Axis EchoAxis Echo

Privacy Policy

Last updated: 26 March 2026

1. Who we are

Axis Echo is operated as a sole trader business in the United Kingdom ("we", "us", "our"). You can contact us at axisechoapp@gmail.com.

We are the data controller for the personal data collected through the Axis Echo mobile application and this website. If you have any questions about this policy or how we handle your data, contact us at axisechoapp@gmail.com.

2. What data we collect

We collect different categories of data depending on how you use Axis Echo.

Account information

  • Email address and password (used to create and secure your account)
  • Display name and username
  • Profile preferences including training mode and notification settings

Training and fitness data

  • Workout logs: exercises, sets, repetitions, weights, rest times, and workout duration
  • Workout ratings and personal records
  • Activity logs for non-gym workouts (cardio, sports, recovery)
  • Training programme selections and gym equipment profiles
  • Weekly training targets and consistency data

Body metrics (optional)

  • Height, weight, body fat percentage, and BMI
  • Estimated daily calorie targets derived from the above
  • Progress photos you choose to upload

This information is entered voluntarily. You are not required to provide body metrics to use Axis Echo.

Social and community data

  • Squad follow relationships and the privacy tier you assign to each follower
  • Training activity shared with Squad followers (subject to your privacy settings)
  • Workout photos shared via Squad (stored for 48 hours then deleted)
  • Pursuits group membership, scores, and results
  • Arena leaderboard position and Competition Rating
  • Academy cohort and monthly ranking data

Coaching data (PT Mode only)

  • Client relationships you create or accept as a coach
  • Client adherence and workout frequency data visible on your coach dashboard
  • Programmes assigned to clients and group challenge data
  • PT profile information including bio, location, and specialisations

AI feature data

  • Gym photos submitted for equipment detection - used only to identify equipment and not stored beyond the processing request
  • Training history used by Axi to generate personalised coaching feedback

Technical and usage data

  • Device type, operating system, and app version
  • App usage events (screens viewed, features used, session duration)
  • Crash reports and error logs
  • Push notification tokens (used solely to deliver notifications you have enabled)
  • IP address and approximate location derived from it

3. How we use your data

Providing the service. Your account data, training logs, and fitness information are used to run Axis Echo - delivering your personalised dashboard, calculating scores, managing competitions, and enabling social features.

AI coaching (Axi). Your training history is analysed to produce personalised coaching feedback. This processing happens within our infrastructure and is not used to train AI models.

Gym photo analysis. Photos you submit for gym setup are processed to detect equipment. They are not stored after processing and are not used for any other purpose.

Leaderboards and rankings. Your username and scores are displayed on public and semi-public leaderboards (Arena, Academy, Pursuits) in accordance with your Social or Solo mode setting.

Coaching features. If you use PT Mode, limited training activity data for your clients is made available to you as their coach, and vice versa. Both parties consent to this when the coach-client relationship is established.

Analytics and improvement. Aggregated usage data helps us understand how the app is used and where to improve it. We do not sell analytics data.

Communications. We send in-app notifications for events relevant to your account (competition results, Squad activity, coach invites). We do not send unsolicited marketing emails.

Safety and fraud prevention. We monitor for abuse, cheating on leaderboards, and violations of our Terms of Service.

4. Legal bases for processing (UK GDPR)

Contract performance. Processing your account data, training logs, and competition data is necessary to provide the service you signed up for.

Legitimate interests. We process usage analytics, crash reports, and security data to maintain and improve the app. We have assessed that these interests do not override your rights.

Consent. Features involving optional data - body metrics, progress photos, social visibility, and Squad sharing - are processed on the basis of your explicit choice. You can withdraw consent at any time by adjusting your settings or switching to Solo mode.

Legal obligation. We will retain or disclose data where required by applicable UK law.

5. Health and fitness data

Workout data, body metrics, and progress photos may constitute health data under UK GDPR. We treat this information with additional care:

  • It is not sold or shared with third parties for marketing purposes
  • It is not used to make automated decisions that produce legal or similarly significant effects
  • Body metrics and progress photos are stored privately and are not visible to other users unless you explicitly share them
  • You can delete this data at any time from your profile settings

6. Sharing your data

We do not sell your personal data. We share it only in the following circumstances:

With other users, at your direction. When you use social features - Squad, Pursuits, Arena, or Coaching - limited data is shared with other users in accordance with your privacy settings. You control what each follower can see.

With service providers. We use third-party infrastructure to operate Axis Echo. These providers act as data processors under contract and are not permitted to use your data for their own purposes. Key providers include:

  • Supabase (database, authentication, and storage infrastructure - hosted in AWS eu-west-2, London, UK)
  • PostHog (product analytics - EU-hosted at eu.i.posthog.com)
  • Google (Gemini AI - powers gym photo analysis and AI coaching features; data may be processed outside the UK/EEA, see Section 9)
  • Sentry (crash reporting and performance monitoring)
  • RevenueCat (subscription and payment management)

For legal reasons. We may disclose data if required by law, court order, or to protect the rights, property, or safety of our users or the public.

In a business transfer. If Axis Echo is acquired or merged, user data may be transferred as part of that transaction. You will be notified in advance.

7. Data retention

We retain your data for as long as your account is active. Specific retention periods:

  • Workout photos shared via Squad - deleted automatically after 48 hours
  • Gym photos submitted for equipment detection - deleted immediately after processing
  • Account and training data - retained until you delete your account
  • Anonymised analytics data - may be retained indefinitely in aggregated form

When you delete your account, your personal data is permanently removed within 30 days. Anonymised, aggregated data (such as aggregate leaderboard statistics) may remain.

8. Your rights under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Access. You can request a copy of the personal data we hold about you.

Rectification. You can correct inaccurate or incomplete data - most of this can be done directly in the app settings.

Erasure. You can request deletion of your personal data. Deleting your account from within the app satisfies this for most data.

Data portability. You can request your data in a structured, machine-readable format.

Object to processing. You can object to processing based on legitimate interests.

Restrict processing. You can ask us to pause processing of your data in certain circumstances.

Withdraw consent. Where processing is based on consent (body metrics, social features), you can withdraw at any time without affecting prior processing.

To exercise any of these rights, contact us at axisechoapp@gmail.com. We will respond within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International data transfers

Your core data is stored and processed within the UK and European Economic Area (EEA). However, certain features involve transfers outside these regions:

  • Database and backend infrastructure (Supabase) - hosted in AWS eu-west-2, London, United Kingdom.
  • Analytics (PostHog) - hosted in the EU (eu.i.posthog.com).
  • AI features (Google Gemini) - when you use gym photo analysis or AI coaching, your data is sent to Google servers which may be located outside the UK/EEA, including in the United States. Google processes this data under their Data Processing Addendum and Standard Contractual Clauses (SCCs) approved by the UK ICO. Gym photos are not stored by Google beyond the processing request.
  • Crash reporting (Sentry) - error and performance data may be processed outside the UK/EEA. Sentry processes data under Standard Contractual Clauses.
  • Subscription management (RevenueCat) - payment and subscription data may be processed in the United States under Standard Contractual Clauses.

10. Analytics and tracking

We use PostHog to understand how the app is used. PostHog is configured to use EU infrastructure (eu.i.posthog.com) and does not use third-party cookies. Data is collected under our legitimate interest in improving the product.

We have assessed that our legitimate interest in collecting anonymous usage data (such as which screens are viewed, which features are used, and session duration) does not override your rights or freedoms. The data collected is limited to what is needed to improve the app, contains no health or fitness information, is hosted within the EU, and is not shared with advertisers or other third parties. You can opt out of analytics at any time from the Data & Privacy section in your profile settings.

We do not use advertising tracking, cross-site tracking cookies, or sell data to advertising networks.

11. Children

Axis Echo is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, contact us at axisechoapp@gmail.com and we will delete it promptly.

12. Security

We implement industry-standard technical and organisational measures to protect your data, including encrypted connections (TLS), access controls, and regular security reviews. No system is completely secure, and we cannot guarantee the absolute security of data transmitted over the internet.

13. Changes to this policy

We may update this policy from time to time. Significant changes will be notified via in-app notification or email. The "Last updated" date at the top of this page always reflects the most recent version. Continued use of Axis Echo after changes are posted constitutes acceptance of the updated policy.

14. Contact

For any questions, requests, or complaints regarding this privacy policy or your personal data, contact us:

Axis Echo

United Kingdom

Email: axisechoapp@gmail.com

If you are not satisfied with our response, you may contact the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint