FlexForce XPerformance Decision Engine

LEGAL

Privacy Policy.

Last updated: 24 May 2026.

Flex Force X Operations Pty Ltd (ACN 692 102 971; ABN 70 692 102 971) (we, us, or our) is committed to protecting your privacy. This policy explains how we collect, hold, use, and disclose your personal information when you use the FlexForce X service (the Service), including our public website at flexforcex.fitness, our web app at flexforcex.app, and the FlexForce X iOS application, and when you otherwise interact with us.

This policy applies to all personal information we handle, whether we collect it through the Service, in person, or by other means. At the point we collect information from you, our Privacy Collection Notice explains the relevant collection context in a shorter form.

Quick Overview

  • We collect information you give us, information we generate when you use the Service, and information from connected wearables, your calendar, and other third-party services you choose to connect.
  • We treat health, biometric, location, mood, and DNA data as sensitive information and apply additional protections.
  • We use this information to provide and personalise our coaching, operate and improve the Service, and meet our legal obligations.
  • We use AI systems, including overseas providers, to generate coaching outputs. You can review and withdraw consent for AI processing at any time.
  • We do not sell your personal information or use advertising, retargeting, session replay, or cross-site tracking SDKs. We use Vercel Web Analytics on the public website for aggregate traffic and page-view reporting.
  • You have rights to access, correct, and delete your information, and to make a complaint.

If you have questions, contact our Privacy Officer at privacy@flexforcex.fitness.

1. Information We Collect

We may collect the following categories of personal information from you. Where relevant, we may also collect personal information about a person whose data you are authorised to provide, such as an emergency contact.

1.1 Identity And Contact Details

  • Name, email address, date of birth used to confirm you are 18+, and optional phone number.
  • Account credentials, authentication tokens, and device identifiers.
  • Time zone and locale.

1.2 Profile And Goal Information

  • Goals, such as strength, body composition, or performance, training experience, available equipment, and session duration preferences.
  • Schedule preferences and availability windows.
  • Coaching and communication preferences.

1.3 Sensitive Information

We handle the following sensitive information categories with additional care, and only with your express consent or where otherwise permitted by law:

  • Health information, including Pre-Activity Readiness Questionnaire responses, medical history, current medications, supplements, injuries, self-reported symptoms, recovery status, and progress photos if you choose to take them.
  • Biometric and physiological data from wearable devices and Apple HealthKit, including heart rate, resting heart rate, heart rate variability, respiratory rate, blood oxygen saturation, sleep stages, workouts, physical activity duration, steps, calories, weight, height, body composition, and where applicable menstrual-cycle tracking data.
  • Dietary information, including allergens, intolerances, dietary requirements, and food consumption logs.
  • DNA information, only if you choose to provide raw genotype data or summarised trait data. DNA processing is governed by a separate, explicit consent flow and is never required to use the Service.
  • Mood and emotional state, captured through optional daily check-ins covering mood, stress, motivation, and journal notes.
  • Cultural and background information, if you choose to provide it, used only to make culturally appropriate food and meal recommendations.

1.4 Service-Generated Information

  • AI-generated plans, recommendations, projections, and coaching outputs.
  • Training logs, meal logs, adherence, and slip events.
  • Embeddings and vectorised summaries of your behaviour and preferences, used to personalise future outputs.
  • Audit records of which decisions our systems made on your behalf and when.

1.5 Voice And Audio Information

If you use voice input, for example to log a workout or meal, the audio is processed on-device by Apple's speech recognition and converted to text. The transcript is sent to our servers. The original audio is not stored by us.

1.6 Location Information

If you enable location consent, we collect approximate location coordinates from your mobile device, used only to suggest nearby gyms and food options. Location data is coarsened before it is stored in our long-term memory systems, so the stored point does not pinpoint your home or precise position.

1.7 Device And Digital Information

  • IP address and approximate region derived from it.
  • Device model, operating system version, and app version.
  • Crash and error diagnostics.
  • Connection metadata, such as timestamps and request types.
  • Cookies and similar technologies, as described in our Cookie and Tracking Notice.

1.8 Transaction Information

If you purchase a subscription, we may receive billing and transaction details. For purchases through the Apple App Store, Apple processes the payment. We receive only a transaction reference and entitlement status, not your card details.

1.9 Communications And Support

We collect support requests, feedback, survey responses, and related correspondence.

1.10 Job Applicants And Personnel

For applicants and workers, we may collect professional and employment information, including employment history, professional experience, authorisations and licences, professional registrations, and right-to-work information.

