Privacy Policy

Apex Vitality Privacy Policy

Issued by: Vitalis 3.0 Pty Ltd
ABN: 36 688 866 113
Trading as: Apex Vitality
Effective date: 7 July 2026

1. Introduction

Vitalis 3.0 Pty Ltd, trading as Apex Vitality (“Apex Vitality”, “we”, “us”, or “our”), is committed to protecting your privacy and handling personal information responsibly, transparently, and in accordance with Australian law.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, including sensitive health information, in connection with our website, client portal, telehealth services, Vitalmap™, Apex Blueprint™, focused pathways, Strategy Consultation, Apex Continuity, biomarker panels, Performance Tools, digital platforms, subscriptions, eCommerce products, marketing, and related services.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where they apply.

Further information about privacy rights is available from the Office of the Australian Information Commissioner (OAIC):
https://www.oaic.gov.au/

2. Scope of this Privacy Policy

This Privacy Policy applies to personal information we collect through:

  • our Webflow website;
  • our Shopify store;
  • Apex client portals and intake systems;
  • telehealth consultations;
  • Strategy Consultations;
  • Vitalmap™;
  • Apex Blueprint™;
  • focused pathways;
  • Apex Continuity;
  • biomarker panels;
  • Performance Tools and support products;
  • email, phone, forms, messaging, or written communications;
  • analytics, advertising, and website monitoring tools;
  • practitioner partners, pathology providers, pharmacies, payment providers, and authorised service partners.

It does not replace any separate consent form, clinical disclaimer, telehealth terms, collection notice, or service-specific terms provided at the time of purchase, booking, intake, onboarding, pathology collection, or consultation.

3. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

This may include:

  • name;
  • date of birth;
  • gender;
  • contact details;
  • billing and delivery information;
  • account, membership, subscription, or portal information;
  • payment and transaction data;
  • order history;
  • appointment history;
  • communications with Apex;
  • marketing preferences;
  • technical data such as IP address, device type, browser type, location data, referral source, pages viewed, and interaction data;
  • health, medical, diagnostic, pathology, biometric, lifestyle, medication, supplement, performance, coaching, pathway, or telehealth information.

4. Sensitive information and health information

Sensitive information includes health information and medical information.

Apex Vitality may collect sensitive information such as:

  • health history;
  • symptoms;
  • medications and supplements;
  • allergies;
  • pathology results;
  • biomarker data;
  • biometric or body-composition information;
  • lifestyle information;
  • training, sleep, recovery, nutrition, sexual health, skin, hair, weight, metabolic, hormonal, gut, recovery, or performance-related information;
  • practitioner notes;
  • pathway, Vitalmap™, Blueprint™, coaching, or telehealth information.

We collect and use sensitive information only where:

  • you have consented;
  • it is reasonably necessary for our health, diagnostic, clinical, pathway, telehealth, or related services;
  • it is directly related to the primary purpose of providing services you have requested;
  • it is required or authorised by law;
  • it is necessary for safety, professional, regulatory, or clinical reasons.

Enhanced safeguards apply to health and sensitive information.

5. How we collect personal information

We may collect personal information when you:

  • visit our website or online store;
  • complete forms, questionnaires, intake documents, or onboarding;
  • create an account;
  • purchase a product or service;
  • book a Strategy Consultation or telehealth appointment;
  • participate in Vitalmap™, Blueprint™, a focused pathway, Apex Continuity, coaching, or another Apex service;
  • purchase or enquire about biomarker panels, Performance Tools, or products;
  • communicate with us by email, phone, form, messaging, or portal;
  • interact with our website, ads, emails, landing pages, or social media;
  • authorise a practitioner, pathology provider, pharmacy, or other third party to provide information to us.

We may also collect information from:

  • practitioner partners;
  • pathology laboratories;
  • pharmacies;
  • payment processors;
  • Shopify and related eCommerce systems;
  • booking and telehealth platforms;
  • analytics and advertising platforms;
  • authorised business partners;
  • referrers, with your consent or where otherwise permitted by law.

Where reasonable and practicable, we collect personal information directly from you.

