Coming soon
Back to home
Legal

Privacy Policy

Last updated: June 20, 2026

1. Who we are

PeptideLab is a mobile app for tracking peptides, hormones, and supplements. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It covers both the PeptideLab app (the “App”) and our website at peptidelabapp.com(the “Site,” together the “Service”).

The Service is operated by PeptideLab (“PeptideLab,” “we,” “us”). PeptideLab is a personal tracking tool, not a medical device or an electronic health record, and it does not provide medical advice. You decide what to record and what to do with it.

We’ve written this in plain English on purpose. This is the binding document — more detailed than the privacy summary you see inside the app. Specifics may change as the app evolves; when they do, we update the “Last updated” date at the top of this page. If you prefer the architecture explained without legal scaffolding, see How your data works.

2. Information we collect

Information you provide

  • On the Site: when you join the launch waitlist or otherwise submit your email address, we collect that email address and the timestamp of your submission, and use it to send you the updates you asked for.
  • Account: to create an account in the App you provide an email address, which we use to sign you in.
  • Optional profile:you may choose to add a display name, username, avatar, hormone-therapy status, height, focus areas, experience level, and a free-text “medications” field. All of this is optional and you control it.
  • Biological sex and age:you may provide your biological sex and date of birth during setup — including before you create an account. We use them to personalize the App and, for product analytics, to understand who finds PeptideLab useful and where people stop during setup. Your date of birth is stored to year precision; for analytics we send your age as an exact age in years, not an age range. If analytics is on, these details are attached to your usage events as described below, and if you create an account they are saved to your profile. Analytics is consent-gated and you can turn it off at any time in Settings → Privacy & Data.
  • What you log (health data): the compounds, doses, injection or application sites, side effects, outcomes, body measurements, and notes you record. This is stored on your device first (see How your data works for the local-first model). If you have an account and leave cloud backup on — which is the default — this data is also backed up to our cloud so you can restore it on a new device. You can turn cloud backup off at any time in Settings.

Information we collect automatically (usage analytics)

We collect product analytics only after you accept the first-launch consent screen. Nothing is collected for analytics before you consent, and you can opt out at any time in Settings → Privacy & Data. When analytics is on, we collect:

  • Product events:feature usage, app open and close, subscription-flow events, and events such as “dose logged” or “outcome logged.” These are recorded as non-identifying categories — for example a compound class or route of administration, never the specific compound name, the dose value, or any free-text you typed.
  • Profile attributes: if you have provided them, your biological sex and age (an exact age in years, not an age range) are attached to your analytics profile as person-properties — including before you create an account — so we can understand who finds PeptideLab useful and where people stop during setup. These attributes sit on your analytics profile, separate from the event contents above, which stay category-level. If you later create an account, your pre-account analytics activity merges into it.
  • Device and app context: device model, operating system version, app version, language, and an approximate location (a coarse region derived from your IP address — not precise GPS location), used for security, abuse prevention, and product analytics such as understanding usage by region.

The Site uses only essential cookies and local storage needed for things like your theme preference and basic security. We do not use third-party advertising cookies and we do not track you across other sites.

Information from Apple Health

If — and only if — you connect Apple Health and grant permission, the App reads (read-only) a limited set of metrics: sleep, heart-rate variability, weight, and resting heart rate. We store these as snapshots next to your dose logs so you can see them in context. We never write to Apple Health, and you can revoke this access at any time in the iOS Health app or in Settings. See Section 6 for the specific commitments that apply to this data.

Information from purchases

Subscriptions are handled by Apple’s App Store and by RevenueCat, our subscription-management provider. We receive your transaction and subscription status (for example, whether a subscription is active). We do not receive your payment card details.

Lab Assistant AI (optional)

The App includes an optional AI feature, Lab Assistant. It is off until you choose to use it, and the rest of the App works without it. When you send a message to Lab Assistant, PeptideLab sends the context relevant to your request to our AI provider, Anthropic, so it can generate the response you asked for. Depending on what you ask, that context may include relevant protocol details, doses, side effects you have logged, and your biological sex and age. We send only what is relevant to the request you make. If you never use Lab Assistant, none of this information is sent to Anthropic.

Anthropic processes API data according to its applicable commercial / API terms and data-retention settings. We do notuse your tracking data or your Lab Assistant conversations to train PeptideLab’s own machine-learning models.

