Privacy

APEX PERFORMANCE LABS (PVT) LTD (“Apex”, “we”, “us”) operates the website at trainatapex.com and the member-facing apps at app.trainatapex.com and console.trainatapex.com. Head office: B 05/05, Royal Park Condominium, 115 Lake Drive, Rajagiriya 10107, Sri Lanka. Members train at Alpha, Melbourne Avenue, 36 Melbourne Avenue, Colombo 4.

Our technology platform is built and operated in partnership with Stead AI Platform (stead.fit), which provides the software infrastructure underlying the member app, nutrition coaching engine, and staff console.

• Identity & contact. Full name, NIC or passport number, date of birth, gender, email, WhatsApp number, postal address, and emergency contact details.
• Health & medical data. Blood test results, medical conditions, allergies, medications, injury history, and physician notes related to fitness suitability. This is treated as sensitive personal data and is collected only to assess eligibility, design your programme, and ensure your safety.
• Biometric & performance data. Body composition, body measurements, heart rate variability, metabolic rate, workout logs, strength metrics, recovery scores, attendance, and nutritional intake.
• Payment. We do not store full card numbers. Card data is captured directly by DirectPay Sri Lanka. We store the transaction reference, amount, method, and payment link details.
• Communications. Records of your interactions with staff via WhatsApp, SMS, or email, and your responses to questionnaires and consent forms.
• CCTV footage. Our gym premises operate 24-hour CCTV for the safety and security of members and staff, and for crime prevention and detection. Footage is retained and processed in accordance with this policy and applicable law.
• Site analytics. Anonymised pageview data, referrer source, and broad geographic region. Used to improve the site and not linked to individuals.

• To assess your eligibility and set up your membership.
• To deliver and personalise your programme and coaching.
• To process payments, issue receipts, and meet our accounting and legal obligations.
• To send service messages (session confirmations, programme updates, billing notices). We do not send marketing communications without explicit opt-in.
• To monitor facility safety and security via CCTV and access records.
• To maintain member accounts and schedule access to the facility and the app.

By entering into a membership agreement with Apex, you grant Apex and Stead AI Platform a licence to use your anonymised (de-identified) data for the following purposes:

• Training AI algorithms for health and fitness prediction and improving the Stead AI platform.
• Internal aggregate statistics and service improvement.
• Research shared with universities, hospitals, medical groups, insurance companies, and other commercial partners, where data cannot be traced back to any individual.

Your personally identifiable information (name, NIC, contact details) will never be sold or shared with third parties without your explicit additional consent. Only anonymised or de-identified data is used for the purposes above. You retain ownership of the personal data you provide; the licence above applies exclusively to its de-identified form.

We share identifiable personal data only with partners necessary to deliver the service:

• DirectPay Sri Lanka. Card payment processing.
• Stead AI Platform (stead.fit). App infrastructure, member records, nutrition engine, and staff console.
• Partner clinical labs. Where you opt into a medical assessment, your sample reference and result report only.
• Legal and regulatory bodies. Where required by law.

Third-party processors operate under contractual obligations regarding confidentiality and compliance with applicable data protection law.

In the course of providing our services to you, we may transfer your personal data to countries outside of Sri Lanka. Cloud hosting, database storage, and the AI services that power your in-app coach and meal recognition are all operated in the United Kingdom. Some third-party providers we use for messaging, email delivery, and anonymous website analytics may operate from other jurisdictions.

Your bloodwork and clinical records are restricted to your assigned clinician and the staff strictly necessary to deliver your program — they are stored only in our UK database and are never shared with our messaging, email, enrichment, or analytics providers.

Where international transfers occur, we rely on the standard contractual clauses published by our service providers and share only the minimum data each service needs to function. We do not sell your personal data. For any questions about how your data is used or transferred, contact info@trainatapex.com.

Active member data is kept for the duration of your membership and for seven (7) years after termination to meet legal record-keeping obligations. CCTV footage is retained for the period required by law and then deleted. Marketing preferences take effect immediately on request.

Under the Personal Data Protection Act No. 9 of 2022 and applicable law, you have the right to:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Request correction of inaccurate or incomplete data.
• Erasure. Request deletion of your data, subject to our legal and contractual obligations.
• Object. Object to the processing of your data for direct marketing at any time.
• Withdraw consent. Withdraw consent to data transfers at any time by contacting us. Note that withdrawal may limit our ability to provide certain services.

To exercise any of these rights, send a written request to info@trainatapex.com from your registered email address. We respond within thirty (30) days. We may ask you to verify your identity before processing the request.

All connections to trainatapex.com and our member apps are protected by TLS (HTTPS). Data at rest is encrypted by our cloud providers. Access to member records within our staff systems is role-gated and logged. We implement reasonable administrative, technical, and physical safeguards against unauthorised access, loss, or misuse.

This site uses only functional and analytic cookies. We do not use third-party advertising cookies or trackers.

We may update this policy from time to time. The updated date at the top of this page reflects when changes were last made. Continued use of our services after an update constitutes acceptance.