2. How We Collect Personal Information

  • Directly from you when you create an account, complete onboarding, log activity, contact us, fill out forms, or respond to surveys.
  • Automatically when you use the Service, including from your interactions, device, and connected services.
  • From wearables and HealthKit, with your permission, including Apple Watch, Apple Health, and other supported devices.
  • From your calendar, with your permission, to avoid scheduling sessions over meetings and commitments.
  • From third-party service providers we use to run the Service, such as payment processors and AI providers.
  • From publicly available sources, such as ASIC and professional networks, for limited business-administration purposes.

We do not knowingly collect personal information from anyone under 18.

3. Why We Collect, Hold, Use, And Disclose Personal Information

3.1 Service Delivery

  • To create and maintain your account.
  • To generate and personalise daily training, nutrition, supplement, recovery, sleep, and schedule plans.
  • To integrate with connected wearables and your calendar.
  • To surface nearby food and gym options when you have enabled location features.
  • To remember preferences and learn from behaviour over time so the Service gets more useful.

3.2 Safety And Quality

  • To run safety checks before recommending physical activity, dietary changes, supplements, or recovery protocols.
  • To detect and respond to indicators of potential harm, such as restrictive eating patterns or signs of overtraining.
  • To audit, review, and improve the safety of AI outputs.

3.3 Communication And Support

  • To respond to questions, support requests, and feedback.
  • To send essential service messages, such as security alerts, plan changes, or trial updates.
  • To send product updates where you have not opted out.

3.4 Research, Improvement, And Analytics

  • To analyse how the Service is used, using server-side logs rather than third-party tracking, so we can improve it.
  • To diagnose bugs and prevent fraud or abuse.
  • To carry out quality-assurance reviews of AI outputs.
  • To create de-identified, aggregated insights about training, nutrition, and recovery patterns.

3.5 Legal And Compliance

  • To comply with obligations under Australian and other applicable law.
  • To respond to lawful requests from courts, regulators, and law-enforcement agencies.
  • To maintain required business records.
  • To protect our legal rights and the rights and safety of others.

3.6 Employment Purposes

To assess employment applications, evaluate candidate qualifications, manage professional certifications, and maintain employment records, where you are an applicant or worker.

We will not use your personal information for a purpose materially different from the purposes set out in this policy without your consent, except where permitted by law.

4. AI Technologies

4.1 Overview

We use AI systems, including third-party large-language-model providers, to generate personalised plans, recommendations, projections, and coaching content. Our use of AI is fundamental to how the Service works.

4.2 How We Use AI

  • Generate personalised training, nutrition, supplement, recovery, sleep, and scheduling plans.
  • Track calories and macronutrients and suggest meal swaps.
  • Produce digital projections of physical-change scenarios based on adherence patterns.
  • Recommend nearby food options that match remaining macros and allergen constraints.
  • Analyse data from wearables and calendar integrations.
  • Improve, optimise, and quality-assure the Service.

4.3 Foundation Models, Not Custom Training

We send your data to AI providers for inference only. We do not fine-tune AI providers' base models on your personal information, and we contractually require AI providers not to train their foundation models on your personal information. AI providers may retain prompts and outputs for short periods for safety, abuse-prevention, and operational purposes under their own privacy commitments.

4.4 Treating AI-Generated Information As Personal Information

Information generated or inferred about you by AI systems is treated as personal information under this policy, and all rights and protections in this policy apply to it.

4.5 Transparency, Oversight, And Your Control

  • We tell you when AI is used to make decisions or generate recommendations that may meaningfully affect you.
  • We maintain human review processes for AI-related issues.
  • You can withdraw consent for AI recommendations at any time in Settings -> Privacy in the App, which will result in the Service no longer generating new AI-based plans for you.
  • We continuously monitor AI outputs against safety guardrails and run regular reviews.

4.6 Limitations You Should Know About

AI outputs may not be accurate, complete, current, or appropriate for your specific circumstances. They may be similar to outputs generated for other users. You should independently verify any output and consult a qualified professional where appropriate. The Service is not medical advice. See our Terms and Conditions for the full health and medical disclaimer.