3. How we use information

We use the information above to operate, maintain, secure, improve, and develop new features for the Service. In practice that includes:

  • Providing the App’s features and saving the data you log.
  • Backing up and restoring your data when you have cloud backup enabled.
  • Personalizing the App, and understanding how features are used — and who finds PeptideLab useful — so we can fix problems and build new ones (using the consent-gated analytics described above).
  • Managing your subscription and account, and responding to your support requests.
  • Keeping the Service secure, preventing abuse, and meeting our legal obligations.
  • Producing de-identified, aggregate statistics. Where we ever surface community or aggregate insights, that data is de-identified.

We do not sell your personal data.We do not track you across other companies’ apps or websites for advertising, we do not use an advertising identifier (IDFA), and we do not use third-party advertising SDKs.

4. Legal bases (EU / UK / Switzerland)

If you are in the EEA, the UK, or Switzerland, we process your personal data under the following legal bases:

  • Contract: to provide the account, backup, and subscription features you ask for.
  • Consent: for analytics (which you turn on at the first-launch consent screen), for Apple Health access, and when you choose to use the optional Lab Assistant AI feature. Health data is a special category of data, and we process it only with your explicit consent. You can withdraw consent at any time.
  • Legitimate interests: to secure the Service, prevent abuse, and improve and develop the product — balanced against your rights.
  • Legal obligation: to comply with applicable law.

5. How we share information

We share information only in the limited circumstances below.

  • Service providers (processors) who run the Service on our behalf, under agreements that limit them to that purpose:
    • Supabase — database, authentication, and cloud storage hosting (your account and, if enabled, your backed-up data).
    • PostHog — product analytics (the consent-gated events and profile attributes described above).
    • RevenueCat — subscription management.
    • Anthropic— AI processing for the optional Lab Assistant feature, and only when you use it (see “Lab Assistant AI” in Section 2).
    • Apple — App Store payments and HealthKit.
  • Legal requirements: when we believe in good faith that disclosure is required by law, legal process, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, in which case any successor remains bound by this Policy.
  • With your direction: for anything else you ask us to do.

We do not sell your personal data, and we do not share it for cross-app or cross-site advertising.

6. Apple Health

Apple Health data gets specific, stronger commitments:

  • Access is read-only — we never write to Apple Health.
  • We read only what you grant: sleep, heart-rate variability, weight, and resting heart rate.
  • We use it only to show it alongside your own logs. We never use it for advertising or marketing.
  • We never sell it and never share it with third parties, except the service providers above that we use to run the Service.
  • You can revoke access at any time in the iOS Health app or in the App’s Settings.

7. Data retention

We keep your account and backed-up data for as long as your account is active and cloud backup is on. If you turn cloud backup off, we remove the cloud copy of your logged data while your account stays active; if you delete your account, we delete your associated data. Deletions are processed within a reasonable period, after which residual copies may persist briefly in routine operational backups. Waitlist and other contact emails are kept until you unsubscribe or they’re no longer needed. We may retain limited records longer where required for legal, tax, security, or fraud-prevention purposes.

8. Your choices and rights

You control your data in the App, under Settings → Privacy & Data, where you can:

  • Turn analytics off.
  • Disable cloud backup.
  • Export your data.
  • Delete individual protocols.
  • Delete your account and its data.

Depending on where you live, you may also have rights to access, correct, delete, port, or restrict the use of your personal data, and to object to certain processing. To exercise these rights, email us at support@peptidelabapp.com. We’ll respond within the time required by applicable law.

EEA / UK / Switzerland (GDPR): in addition to the rights above, you may withdraw consent at any time and lodge a complaint with your local data protection authority.

California (CCPA/CPRA): you may request the categories and specific pieces of personal information we have collected, request deletion or correction, and limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

9. Security

We use industry-standard safeguards, including encryption in transit (TLS) and at rest, scoped access controls, and access scoped to your account. No system is perfectly secure, so we can’t guarantee absolute security. If you think your account has been compromised, contact us at support@peptidelabapp.com.

10. Children

PeptideLab is for adults. The Service is intended for people aged 18 and over, and we do not knowingly collect personal information from anyone under that age. If we learn we have, we will delete it.

11. International transfers

We and our service providers may process your information in countries other than where you live, including the United States. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers. This Service is governed by the laws of the State of Delaware, United States.

12. Changes to this Policy

We may update this Policy as the Service evolves. When we make material changes, we’ll update the “Last updated” date above and, where appropriate, notify you in the app or by email. Please check the date at the top for the current version.

13. Contact

Questions about this Policy or your data, or to exercise your rights — email support@peptidelabapp.com.