6. Why we collect, use, and hold personal information

We collect, use, and hold personal information to:

  • provide Apex services;
  • deliver Vitalmap™, Blueprint™, focused pathways, Strategy Consultation, Apex Continuity, coaching, telehealth, biomarker panels, and Performance Tools;
  • coordinate pathology, diagnostic testing, prescriptions, products, or referrals where appropriate;
  • assess suitability, eligibility, risk, and clinical context;
  • support pathway activation, Calibration, Refresh, or progression decisions;
  • manage appointments, onboarding, accounts, memberships, subscriptions, purchases, and payments;
  • communicate with you about services, results, products, bookings, or support;
  • provide customer support;
  • manage refunds, credits, cancellations, and program terms;
  • comply with legal, clinical, regulatory, insurance, safety, and professional obligations;
  • maintain records;
  • improve services, systems, website performance, and client experience;
  • send marketing communications where permitted;
  • measure advertising performance and improve campaigns.

We may use de-identified or aggregated information for analytics, reporting, research, service improvement, pathway evaluation, business planning, and operational purposes.

7. Vitalmap™, pathways, Blueprint™, and Apex Continuity

Apex services are structured around assessment, suitability, clinical context, and governed progression.

Personal and health information may be collected and used to support:

  • Vitalmap™ Baseline;
  • Vitalmap™ Calibration;
  • Vitalmap™ Refresh;
  • focused pathway activation;
  • Apex Blueprint™ development;
  • Apex Continuity membership;
  • Performance Tools access;
  • coaching suitability;
  • further review, referral, or no immediate next step.

Apex Continuity may involve ongoing review rhythm, access to member benefits, member pricing, education, and maintenance of relevant health context over time.

Membership or participation in Apex services does not guarantee treatment, prescribing, advanced options, pathway activation, Performance Tools, or clinical eligibility.

8. Biomarker panels and diagnostic data products

If you purchase or complete biomarker panels, pathology tests, DEXA, CGM, or other diagnostic data products, we may collect, receive, store, review, and use relevant information to:

  • provide official laboratory results where applicable;
  • prepare a high-level Apex Biomarker Summary where included;
  • identify broad result patterns or markers of interest;
  • provide next-step considerations;
  • support future Vitalmap™, pathway, Blueprint™, or other Apex decisions where appropriate.

Standalone biomarker panels do not replace clinician-led review, medical diagnosis, treatment advice, or pathway eligibility assessment unless expressly stated.

9. Telehealth and digital communications

Apex services may be delivered by telehealth, phone, video, secure messaging, email, forms, and client portal communication.

Telehealth and digital communications may involve collection and use of:

  • health history;
  • consultation notes;
  • questionnaire responses;
  • pathology and biomarker data;
  • treatment or pathway discussions;
  • digital messages;
  • referrals or follow-up information;
  • practitioner notes.

We do not record telehealth consultations unless:

  • you are informed in advance and provide consent; or
  • recording is required or authorised by law.

You are responsible for ensuring privacy at your location during telehealth consultations.

No digital communication system is entirely risk-free, but we take reasonable steps to protect privacy and confidentiality.

10. Website analytics, cookies, tracking pixels, and advertising

We use cookies, pixels, tags, scripts, SDKs, device identifiers, and similar technologies to:

  • operate the website and store;
  • improve user experience;
  • remember preferences;
  • understand website traffic;
  • measure ad and campaign performance;
  • improve services and content;
  • support remarketing, retargeting, and advertising where permitted;
  • detect errors or technical issues;
  • understand how visitors interact with pages.

Tools we may use include:

  • Google Analytics;
  • Google Ads and conversion tracking;
  • Meta Pixel and Meta business tools;
  • Microsoft Clarity;
  • Shopify analytics;
  • email marketing and CRM tools;
  • other analytics, advertising, conversion, or performance tools.

These tools may collect information such as:

  • IP address;
  • device and browser information;
  • pages viewed;
  • links clicked;
  • session activity;
  • approximate location;
  • referral source;
  • product views;
  • cart activity;
  • checkout events;
  • conversion events;
  • cookie or device identifiers.

We use these tools to understand performance and deliver more relevant advertising. Where possible, data is aggregated, de-identified, minimised, or configured to avoid collection of sensitive information.

We do not intentionally disclose pathology results, consultation content, clinical notes, health history, individual medical information, or sensitive health information to advertising platforms.

We take reasonable steps to configure tracking tools so that sensitive information is not disclosed to third-party advertising platforms.

We do not use health information, pathology results, consultation content, or sensitive information to create advertising audiences unless you have provided express consent and the use is legally permitted.

You can manage or disable cookies using your browser settings. You may also control ad personalisation through relevant platform tools, including Google Ads Settings and privacy settings available through Meta, Google, Microsoft, Shopify, and other platforms.

If you disable cookies or tracking technologies, some website features may not work properly.

11. Marketing communications

We may send you marketing communications about Apex services, education, content, products, Performance Tools, membership, events, or updates where permitted by law.

You may opt out at any time by:

  • using the unsubscribe link in an email;
  • following instructions in an SMS;
  • changing your communication preferences where available;
  • contacting us at support@apexvitality.co.

Opting out of marketing communications does not stop us from sending administrative, transactional, clinical, safety, legal, billing, or service-related communications.

Where marketing involves sensitive information, we will only use or disclose sensitive information for direct marketing with your consent where required.

12. Advertising audiences and retargeting

We may use advertising platforms to show Apex ads to people who have visited our website, interacted with our content, or engaged with Apex online.

Where we use retargeting, remarketing, or advertising audience tools, we aim to:

  • provide transparent notice in this Privacy Policy and relevant cookie notices;
  • avoid transmitting health or sensitive information to advertising platforms;
  • avoid using sensitive health conditions to target individuals;
  • provide opt-out choices where available;
  • comply with applicable ad-platform rules and privacy obligations.

We may use website activity data to help measure campaign performance and improve advertising, but we do not intentionally use pathology results, medical history, consultation details, or clinical records for ad targeting.

Advertising platforms may process information according to their own privacy policies and terms.

13. Disclosure of personal information

We may disclose personal information to:

  • Apex clinicians, staff, contractors, and authorised team members;
  • medical practitioner partners;
  • allied health or practitioner partners;
  • pathology providers and laboratories;
  • pharmacies;
  • telehealth platforms;
  • booking platforms;
  • Shopify, payment processors, and subscription providers;
  • logistics and fulfilment providers;
  • IT, hosting, cybersecurity, email, CRM, and storage providers;
  • analytics and advertising platforms;
  • professional advisers such as lawyers, accountants, auditors, and compliance advisers;
  • insurers;
  • regulators, courts, tribunals, law enforcement, or authorities where required or authorised by law;
  • organisations, clubs, employers, or partners only where appropriate consent and boundaries apply.

We do not sell personal information.

14. Organisations, clubs, and partners

Where Apex works with employers, executive teams, clubs, partners, or organisations, individual health information, clinical recommendations, and pathway decisions remain private, consent-based, and professionally governed.

Employers, clubs, and partners do not receive individual health information, clinical recommendations, or pathway decisions unless the individual has provided appropriate consent or disclosure is required or authorised by law.

Where organisational insights are provided, they are limited, de-identified, aggregated, and agreed in advance where applicable.

15. Overseas disclosure

Some third-party providers may store, process, or access personal information outside Australia, including providers of:

  • cloud hosting;
  • payment processing;
  • Shopify and eCommerce services;
  • analytics;
  • advertising and conversion tools;
  • email and CRM systems;
  • telehealth or communication platforms;
  • cybersecurity or support systems.

Where personal information is disclosed overseas, we take reasonable steps to ensure appropriate privacy safeguards apply, unless an exception under the Privacy Act applies.

Countries may include the United States, Canada, the United Kingdom, countries in the European Economic Area, Singapore, New Zealand, or other locations where our service providers operate.

16. Security of personal information

We take reasonable and appropriate steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Safeguards may include:

  • secure systems and encrypted connections;
  • access controls;
  • password protections;
  • role-based access;
  • confidentiality obligations;
  • cybersecurity monitoring;
  • secure storage;
  • staff and contractor training;
  • review of privacy and security practices;
  • vendor due diligence.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

17. Data retention

We retain personal information for as long as reasonably necessary for the purposes for which it was collected, including clinical, legal, regulatory, insurance, operational, financial, and record-keeping purposes.

Health records are generally retained for at least 7 years from the last interaction, and longer where required by law, professional standards, clinical context, or where the individual was a child at the time of service.

When personal information is no longer required, we take reasonable steps to destroy it or permanently de-identify it, unless we are required or permitted to retain it.

18. Data breaches

If we become aware of a data breach involving personal information, we will assess the incident and take steps to contain, investigate, and remediate the breach.

Where required under the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC. OAIC guidance states that organisations covered by the Privacy Act must notify affected individuals and the OAIC when a data breach involving personal information is likely to result in serious harm.

