Privacy Policy — AX Rivals
AX Rivals
Legal

Privacy Policy

Effective date: 9 March 2026  ·  AX Studio Labs Ltd

Overview

AX Rivals ("the app", "we", "us") is developed and operated by AX Studio Labs Ltd, a company registered in England and Wales. This policy explains what data we collect, why we collect it, and how it is used and protected.

We do not sell your personal data. We do not use your data for advertising. The data we collect exists solely to make the app work.

Data We Collect

Account data

  • Email address — used for authentication and account recovery
  • Display name and profile photo — shown to your rivals and on leaderboards
  • User ID — internal identifier linking your data across app features

Activity and challenge data

  • Challenges you create, accept, or complete
  • Workout logs submitted during active challenges (reps, sets, duration)
  • Streak records and active day history
  • League standings and leaderboard entries

Health data (HealthKit)

AX Rivals reads your daily step count from Apple HealthKit. This data is used exclusively to power step-based challenges and your active day streak. It is never stored on our servers, never shared with third parties, and never used for any purpose beyond in-app challenge tracking.

Messages and photos

  • Messages you send to rivals are stored in our database to enable conversation history
  • Photos shared in messages are stored in our secure file storage
  • Message content is only accessible to the sender and recipient

Device and notification data

  • APNs device token — used solely to deliver push notifications to your device
  • We do not collect device model, OS version, or any other device identifiers

Purchase data

  • Subscription and purchase status is managed by RevenueCat and Apple
  • We receive confirmation of your entitlement tier (Free, Pro, or Elite) only — no payment card details are ever accessible to us

How We Use Your Data

  • To authenticate your account and restore your session
  • To run challenges, track progress, and display leaderboards
  • To deliver push notifications about challenge activity
  • To enable messaging between you and your rivals
  • To calculate your active day streak using HealthKit step data
  • To deliver AX Core discount codes to eligible subscribers
  • To enforce subscription tier feature gates (Free / Pro / Elite)

Data Storage and Security

Your data is stored on Supabase infrastructure, hosted on AWS in the EU region. Supabase uses row-level security to ensure users can only access data they are authorised to see.

All data is transmitted over HTTPS. Passwords are never stored — authentication is handled via Supabase Auth using secure token-based sessions.

Device tokens used for push notifications are stored securely and used only to route notifications to your device.

Third-Party Services

  • Supabase — database, authentication, file storage, and push notification delivery
  • RevenueCat — subscription and purchase management
  • Apple HealthKit — step count (read only, on-device, never transmitted)
  • Apple Push Notification Service (APNs) — notification delivery

We do not integrate with any advertising networks, analytics platforms, or data brokers.

Data Sharing

We do not sell, rent, or share your personal data with third parties except as described above (Supabase, RevenueCat, Apple) and only to the extent necessary to operate the app.

Your display name and challenge activity may be visible to other users on leaderboards and in challenge results. You control your display name in your profile settings.

Data Retention

Your data is retained for as long as your account is active. If you delete your account, your profile, challenge history, messages, and associated data will be permanently deleted from our systems within 30 days.

HealthKit data is never stored by us — it is read on-device in real time and never transmitted to our servers.

Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Children

AX Rivals is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via an in-app notification or email. Continued use of the app after changes constitutes acceptance of the updated policy. The effective date at the top of this page will always reflect the most recent version.

Contact

AX Studio Labs Ltd

England, United Kingdom

Email: