Privacy Policy

Peptide Companion ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.

1. Information We Collect

Information You Provide Directly

• Account information: Email address and password when you create an account
• Profile information: Name, age, biological sex, height, starting weight, goal weight
• Health and protocol data: Medication type, dose amount, injection dates, dose escalation history
• Daily check-in data: Energy levels, nausea scores, sleep quality, food noise levels, fatigue, appetite
• Weight and nutrition data: Weight logs, protein intake, caloric intake, nutrition tracking entries
• Community content: Posts, comments, and interactions in the community feed
• Support communications: Messages you send to our support team

Information Collected Automatically

• Usage data: Features used, screens viewed, session duration, interaction patterns
• Device information: Device type, operating system version, unique device identifiers, app version
• Analytics data: Crash reports, performance data, feature engagement metrics

Health Data

Peptide Companion collects health-related information including medication protocols, weight, nutrition, and subjective wellness indicators. This data is considered sensitive personal information and is treated with the highest level of protection. We do not sell, rent, or share your health data with third parties for advertising or marketing purposes.

2. How We Use Your Information

• Provide, operate, and maintain the Service
• Generate personalized AI-powered insights and observations about your protocol response
• Process your subscription payments and manage your account
• Send you notifications about your protocol (if enabled)
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues and security vulnerabilities
• Comply with legal obligations
• Generate anonymized, aggregate community benchmarks (minimum 10 users, never individually identifiable)

3. Third-Party Services and Data Processors

Supabase (Database and Authentication)

We use Supabase to store your account data, health tracking data, and community content. SOC 2 Type 2 compliant. Data stored in the United States. Privacy: supabase.com/privacy

Anthropic (AI Processing)

We use Anthropic's Claude AI to generate personalized protocol observations. Your health data is sent to Anthropic's API. Anthropic does not use API data to train its models. Privacy: anthropic.com/privacy

RevenueCat (Subscription Management)

We use RevenueCat to manage in-app subscriptions. Payment information is processed by Apple App Store or Google Play — never seen or stored by us. Privacy: revenuecat.com/privacy

PostHog (Analytics)

We use PostHog to analyze app usage and improve the Service. Configured to minimize personal data collection. Privacy: posthog.com/privacy

Apple and Google

If you download our app from the Apple App Store or Google Play Store, those platforms may collect information per their own privacy policies.

4. Data Retention

• Account data: Retained until you delete your account
• Health tracking data: Retained until you delete your account or request deletion
• Community content: Retained until you delete the content or your account
• Analytics data: Retained in anonymized form for up to 24 months
• Support communications: Retained for up to 3 years

When you delete your account, we will delete or anonymize your personal data within 30 days.

5. Data Security

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest
• Row-level security policies ensuring users can only access their own data
• Rate limiting on all API endpoints to prevent abuse
• Regular security reviews and updates
• API keys stored securely server-side and never exposed to the client

6. Your Privacy Rights

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data and account
• Data portability: Request your data in a machine-readable format
• Opt-out of notifications: Disable push notifications at any time in device settings

California Residents (CCPA/CPRA)

We do not sell your personal information. You have the right to know what personal information is collected, request deletion, and non-discrimination for exercising your rights. Contact: privacy@getpeptidecompanion.com

European and UK Residents (GDPR/UK GDPR)

You have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing your health data is your explicit consent. You may withdraw consent at any time by deleting your account. Contact: privacy@getpeptidecompanion.com

7. Children's Privacy

Peptide Companion is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we may have such information, contact us at privacy@getpeptidecompanion.com.

8. How to Delete Your Account and Data

• Go to Profile → Settings → Delete Account within the app
• Email privacy@getpeptidecompanion.com with subject "Account Deletion Request"

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date and, where appropriate, providing in-app notification.