5. Our Disclosures Of Personal Information To Third Parties

5.1 Service Providers

  • Cloud database and hosting: Supabase and Vercel.
  • AI providers: Anthropic and OpenAI, used for inference and embeddings.
  • Vector storage: Pinecone, used to hold de-identified or coarsened representations of behaviour and preferences for personalisation.
  • Payments: Apple for App Store purchases and Stripe for direct purchases.
  • Email and notifications: our transactional email and push-notification providers.
  • Food and place data: Edamam, Google Places, and Google Maps, used to look up restaurants, food information, and directions when you use the relevant feature.
  • Image services: Google Places and Unsplash, used to retrieve images for food and venue tiles.
  • Professional advisers: lawyers, accountants, auditors, and insurers.
  • Other IT service providers supporting our operations.

5.2 Corporate Transactions

If we merge with or are acquired by another company, or sell business assets, your information may be disclosed to our advisers, the potential purchaser, and the purchaser's advisers, and may be included in transferred assets.

5.3 Legal And Regulatory Bodies

  • Courts and tribunals.
  • Regulatory authorities, including for required reporting obligations.
  • Law-enforcement agencies, where lawfully required.

5.4 Other Parties

  • Third parties you have authorised.
  • Emergency services, where necessary to protect your or another person's life or safety.
  • Any other parties as required or permitted by law.

We do not sell or rent personal information, and we do not share it with advertising networks.

6. Overseas Disclosure

6.1 Where Your Information Is Stored

We store personal information primarily in Australia. However, information may be accessed from or transferred to locations outside Australia:

  • When service providers, including AI, vector storage, hosting, and payments providers, operate from or store data in other jurisdictions, primarily the United States.
  • When personnel access information from outside Australia.
  • When we work with overseas business partners.

6.2 Our Approach To Overseas Disclosure

Before disclosing personal information overseas, we take reasonable steps to ensure that recipients treat it in accordance with applicable law. We do this by sending only necessary information, requiring privacy obligations under contractual arrangements or relying on comparable safeguards, and monitoring how recipients handle information.

6.3 Your Consent To Overseas Disclosure

By using the Service after consenting to overseas AI processing in onboarding or settings, you consent to disclosure of personal information, including sensitive information you have separately consented to, to overseas recipients described in this policy for the purposes set out here. You can withdraw this consent in Settings -> Privacy, in which case AI-based features will be disabled for your account.

7. Your Privacy Rights And Choices

7.1 Providing Information

You can choose whether to provide personal information to us. If you do not provide certain information, we may not be able to provide all features of the Service. We will tell you when information is required to use a feature.

7.2 Access To Your Information

You can request access to the personal information we hold about you. You can also obtain a copy of much of your data directly from inside the App via Settings -> Privacy -> Export my data, which provides a structured JSON export covering profile, plans, decisions, consents, and recent activity. For any data not covered by self-service export, contact our Privacy Officer.

We will respond to access requests within a reasonable time. We may charge a reasonable administrative fee for providing access in unusual cases. If we cannot provide access, we will explain why and explore alternatives.

7.3 Correction Rights

You can ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading. Many fields can be edited directly in Settings. For fields you cannot edit yourself, contact our Privacy Officer. We will take reasonable steps to correct your information promptly, or explain why we cannot and discuss alternatives. You can ask us to add a statement noting your requested correction.

7.4 Deletion Rights

You can delete your account at any time via Settings -> Account -> Delete account. This will trigger removal of personal information from our systems in line with Australian Privacy Principle 11, subject to legal retention obligations. Deletion covers profile data, logs, plans, and decision records, and queues your vectors in Pinecone for removal. Where we are required to retain certain information by law, we will keep only what is necessary and continue to protect it under this policy.

7.5 Withdrawing Consent

You can withdraw consent for optional categories of processing, including location, mood and emotional data, DNA, adaptive learning, and overseas AI processing, at any time in Settings -> Privacy. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

7.6 Marketing Communications

You can opt out of marketing communications at any time. Every marketing communication includes an unsubscribe option. Essential service messages, including security alerts, billing notifications, and material policy changes, will continue regardless of marketing preferences.

8. How To Contact Us About Your Rights Or To Make A Complaint

Step 1: Contact Our Privacy Officer

Email: privacy@flexforcex.fitness
Phone: contact the privacy inbox to arrange a call.
Post: Level 29, 66 Goulburn Street, Sydney NSW 2000

Include your full name, contact details, a clear description of your request or complaint, and any relevant dates or reference numbers.

Step 2: Our Response

We will:

  • Verify your identity before processing your request.
  • Investigate complaints thoroughly or process rights requests.
  • Respond to you in writing within reasonable timeframes and as required by law.
  • Explain what actions we will take and keep you updated on progress.
  • Not charge you for making a request, except reasonable access fees in unusual cases.
  • Help you understand and exercise your rights.

