commercialization Limits

No Advertising: The application does not deploy advertising trackers, analytics brokers, or commercial marketing SDKs.
No Sale of Data: APOS never sells, licenses, leases, or shares personal or organizational performance database assets with third parties.
Organization Owned Data: All athlete profiles, rosters, and associated metrics remain the sole property of the purchasing athletic organization.

4. Apple Health (HealthKit) Telemetry

The platform retrieves physiological markers (including Heart Rate Variability, Sleep duration, and Resting Heart Rate) strictly through Apple Health permissions.

Read-Only access: The application only reads HealthKit parameters; it never writes or updates physical records in the Apple Health database.
Revocability: Athletes can revoke read permissions for any individual parameter at any time through standard iOS Settings.

5. GDPR Rights & Regulatory Disclosures

In compliance with the General Data Protection Regulation (GDPR) Articles 15–21, athletes and organizational users are provided with specific data sovereignty controls:

Right of Access (Article 15): Request a complete summary of your stored database telemetry at any time.
Right of Rectification (Article 16): Correct or update inaccurate wellness baseline information.
Right of Erasure / Deletion (Article 17): Execute a permanent deletion command to completely erase your athlete twin and history files.
Right to Portability (Article 20): Export your complete performance history in a structured, machine-readable JSON format.
Right to Withdraw Consent (Article 21): Revoke data processing approvals or turn off HealthKit imports.

To execute any of these GDPR rights, coaches or athletes can initiate a direct request from their settings panel or contact the organization administrator.