Apollo and its developer take your privacy very seriously. Beyond the information Apple provides to developers that you can decide to provide, Apollo uses no third-party analytics frameworks. Other than collecting anonymous statistics on feature usage (in order to prioritize which features to focus on), Apollo logs no information on you and has no interest in doing such. In TestFlight beta builds (not publicly available) Apollo may log some information to your device that you can explicitly choose to share (will not leave device otherwise). Apollo does not sell or rent your data. If you want a privacy-first Reddit client, Apollo is a very safe bet.
When signing into Apollo, it requests specific permissions from your Reddit account, such as the ability to upvote. This is very simply because in order for Apollo to do anything — something as simple as upvoting a link when you tap the upvote button — Reddit (rightly) requests that you give the client the ability to do these things. Apollo never performs any actions without you clearly requesting it to (such as by tapping a button). This is very simply required in order for the app to function whatsoever.
For notifications, your OAuth token is synced between Apollo (the app) as well as the server in order to function. The server stores the token, the date (only) of the most recent item (so it knows not to send anything from that point or earlier), as well as the details Apple provides for the subscription. Nothing creepy; nothing stored more than absolutely needed. Removing is simple, if you remove your account from the app it will be erased from the server or if you delete the app it will remove your information upon the next time it tries to send a notification (the earliest it will know you deleted it).