19. Access and correction

You may request access to personal information we hold about you.

You may also request correction of personal information if you believe it is inaccurate, incomplete, out of date, irrelevant, or misleading.

We may ask you to verify your identity before responding.

We may refuse access or correction in limited circumstances permitted by law. If we refuse a request, we will explain why where appropriate.

There is no charge for making an access or correction request, but a reasonable administrative fee may apply for providing copies or access where permitted by law.

20. Anonymity and pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym.

However, many Apex services require accurate identification, health information, contact details, payment information, and clinical context. We may be unable to provide services if we cannot identify you or verify relevant information.

21. Children and minors

Apex Vitality services are intended for adults aged 18 years and over.

We do not knowingly provide services to children or minors through our direct-to-consumer pathways.

If we become aware that we have collected information from a minor without appropriate authority, we will take reasonable steps to address the issue.

22. Accuracy of information

We take reasonable steps to ensure personal information is accurate, complete, and up to date.

You are responsible for providing accurate information and telling us if your details, health status, medications, symptoms, or circumstances change.

Inaccurate, incomplete, or outdated information may affect the safety, suitability, or quality of services.

23. Automated decision-making and profiling

We may use digital tools, analytics, templates, and systems to support administration, triage, communications, analytics, and service improvement.

We do not make clinical decisions solely by automated processing.

Clinical or pathway decisions are made or reviewed within the appropriate professional, operational, and clinical framework.

24. Third-party websites and platforms

Our website may link to third-party websites, booking systems, payment gateways, Shopify, telehealth systems, pathology providers, pharmacies, social media platforms, or other digital services.

We are not responsible for the privacy practices, security, content, or terms of third-party services.

You should review the privacy policies of any third-party service you use.

25. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The current version will be published on our website.

If we make material changes, we may take reasonable steps to notify affected users where appropriate.

Your continued use of Apex services after the updated Privacy Policy takes effect indicates acceptance of the updated policy.

26. Privacy enquiries and complaints

If you have questions, concerns, or complaints about privacy, contact:

Vitalis 3.0 Pty Ltd
Trading as Apex Vitality
Level 35, 477 Collins Street
Melbourne VIC 3000
Australia

Email: support@apexvitality.co

Please include:

  • your full name;
  • contact details;
  • details of your privacy concern;
  • any relevant dates, communications, or supporting information.

We will review and respond within a reasonable timeframe.

If you are dissatisfied with our response, you may contact the OAIC:
https://www.oaic.gov.au/


Telehealth Privacy Addendum

This addendum applies to all telehealth services delivered by or through Apex Vitality.

A. Scope

This addendum applies to telehealth services including:

  • Strategy Consultation;
  • Vitalmap™ communications;
  • Apex Blueprint™ consultations;
  • focused pathway support;
  • Apex Continuity;
  • coaching where applicable;
  • biomarker panel follow-up where applicable;
  • secure messaging;
  • video or phone consultations;
  • digital clinical communications.

B. Information collected during telehealth

Telehealth services may involve collection of:

  • health history;
  • symptoms;
  • medications and supplements;
  • consultation notes;
  • practitioner notes;
  • diagnostic data;
  • biomarker results;
  • pathway information;
  • treatment or next-step discussions;
  • communications exchanged through telehealth platforms or client portals.

C. Telehealth platforms and security

We use secure digital platforms to deliver telehealth and related digital services.

Reasonable steps are taken to:

  • protect confidentiality;
  • secure transmissions;
  • limit access to authorised clinicians, practitioners, staff, or service providers;
  • maintain appropriate records.

No digital system is entirely risk-free. Telehealth involves inherent technical and privacy risks.

D. Practitioner partners

Where telehealth services are provided by practitioner partners:

  • information is shared only as reasonably necessary to support care, service delivery, or clinical coordination;
  • practitioners are subject to their own professional, ethical, clinical, and privacy obligations;
  • clinical responsibility rests with the treating practitioner for the care they provide;
  • Apex may act as a facilitator, coordinator, platform provider, or support provider where applicable.

E. Your responsibilities

You are responsible for:

  • ensuring privacy at your location during telehealth consultations;
  • using secure internet connections where possible;
  • not recording consultations without consent;
  • providing accurate and complete information;
  • notifying us of changes to your health, medications, symptoms, or circumstances;
  • seeking urgent or emergency care where required.