# PepBud — Privacy Policy
**Last updated:** May 18, 2026
**Effective date:** May 18, 2026
This Privacy Policy describes how **Llama Studios** ("**Llama Studios**", "**we**", "**us**", "**our**") handles information in connection with the **PepBud** mobile and desktop applications and any related services (collectively, the "**Service**").
PepBud is built around a simple promise: **your peptide log is yours, it lives on your devices, and we don't operate servers that hold it.** This policy explains that promise in detail, identifies the limited exceptions, and tells you how to exercise your rights.
By using PepBud you agree to the practices described here and to our [Terms of Service](https://sites.google.com/view/pepbud-terms-and-service/home).
> **In one paragraph.** PepBud stores your data on your device. If you turn on iCloud sync, your data is replicated through *your* private iCloud / CloudKit container under your Apple ID — we have no access to it. We don't use third‑party analytics SDKs, we don't sell or share your personal data for advertising, and we don't use any of your data to train machine‑learning models. The only third party that touches anything tied to you is **RevenueCat**, which processes your App Store subscription receipt so we can tell whether your Premium subscription is active. Apple processes the purchase itself.
---
## 1. Who we are
The "data controller" of any personal information described in this policy is:
**Llama Studios**
Email: `llamaappstudios@gmail.com`
Privacy Policy: `https://sites.google.com/view/pepbud-privacy-policy/home`
If you have any privacy question or want to exercise a right described in this policy, email `llamaappstudios@gmail.com`.
---
## 2. Scope
This policy covers the PepBud apps for iOS, iPadOS, macOS, and watchOS, our marketing pages, and any other PepBud‑branded service we operate.
It does **not** cover:
- **Apple's processing** of your data when you use iCloud, the App Store, HealthKit, push notifications, or any other Apple service. Apple acts as an independent controller. See Apple's [Privacy Policy](https://www.apple.com/legal/privacy/).
- **Your own devices and accounts**, including any backups (e.g., iCloud Backup, encrypted local backups) you choose to make.
- **Any third‑party app, website, or service** you choose to link to or export to from PepBud.
---
## 3. The data you put into PepBud (and where it lives)
When you use PepBud, you may enter or generate data such as:
- **Profile**: display name, biological sex, date of birth, height, body‑measurement units.
- **Compound library**: peptides you track, dosage units, schedules, reconstitution settings.
- **Dose log**: dose amounts, timestamps, injection sites, vial linkage, notes.
- **Vial inventory**: vial concentrations, BAC water volume, opened/expiry dates, status.
- **Health journal**: weight entries, side‑effect entries, symptom severities, nutrition entries.
- **Reminders**: notification times and preferences.
- **Onboarding choices**: goals, target metrics, trial state.
**Where this data is stored:**
1. **On your device.** Every record above is written to PepBud's local database (Apple Core Data) inside the app's sandbox on the device that generated it.
2. **In your private iCloud (optional).** If you enable iCloud sync, your data is replicated through the iCloud / **CloudKit** container `iCloud.com.llamastudios.PepBud` under **your Apple ID**, using Apple's `CKSyncEngine`. This container is private to you — Apple does not give Llama Studios access to it, and we cannot read records inside it. Sync stops if you sign out of iCloud or disable iCloud Drive.
3. **Nowhere else.** Llama Studios does **not** operate servers that hold your dose, vial, weight, nutrition, side‑effect, profile, or schedule data. There is no PepBud account. There is no PepBud‑hosted backup.
If you delete the app, your on‑device data is removed. iCloud‑synced copies are managed by you through Apple's iCloud controls (Settings → [your name] → iCloud → Manage Account Storage → PepBud).
---
## 4. Apple HealthKit
If you grant PepBud permission to access **Apple HealthKit**, we may read and (in a future release) write the following data types on your device:
| Direction | Data types | Used for |
|---|---|---|
| **Read** | Body mass (weight) | Charting weight trends alongside your dose log |
| **Read** | Dietary protein, dietary fiber, dietary water | Powering the nutrition card on the home and trends screens, and adherence nudges |
| **Write** *(declared; rolling out)* | Medication entries | Reflecting peptide doses you log in PepBud back into Apple Health so other Health‑aware apps and any clinician you share with can see them |
We commit to the following with respect to HealthKit data, in line with Apple's HealthKit policies:
- We will **not** use HealthKit data for advertising or any use‑based data mining beyond improving the user experience of the Service for you.