Step 3: If You Are Not Satisfied

If you are not satisfied with our response to a complaint, you can:

  • Ask for a review by our senior management; or
  • Contact the Office of the Australian Information Commissioner on 1300 363 992 or at www.oaic.gov.au.

The same process applies whether you want to access your information, make a correction, change marketing preferences, or make a privacy complaint.

9. Protecting Your Information

9.1 Technical Safeguards

  • Encryption of data in transit and at rest.
  • Row-level security in our database so that each authenticated user can only read or modify their own data.
  • Authentication tokens stored in iOS-platform-protected storage, the Keychain, on iOS devices.
  • Coarsening of GPS coordinates before long-term storage so exact positions are not retained.
  • Strict separation of personal data from internal logs and analytics.
  • Continuous monitoring and automated detection of unusual access patterns.

9.2 Operational Security

  • Staff training on privacy, security, and safe handling of health data.
  • Strict access controls based on the principle of least privilege.
  • Regular review and testing of incident-response procedures.
  • Audit logs of administrative access to user data.

9.3 Physical Security

  • Secure premises with controlled access.
  • Secure disposal of physical documents.
  • Equipment security and device-management protocols.

9.4 Public Information

Any information you choose to share publicly, for example in support communities or public-facing reviews, can be accessed and used by others. We cannot control or protect information that you make publicly available.

9.5 Notifiable Data Breaches

We comply with the Australian Notifiable Data Breaches scheme. If a data breach is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner as required by law.

10. How Long We Keep Your Information

We keep personal information only as long as we need it for the purposes for which we collected it, or as required by law. In practice:

  • Active account data is retained while your account is active and for a reasonable period afterwards.
  • AI usage and decision logs are retained on a rolling basis, typically up to 90 days for operational logs.
  • Audit records are retained for longer periods to meet compliance and safety obligations.
  • Aggregated, de-identified data may be retained indefinitely, as it no longer identifies you.
  • Information legally required to be kept, such as financial records, is retained for required periods.

When we no longer need personal information, we securely destroy or de-identify it.

11. Cookies, Tracking, And Similar Technologies

Our use of cookies and similar technologies on the website, and our use of on-device storage in the iOS App, is described in our Cookie and Tracking Notice.

In summary, we use strictly necessary cookies for authentication and security on the website, on-device storage in the iOS App for offline use and session continuity, and Vercel Web Analytics on the public website for aggregate traffic and page-view reporting. We do not use advertising, retargeting, session replay, or cross-site tracking technologies in v1 of the Service.

12. Use Of Location Services Data

We collect approximate location from your mobile device or wearable to provide meal, restaurant, and gym recommendations near you.

We only collect this information when you have enabled location consent in the App and granted the corresponding iOS permission. Location coordinates are coarsened before long-term storage so exact positions are not retained.

If you do not want us to use your location, you can turn off location consent in Settings -> Privacy or disable location services for the App in iOS settings. Doing so may affect features that rely on location, such as nearby food suggestions.

13. Children's Privacy

The Service is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information, contact our Privacy Officer and we will take reasonable steps to delete it.

14. Visitors From Outside Australia

The Service is operated from Australia. If you access the Service from outside Australia, you acknowledge that your personal information will be transferred to and processed in Australia, the United States, and other jurisdictions in accordance with this policy. We apply the Australian Privacy Principles to all personal information we handle, regardless of where you are located.

Where applicable, we also recognise rights you may have under the European Union General Data Protection Regulation, the United Kingdom Data Protection Act 2018, and the California Consumer Privacy Act as supplemented by the California Privacy Rights Act. To exercise any such rights, contact our Privacy Officer.

15. Amendments

We may update this policy from time to time by posting the revised version on our website and updating the Last updated date at the top. Where changes are material, we will give advance notice, for example via in-app notification or email, and ask you to re-confirm consent where required.

We recommend reviewing this policy from time to time to stay current with any changes.

16. Contact Us

Privacy Officer - Flex Force X Operations Pty Ltd (ACN 692 102 971; ABN 70 692 102 971)
Email: privacy@flexforcex.fitness
Data Protection Officer: dpo@flexforcex.fitness
Support: support@flexforcex.fitness
Phone: contact the privacy inbox to arrange a call.
Post: Level 29, 66 Goulburn Street, Sydney NSW 2000

By providing your personal information to us, or by using the Service, you acknowledge that we will collect, hold, use, and disclose your personal information in accordance with this policy.