Effective Date: April 14, 2026
Last Updated: April 14, 2026
PepTalog ("we," "us," or "our") provides a mobile application for tracking peptide protocols, dosing, reconstitution calculations, and related personal wellness data ("App"). This Privacy Policy explains what we collect, how we use it, and the choices you have.
By using the App, you agree to this Policy. If you do not agree, do not use the App.
Account data: email address, name, password (hashed), or third‑party sign‑in identifiers (e.g., Sign in with Apple).
Health & protocol data you enter: peptides, dosages, schedules, vials, reconstitution details, injection logs, notes, photos of vials/labels, body metrics, and progress photos.
Subscription data: purchase status, plan, and entitlement information returned by Apple/Google and our payments processor (RevenueCat). We do not receive or store your full payment card details.
Support communications: messages you send us.
Device & usage data: device model, OS version, app version, language, crash logs, diagnostic data, and basic usage events.
Identifiers: an anonymous installation/user ID used to sync your data and authenticate sessions.
Local storage: data cached on-device via SQLite, MMKV, and SecureStore for offline access and biometric-protected sessions.
The App may request:
Camera & Photo Library – to scan vials/labels and attach progress photos.
Notifications – for dose reminders and schedule alerts.
Biometrics (Face ID/Touch ID) – to lock the App locally; biometric data never leaves your device.
Background fetch / Tasks – to refresh schedules and reminders.
You can revoke any permission at any time in your device settings.
We use your information to:
Provide core features (logging, calculations, reminders, syncing).
Authenticate you and secure your account.
Process and validate subscriptions and entitlements.
Diagnose crashes and improve performance.
Respond to support requests.
Comply with legal obligations.
We do not sell your personal information. We do not use your health/protocol data for advertising.
We share limited data with vendors that help us run the App:
Supabase – backend hosting, authentication, and database (encrypted in transit and at rest).
PowerSync – encrypted offline data sync.
RevenueCat – subscription management and receipt validation.
Apple App Store / Google Play – payment processing and account-level subscription state.
Expo / Apple / Google – push notification delivery and crash diagnostics.
These providers are bound by contractual confidentiality and security obligations and may only process data on our behalf.
We process personal data under: (a) performance of contract (providing the App), (b) legitimate interests (security, analytics, improvement), (c) consent (optional permissions), and (d) legal obligation.
We retain your account and protocol data for as long as your account is active. You may delete your account at any time from Profile → Account → Delete Account, after which we erase your personal data within 30 days, except where retention is required by law (e.g., financial records).
We use industry-standard safeguards: TLS in transit, encryption at rest, hashed credentials, scoped access tokens, and on-device encryption of sensitive cached data via SecureStore and AES. No system is 100% secure; you are responsible for safeguarding your device and credentials.
The App is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA/CPRA), you may have the right to:
Access, correct, or delete your data
Export your data (portability)
Restrict or object to processing
Withdraw consent
Lodge a complaint with a supervisory authority
To exercise these rights, email delongamateo@gmail.com. We will respond within 30 days.
California (CCPA/CPRA): We do not sell or share personal information for cross-context behavioral advertising.
Your data may be processed in the United States or other countries where our service providers operate. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.
PepTalog is a tracking and educational tool. It does not provide medical advice, diagnosis, or treatment, and is not a substitute for consultation with a licensed healthcare professional. You are solely responsible for decisions made using the App.
Subscriptions auto-renew through the Apple App Store or Google Play unless cancelled at least 24 hours before the renewal date. Manage or cancel from your store account settings. Refunds are subject to the applicable store's policies.
We may update this Policy from time to time. Material changes will be announced in-app or via email. Continued use after the effective date constitutes acceptance.
PepTalog
Email: delongamateo@gmail.com