Privacy Policy
Last updated: April 24, 2026
PeptideTrack ("we", "us", "our") operates the PeptideTrack iOS app and the website at peptidetrackapp.com. This Privacy Policy explains what data we collect, why, where it lives, and what control you have over it.
If you have questions, email support@peptidetrackapp.com.
Summary
PeptideTrack is a personal tracking journal. Most data you enter stays on your device. When you post in the Community or upload an image, that content is stored on our backend (Supabase) and visible to other PeptideTrack users. We do not sell your personal data. We do not track you across other apps or websites. We do not run advertising SDKs.
What we collect
On your device only
The following data is stored locally on your iPhone (via Apple's Preferences API) and never leaves the device unless you explicitly share, export, or back it up:
- Dose logs (peptide, amount, route, time, site, completion status, notes)
- Inventory (vials, batch numbers, vendors, BAC water, doses remaining)
- Biomarker values from bloodwork you upload or enter manually
- Body metrics (weight, body fat, waist, etc.)
- Progress photos (unless you choose to attach them to a Community post)
- Daily check-ins (mood, sleep, energy, cravings, stress, libido, and other meters you enable)
- Side effect entries
- Injection site rotation history
- Apple Health data you authorize us to read
- Notification preferences, accent color, dark-mode preference, large text preference, time-format preference
- Saved calculator regimens and custom presets
- Onboarding answers (goals, experience level, baseline weight/height/age/sex)
- Profile information (name, age, sex, height, weight, blood type, conditions, allergies, medications, doctor)
On our backend (Supabase) — only when you interact with the Community feature
When you sign in with Apple to participate in the Community, we store the following on our managed Supabase Postgres database:
- A user ID (UUID assigned by Supabase Auth)
- An optional display name and cached initials derived from your onboarding name
- Posts, comments, votes, and bookmarks you create
- Reports you file against other users' content
- Block relationships you create
- Peer reviews you write on peptide library entries
- Images you upload to posts (stored in Supabase Storage with a public read URL so the feed can render them)
Subscription billing (Apple + RevenueCat)
When you start a free trial or pay for a subscription, your Apple ID is used by Apple to process the transaction. We use RevenueCat to verify your subscription entitlement (active / not active) so we know whether to unlock Pro features. We receive a device identifier and entitlement status from RevenueCat. We do not receive your Apple ID email, payment method, or billing address.
How we use it
- Locally stored data powers the insights, charts, reminders, calendars, and reports shown in the app.
- Backend-stored data powers the Community feed, peer reviews on peptide library entries, and the moderation tools (Report, Block).
- Subscription data is used to unlock Pro features and respect your active billing status.
We do not sell personal data to any third party. We do not use analytics SDKs that fingerprint or track you across other apps or websites.
Health data sensitivity
Biomarkers, body metrics, doses, injection-site history, photo data, and reconstitution logs are treated as sensitive. They stay local on your device unless you explicitly:
- Export them via Settings → Export report
- Attach a photo or quote a value in a Community post
- Share a read-only link with a coach or physician (when this feature ships)
Apple Health data is read under the scopes you authorize during the Apple Health permission sheet. You can revoke any scope at any time in iOS Settings → Privacy & Security → Health → PeptideTrack.
Community posts and images
Posts, comments, votes, reports, blocks, and any image you upload become visible to every PeptideTrack user. Images are hosted in Supabase Storage with a public read URL so the feed can render them.
- Up to 4 images per post
- 10 MB per image
- Image file types only (no video)
If you delete a post you've created, the text rows are removed from our database and the image files are deleted from Storage as part of the same request. Deleted content may remain in our rolling 30-day backups before backups rotate out.
Moderation and reports
If another user reports your content, our team may review it. Content that violates our Community Guidelines is removed. Reports and blocks are stored so we can enforce consistently. The reporter's identity is not shown to the reported user. Severe or repeat violations result in account suspension or ban.
Data export and deletion
Export
Settings → Export report generates a PDF or CSV of everything you've logged locally (doses, biomarkers, body metrics, side effects, optional check-ins). The PDF is formatted for a clinical visit. Community posts you've created are not included in the export, since they live on our backend and are always visible to you in-app.
Delete locally stored data
Settings → Delete all data wipes every piece of locally stored data and signs you out. This action also deletes your Community posts, comments, votes, peer reviews, and uploaded images from our backend.
Delete your account
Settings → Delete account does the same as Delete all data, plus invalidates your Supabase Auth session so the account itself is gone. Deletion is irreversible.
Backend copies are purged from primary storage immediately and from rolling backups within 30 days.
You may also email support@peptidetrackapp.com to request a manual deletion. We will action it within 7 days and confirm by reply.
Children
PeptideTrack is for users 18 and over. The Community feed is age-gated on first use. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data through the app, contact us at support@peptidetrackapp.com and we will delete it.
Security
- Backend data is stored in Supabase (Postgres) with row-level security policies that restrict write access to the owning user.
- Transit between the app and our backend is encrypted over TLS.
- The Supabase anon key shipped with the app only permits row-level-policied reads and writes; it cannot bypass RLS.
- We do not log your dose values, biomarker values, or photo content on any analytics or error-reporting service.
No system is perfectly secure. If you discover a vulnerability, please email support@peptidetrackapp.com and we will respond within 7 days.
Third parties
We share data with exactly three services, each for a specific, narrow purpose:
| Service | What we share | Why |
|---|---|---|
| Apple | Apple ID (for subscription processing), HealthKit data you authorize | App Store, Apple Pay, StoreKit, HealthKit |
| RevenueCat | Anonymous device identifier, subscription entitlement status | Subscription management |
| Supabase | Community posts, comments, votes, reports, peer reviews, uploaded images | Community backend and image hosting |
We do not share with advertising networks, data brokers, or any other third party.
Your rights
Depending on where you live, you may have additional rights regarding your personal data.
EU / UK (GDPR)
You have the right to access, correct, delete, port, or restrict processing of your personal data, and the right to object to processing or withdraw consent. To exercise any of these rights, email support@peptidetrackapp.com. We will respond within 30 days.
California (CCPA / CPRA)
You have the right to know what categories of personal information we collect, the right to delete it, the right to correct it, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined in CCPA. To make a request, email support@peptidetrackapp.com.
Other jurisdictions
Contact support@peptidetrackapp.com with any data request. We honor reasonable requests regardless of where you live.
International data transfers
Our backend infrastructure is hosted in the United States. By using PeptideTrack you consent to transfer of your data to the United States. We use Supabase, which provides standard contractual clauses for transfers from the EU/UK as required by GDPR.
Changes to this policy
We may update this Privacy Policy. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced in-app and via email if you have a Community account. Continued use of the app after changes take effect means you accept the updated policy.
Contact
For all questions, data requests, security disclosures, and legal notices: support@peptidetrackapp.com.
PeptideTrack
peptidetrackapp.com