Coming soon
Back to home
Data

How your data works

Last updated: June 20, 2026

The legal version of this is in our Privacy Policy. This page is the plain-English version — what we actually built, in language you can verify against the app itself.

The default: local-first, on your device

When you install PeptideLab, the core tracking works offline. Protocols, dose logs, side effects, biomarkers, custom compounds, measurements — all of it lives in a database on your phone first.

You can use the core app without an account, and you can track offline. A handful of optional features reach off your device — cloud backup, account and analytics, and the Lab Assistant AI — but only when you turn them on or use them. Until then, you can track for months without giving us a single piece of data.

This is the default state, not a hidden option. We chose this architecture because health data is sensitive and because we believe the burden of proof is on us to justify any moment your data leaves your phone — not the other way around.

When data does leave your device

A few things can cause your data to leave your device. Each one is optional, and each happens because of something you turn on or choose to use.

Cloud backup (optional, off by default)

If you want a backup of your data — for example, so you can restore your protocols on a new phone — you can enable cloud backup in Settings → Privacy & Data. Before this happens, you’ll see an explanation screen showing exactly what gets uploaded.

When backup is on:

  • Your tracking data is copied to encrypted storage on our servers.
  • Data is encrypted in transit and at rest.
  • It’s there for one purpose: to let you restore it on another device.
  • We do not analyze it. We do not run product reports against it. We do not use it to make decisions about features.
  • You can turn it off at any time. When you do, we delete everything from our servers within 24 hours.

If you’d prefer that we cannot read your backup at all — meaning end-to-end encryption with a key only you hold — that capability is on our roadmap. Today, our cloud backup is encrypted in storage but technically readable by our systems. We don’t read it, but we want to be honest that we technically could. When we ship key-based encryption, we’ll surface it as a clearly labeled option.

Account features (optional, off by default)

Some features of PeptideLab require an account: cloud backup, restoring data on a new device, subscriptions, and a few others. Creating an account uses your email address (via magic link) or Apple/Google sign-in. We do not store passwords.

Having an account by itself does not upload your tracking data. The account and cloud backup are separate decisions.

Lab Assistant AI (optional)

Lab Assistant is an optional AI feature, off until you choose to use it. When you ask it a question, PeptideLab sends the context relevant to your request — which can include protocol details, doses, side effects you’ve logged, and your biological sex and age — to our AI provider, Anthropic, which generates the response. We send only what’s relevant to what you asked. If you never use Lab Assistant, none of this leaves your device for AI.

Anthropic processes this API data according to its applicable commercial / API terms and data-retention settings. We don’t use your Lab Assistant conversations to train PeptideLab’s own models. We’re not going to claim Anthropic keeps nothing or stores nothing — what happens to API data on their side is governed by their terms and the retention settings in place, and we’d rather point you there than overpromise.

What we collect that isn’t your tracking data

To operate and improve the app, we collect a small amount of operational information:

  • Crash and error diagnostics so we can fix bugs.
  • Usage events— for example, “the calculator screen was opened” — so we can see what features are used and what might be broken. These events do not contain the contents of your tracking data. Logging a dose of BPC-157 at 250mcg sends us “a dose was logged,” not the compound name or amount.
  • A few profile details, attached to those events:your biological sex, your age (an exact age in years, not a range), and an approximate region derived from your IP address (not precise location). We attach these so we can understand who finds PeptideLab useful and where people drop off during setup — including before you create an account, and merged into your account if you make one. They stay separate from the contents of your tracking data above: knowing your age doesn’t tell us what you logged.
  • Device and app version information so we can debug platform-specific issues.

Analytics is consent-gated, and you can turn it off entirely — events and the profile details above — in Settings → Privacy & Data.

What we do not do

We do not:

  • Sell your data, or share it with data brokers.
  • Use your tracking data for advertising.
  • Use your tracking data or your Lab Assistant conversations to train PeptideLab’s own machine-learning models. (If we ever add a feature that learns from user data, it will require a separate opt-in with its own explanation, and we’ll explain exactly what data is involved.)
  • Run cross-app tracking pixels, advertising trackers, or anything else that would let third parties profile you based on your activity in PeptideLab.

How to get your data back

You can:

  • Export individual protocols as PDF or CSV at any time from inside the app.
  • Disable cloud backup to remove the server copy. Server-side data is deleted within 24 hours.
  • Delete your accountentirely, in-app. This removes your auth record, your profile, and all your server-side tracking data immediately. There’s no email-support detour and no waiting period.

A comprehensive “download all my data in one file” export is on our roadmap. Until then, individual exports cover most needs.

When you’re not sure

Send us a question at support@peptidelabapp.com. We answer privacy questions in plain English.