- We will **not** disclose HealthKit data to any third party for advertising or marketing.
- We will **not** sell HealthKit data to any third party.
- HealthKit data is processed on your device and (if you enable sync) inside your own Apple Health / iCloud surfaces. We do not transmit it to Llama Studios.
You can revoke HealthKit access at any time via **iOS Settings → Privacy & Security → Health → PepBud**, or on watchOS via the Apple Watch app. Revoking does not delete data you've already logged in PepBud; it only stops further reads/writes against the Apple Health store.
---
## 5. Notifications
PepBud uses **local notifications** scheduled by your device (`UNUserNotificationCenter`) for dose reminders, vial expiry alerts, hydration / nutrition nudges, and similar prompts. Local notifications are scheduled and delivered entirely on your device and do not transit Llama Studios's systems.
The app also declares the **remote notifications** entitlement so we can deliver push messages in a future release (e.g., subscription lifecycle events). We are not actively sending push notifications today. When we begin, we will update this policy first.
You can change or revoke notification permission at any time via **iOS Settings → Notifications → PepBud**.
---
## 6. Subscriptions and payments
PepBud Premium is sold through Apple's **App Store**. When you purchase, restore, or manage a subscription:
- **Apple** processes the transaction. Llama Studios never sees your payment instrument, full Apple ID, or billing address. Apple's [Privacy Policy](https://www.apple.com/legal/privacy/) governs Apple's processing.
- **RevenueCat, Inc.** validates your App Store receipt and exposes a single boolean ("is Premium active?") to the app. To do this, the RevenueCat SDK generates an **anonymous app user ID** (a random identifier; not your Apple ID, email, or name) and may collect technical metadata such as country, device model, OS version, app version, the App Store product identifiers you've purchased, and timestamps of subscription events. See RevenueCat's [Privacy Policy](https://www.revenuecat.com/privacy) for full details.
- The product identifiers we use today are `com.llamastudios.pepbud.premium.monthly` and `com.llamastudios.pepbud.premium.yearly`.
RevenueCat acts as our **processor** for this limited purpose. We do not use the data RevenueCat collects for advertising and we do not combine it with your on‑device log data.
---
## 7. What we do **not** collect
To be explicit, PepBud:
- does **not** include any third‑party analytics SDK (no Google Analytics / Firebase, Mixpanel, Amplitude, PostHog, Segment, Heap, Datadog RUM, etc.);
- does **not** include any third‑party crash reporter (no Crashlytics, Sentry, Bugsnag, etc.) — crash reports are only those Apple delivers to developers via TestFlight / App Store Connect if you have opted in via iOS Settings;
- does **not** include any advertising SDK;
- does **not** use the IDFA (Advertising Identifier) and does **not** present an ATT prompt;
- does **not** read or store your contacts, location, microphone, camera roll, calendar, reminders, or motion data;
- does **not** create a "PepBud account" or require an email or phone number to use the app;
- does **not** sell, rent, or share your personal data for cross‑context behavioral advertising;
- does **not** use your data to train, fine‑tune, or evaluate any AI/ML model.
---
## 8. Diagnostic data and aggregate App Store metrics
If you've opted in to **"Share With App Developers"** in iOS Settings → Privacy & Security → Analytics & Improvements, Apple may share aggregate, anonymized usage and crash diagnostics with us through App Store Connect. We use this only to fix bugs and crashes. You can opt out at any time in the same settings menu.
Apple also provides us with **aggregate App Store metrics** (impressions, downloads, retention, subscription counts) that are not tied to any identifiable individual.
---
## 9. Children's privacy
PepBud is **not directed to children under 18**, is not intended for use by children, and we do not knowingly collect any information from anyone under 18. If you believe a child has provided information to us, please email `llamaappstudios@gmail.com` and we will take appropriate steps.
---
## 10. International users
Llama Studios is based in the **United States**. To the extent any data described in this policy is processed outside your country (for example, RevenueCat or Apple operating from US‑based infrastructure), it may be transferred internationally. Where required by law, we and our processors rely on lawful transfer mechanisms such as the EU **Standard Contractual Clauses**, the **UK International Data Transfer Addendum**, or equivalent safeguards.
---
## 11. Your privacy rights
Depending on where you live, you may have some or all of the following rights with respect to personal information about you that we control:
- **Access** — request a copy of the personal information we hold.
- **Correction / Rectification** — ask us to correct inaccurate information.
