This Privacy Policy explains how ApexCoaching collects, uses, stores, shares, and protects your personal data when you use our fitness and nutrition coaching platform.
ApexCoaching operates from the Republic of Türkiye and processes personal data primarily in accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and its secondary legislation.
Where we provide services to individuals in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), we also seek to align with the EU GDPR (Regulation (EU) 2016/679) and UK GDPR. In case of conflict, mandatory local legal requirements prevail to the minimum extent required by law.
This Policy explains our data practices in connection with:
This Policy forms part of our legal framework together with our Terms & Conditions and any additional consents you provide (e.g., explicit consent for health data).
For the purposes of KVKK (and, where applicable, GDPR), ApexCoaching is the Data Controller for personal data processed through the Platform.
Privacy Contact: [privacy email]
Where required by law or operational needs, ApexCoaching may appoint a data protection representative and/or a Data Protection Officer (DPO). If appointed, contact details will be published on the Website.
We process personal data:
These principles align with GDPR Article 5 where GDPR applies.
Name, date of birth, gender (where you provide it).
Email address, phone number.
Account identifiers, role (member, trainer, nutritionist), subscription status, and plan history.
Collected only when you voluntarily provide it or request related services, and may include:
Subscription and payment status and transaction history. Full card details are handled by our PCI-compliant payment provider and are not stored by ApexCoaching.
IP address, device identifiers, browser type, log data, cookies, and similar technologies.
In-app messages between you and your coach, notifications, and support requests.
We process personal data on one or more of the following bases:
Health and fitness data (special category data) is processed on the basis of your explicit consent (KVKK Art. 6 / GDPR Art. 9(2)(a)). You may withdraw consent at any time; withdrawal may limit our ability to provide certain Services.
We do not sell your personal data.
Health and fitness data is treated as highly sensitive. Safeguards include restricted, need-to-know access, role-based permissions, secure storage, controlled sharing, and additional consent controls.
This data is shared only:
Trainers and nutritionists assigned to you receive the data needed to prepare and manage your programs and to communicate with you.
IT hosting and infrastructure, email delivery, and support tools, subject to contractual confidentiality and security obligations.
Our third-party payment processor for subscription and service payments.
Where required by law, lawful request, or to protect rights and safety.
We do not sell or rent personal data to third parties for their own marketing.
Your data is primarily processed within Türkiye. Where data is transferred abroad (e.g., to hosting or infrastructure providers), we apply the safeguards required under KVKK Art. 9 and, where GDPR applies, Chapter V (such as Standard Contractual Clauses), together with appropriate technical and organisational measures.
We retain personal data only as long as necessary:
Financial records are kept for the periods required by Turkish law. Health and fitness data is retained while needed for your Services and is deleted upon a valid request unless a legal retention obligation applies.
Subject to applicable law, you have the right to:
Requests: [privacy email]. We aim to respond within 30 days, and in any event within the periods required by KVKK.
We may use cookies and similar technologies for essential platform function, security, and (where enabled) performance and analytics. Where required by law, we implement consent mechanisms. You can manage cookies through your browser settings and any on-site consent tool.
We may use AI-supported tools to assist with wellness analytics, summaries, and program structuring. We do not use fully automated decision-making that produces legal or similarly significant effects without human oversight. All guidance remains advisory and subject to human review and your own decisions.
We implement commercially reasonable measures such as access controls and authentication, secure hosting, monitoring and logging, organisational confidentiality controls, and vendor security obligations. No system is fully secure, but we continuously work to improve protection.
In the event of a personal data breach, we will assess the risk promptly, notify the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu) and, where GDPR applies, the relevant supervisory authority within the legally required timeframe, notify affected individuals where required, and document and remediate the incident.
ApexCoaching is not directed to individuals under the age of 18. We do not knowingly process personal data of minors without verified parental or legal guardian consent. If a minor wishes to use the Platform, a parent or legal guardian must provide verified consent and accept the Terms & Conditions and this Policy on the minor's behalf. If we learn that a minor's data was collected without appropriate consent, we will take steps to delete it. Parents/guardians may contact us at [privacy email].
Unless mandatory local law requires otherwise, this Policy is governed by the laws of the Republic of Türkiye.
Please contact us first at [privacy email]. You may also lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu) or, where GDPR applies, with your local supervisory authority.
We may update this Policy from time to time. The latest version will be published on the Platform, and continued use after publication constitutes acceptance of the updated Policy.