Legal

Privacy Policy

Effective date: 12 June 2026

Apex Trace is a personal health dashboard for iOS and Android. The short version: your health data stays on your phone — we don't have servers, and we can't see your data.

01 Data we access

With your explicit consent via Google sign-in, Apex Trace requests read-only access to your Google Health data:

activity & fitness (steps, calories, active-zone minutes, workouts, heart rate),
sleep (sessions, stages, and attached SpO₂, heart-rate variability, and skin-temperature values),
health metrics & measurements (e.g., resting heart rate, breathing rate),
your Google profile display name (via the standard openid and profile sign-in scopes), shown in the app's profile header so you can see who is signed in. We read the name from the sign-in token on your device; we do not request your email, fetch your profile photo, or send your name anywhere. It is stored only on your device and deleted when you disconnect.

Apex Trace never asks for write access and cannot modify your health data.

02 How your data is used

Your data is used solely to provide the app's visible features to you: rendering dashboards, charts, and trends, and computing scores and coaching insights. All processing — including every insight and recommendation — happens on your device. Nothing is sent to any server operated by us, and there are no advertising or behavioral-analytics SDKs in the app. The one optional exception is crash reporting, described in section 4 — it is off by default and never contains your health data.

Some insight and coach summaries are written by your phone's built-in, on-device AI (Apple Intelligence on iPhone, Gemini Nano on supported Android devices). This text is generated entirely on your device — your health data is never sent to any AI service, cloud model, or server to produce it, and is never used to train any model. You can turn these AI summaries off in the You tab; when on-device AI isn't available, the app simply hides those cards. Any reminders or alerts the app sends are local notifications generated on your device — there is no push server involved.

03 Where your data lives

Retrieved health data is cached in a private, app-sandboxed database on your device so the app works offline.
Sign-in tokens are stored in your device's secure storage (iOS Keychain / Android encrypted storage).
Apart from optional crash reports (section 4), the only network traffic the app generates is between your device and Google (sign-in and the Google Health API), always over encrypted connections (TLS 1.2+).

04 Optional crash reporting

To help us fix bugs, you can turn on "Share crash reports" in the app's You tab. This is off by default.

When enabled, technical reports about app errors are sent to Sentry (Functional Software, Inc.), a crash-reporting service acting as our processor.
A report contains only diagnostics: the type of error, a technical stack trace, the app version, and your device model and OS version, keyed to a random identifier that is not connected to your Google account.
Reports never contain your health data, your sign-in tokens, your name or Google identity, screenshots, or the content of any request to Google. The reporting tool's automatic capture of such material is disabled in our configuration.
You can turn the toggle off at any time to stop all future reports. Sentry retains received reports for a limited period (around 90 days) and then deletes them. Disconnecting your Google account also resets the random identifier.

05 In-app purchase (unlocking data sync)

Apex Trace is free and fully usable on built-in sample data. Connecting and syncing your real Google Health data is unlocked by a single one-time in-app purchase.

The purchase is processed entirely by the app store — Apple (App Store) or Google (Google Play) — acting as the seller and payment processor. We never see or store your payment details.
To handle the purchase, the store processes a purchase identifier for billing and restore purposes; this identifier is not linked to your health data or your Google account inside the app.
The app keeps only a simple on-device "unlocked" flag so it remembers you paid; it re-checks this with the store when it launches. We run no server and do no server-side receipt validation.
Your purchase identifier and product information are never written to our logs and never included in a crash report (section 4).
Because the unlock is tied to your purchase (not to your Google account), disconnecting Google Health does not revoke it — you won't be charged again.

06 Sharing and selling

We do not sell, share, transfer, or disclose your health data to anyone. We technically cannot: the app has no backend and your health data never reaches us. The only data that ever leaves your device for a non-Google destination is the optional, health-data-free crash report described in section 4. The in-app purchase (section 5) is handled by the app store and carries no health data.

07 Limited Use disclosure

Apex Trace's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: Google user data is used only to provide user-facing features of the app; it is never used for advertising, never sold, never used to train AI models, and no humans (including the developer) can read it.

08 Data retention & deletion

The app keeps a rolling cache (up to ~90 days) of your data on-device.
Disconnect (in the app's You tab) revokes the app's access with Google and deletes all cached health data and tokens from your device.
Uninstalling the app deletes all app data.
You can revoke Apex Trace's access at any time at myaccount.google.com/permissions; the app then loses all access and clears its local data on next launch.
Because we store nothing server-side, there is no additional copy for us to delete.

09 Children

Apex Trace is not directed at children under 16 and should not be used with a child's Google account.

10 What Apex Trace is not

Apex Trace displays estimates for general wellness purposes. It is not a medical device and provides no medical advice or diagnosis.

11 Changes & contact

We'll update this policy here and note material changes in release notes. Questions or requests: support@apextrace.app.