- **Deletion / Erasure** — ask us to delete personal information.
- **Restriction or Objection** — ask us to limit or stop certain processing.
- **Portability** — receive your data in a structured, machine‑readable format.
- **Withdraw consent** — where processing is based on consent (e.g., HealthKit, notifications), withdraw it at any time.
- **Non‑discrimination** — we will not penalize you for exercising any of these rights.
- **Lodge a complaint** with your supervisory authority (e.g., your national data protection authority in the EEA/UK).
Because **the vast majority of your PepBud data is held only on your device and in your iCloud**, you can exercise most of these rights directly:
- **Access / Portability:** open the in‑app data export, or copy your iCloud‑synced records using Apple's iCloud tools.
- **Correction:** edit any record in the app.
- **Deletion:** delete individual records, reset the app from Settings, delete the app, or remove the PepBud iCloud container under Settings → [your name] → iCloud → Manage Account Storage → PepBud.
- **Subscription data:** ask us in writing to delete the RevenueCat record tied to your anonymous app user ID. We will forward the request to RevenueCat.
For anything else, or to request our assistance, email `llamaappstudios@gmail.com`. We will respond within the timeframe required by applicable law (typically 30–45 days).
### California residents (CCPA / CPRA)
For purposes of the California Consumer Privacy Act, we do not "sell" or "share" personal information as those terms are defined under California law. The categories of personal information we have processed in the last 12 months are limited to **subscription identifiers and technical device/usage metadata processed by RevenueCat**, as described in Section 6. We retain that information for as long as your subscription record is needed for receipt validation and audit. You may exercise your CCPA rights by contacting `llamaappstudios@gmail.com`.
### EEA / UK residents (GDPR / UK GDPR)
The legal bases on which we rely:
- **Contract** (Art. 6(1)(b)) — processing necessary to provide the Service you've asked for, including subscription receipt validation.
- **Consent** (Art. 6(1)(a)) — for HealthKit access, notifications, and any optional features that ask for permission.
- **Legitimate interests** (Art. 6(1)(f)) — for limited service operation (e.g., debugging issues you report to us). We weigh these against your interests and rights.
- **Legal obligation** (Art. 6(1)(c)) — where we must process data to comply with a law that applies to us.
Where we process special category health data under HealthKit, processing occurs on your device under your explicit consent (Art. 9(2)(a)) and we do not receive that data.
---
## 12. Data retention
- **On‑device data** stays for as long as you keep the app installed and the records exist in your library.
- **iCloud‑synced data** stays for as long as you keep it in your iCloud container; we cannot delete it for you.
- **RevenueCat subscription records** are retained by RevenueCat for as long as your subscription is active and afterwards as needed for receipt validation and audit, per RevenueCat's retention policies.
- **Support emails** sent to `llamaappstudios@gmail.com` are retained for as long as needed to assist you and to maintain a record of the conversation for quality and dispute purposes (typically up to 24 months unless you ask us to delete sooner).
---
## 13. Security
We design PepBud so that the most sensitive information — your health log — never leaves your devices or your iCloud. As a result, the surface area we need to defend is small. We additionally:
- transmit any data we exchange with RevenueCat over **TLS**;
- never embed third‑party trackers that could exfiltrate data;
- store secrets (such as keys for our API integrations) using on‑device mechanisms or environment configuration, not in shared storage;
- keep the app code in a version‑controlled repository with access restricted to authorized personnel.
No system is perfectly secure. We cannot guarantee absolute security, but we will continue to invest in keeping the data path narrow and auditable.
---
## 14. Third parties referenced in this policy
| Third party | Role | Link |
|---|---|---|
| Apple Inc. | App Store distribution, in‑app purchases, iCloud / CloudKit, HealthKit, notifications | [Privacy Policy](https://www.apple.com/legal/privacy/) |
| RevenueCat, Inc. | Subscription receipt validation and entitlement management | [Privacy Policy](https://www.revenuecat.com/privacy) |
Your use of services provided by these third parties is governed by their own privacy and terms documents.
---
## 15. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, surface a notice in‑app or at this URL. Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy.
---
## 16. Contact
If you have any questions about this Privacy Policy or our handling of your information, please contact:
**Llama Studios**
Email: `llamaappstudios@gmail.com`
Privacy Policy: `https://sites.google.com/view/pepbud-privacy-policy/home`
Terms of Service: `https://sites.google.com/view/pepbud-terms-and-service/home`