💊 PeptIQ Privacy Policy

Last Updated: December 10, 2025

⚠️ Important: HIPAA Compliance Status

PeptIQ is NOT a HIPAA covered entity. We are a consumer wellness tracking application, not a healthcare provider, health plan, or healthcare clearinghouse. While we implement strong security measures to protect your data, we do not operate under HIPAA regulations.

Medical Disclaimer: PeptIQ is not a medical device and does not provide medical advice, diagnosis, or treatment. All peptides are for research purposes only. Always consult a licensed healthcare provider before starting any protocol.

1. Introduction

PeptIQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard information when you use our mobile application (the "App").

What PeptIQ Is: A consumer wellness tracking tool for logging, monitoring, and optimizing peptide research protocols.

What PeptIQ Is NOT: A healthcare provider, medical device, diagnostic tool, or treatment service.

2. Information We Collect

Personal Information

Account Information: Email address, name, and password.
Health Data: Peptide dosing logs, measurements, progress photos, wellness metrics.
Protocol Data: AI-generated peptide protocols, dosing schedules, product information.
Progress Photos (Optional): Encrypted photos for tracking progress.
• No biometric identifiers are generated or stored.
• Auto-deleted after 90 days or when you delete them.
• Only you can decrypt these photos. PeptIQ never has access to the decryption key.
Device Information: Push notification tokens, device type, OS version.
AI Recommendations: Protocol generation history and optimization data.
Used only for protocol optimization, not for advertising.

Automatically Collected Information

Device type, operating system, and app version
Crash logs and performance diagnostics
Session timestamps and usage frequency
Gamification data (streaks, badges, leaderboard rankings - anonymous)
No precise geolocation data is collected.

3. How We Use Your Information

Provide and maintain the PeptIQ service
Generate AI-powered peptide protocols
Track dosing progress and adherence
Calculate and display streaks, badges, and achievements
Provide anonymous leaderboard rankings
Send reminders and notifications
Process in-app purchases and manage subscriptions
Improve app performance and user experience
Communicate with you about your account or support requests
We do not use your data for marketing or advertising.
We do not sell your personal information.

4. Data Sharing and Disclosure

We do not sell your personal information. Data is shared only with:

Service Providers:
- Supabase (database and encrypted storage) — Privacy Policy
- OpenAI/Groq (AI protocol generation) — OpenAI Privacy
- Expo (app infrastructure and notifications) — Privacy Policy
- Apple (payments and push notifications) — Privacy Policy
Legal Requirements: If necessary to comply with law or protect safety.
Anonymous Data: Aggregated, non-identifiable data for leaderboards and analytics.

5. Medical Disclaimer & Health Data

PeptIQ is NOT a medical device and does not provide medical advice.
All protocols are AI-generated suggestions for informational purposes only.
Always consult qualified healthcare professionals before starting any peptide regimen.
Health data is encrypted and protected with Row-Level Security.
You retain full ownership and control of your health data.

6. Data Security

All data transmitted via HTTPS/TLS
Progress photos encrypted using AES-256 before upload
Supabase Auth secures accounts with hashed passwords
Row-Level Security ensures users access only their own data
Encryption keys stored securely in iOS Keychain / Android Keystore
Regular security reviews and updates

7. Data Retention

Progress Photos: Stored until you delete them or for 90 days.
Dosing Logs: Stored while the account is active.
Active Accounts: Data retained during service usage.
Account Deletion: All personal data removed within 30 days.
Backups: May remain encrypted for up to 90 days.

8. Your Rights (GDPR, CCPA & Privacy Laws)

You have the following rights regarding your personal information:

Right to Access: View all personal data we store about you
Right to Rectification: Request corrections to inaccurate data
Right to Deletion ("Right to be Forgotten"): Permanently delete your account and all associated data
• You can delete your account anytime in Profile → Danger Zone → Delete My Account
• All data (protocols, logs, photos, reports) is permanently deleted
• Deletion is processed immediately and cannot be undone
Right to Data Portability: Export your data in PDF or CSV format
Right to Opt-Out: Disable notifications, marketing emails, or data sharing
Right to Object: Object to processing of your data for specific purposes
Right to Withdraw Consent: Revoke permissions (camera, notifications) at any time

To exercise your rights: Go to Profile → Help & Support or email info@peptiq.app

Data Deletion Process: When you delete your account, we permanently remove:

Account credentials (email, password)
Personal profile information (age, height, weight)
All protocols and product schedules
All dose logs and tracking history
Progress photos and body measurements
Weekly reports and AI recommendations
Badges, achievements, and statistics

Note: Anonymized usage data for analytics (e.g., "X users logged a dose today") may be retained but cannot be linked back to you.

9. Age Restriction

PeptIQ is intended for users 18 years of age or older.
We do not knowingly collect data from users under 18.
If you believe a minor has provided data, contact us immediately.

10. Third-Party Services

PeptIQ connects only with secure third-party providers:

Supabase — database, authentication, encrypted storage
Expo — app framework and push notifications
Apple — payments and notifications
OpenAI/Groq — AI protocol generation (optional)

Important: Progress photos are encrypted before upload. Supabase stores only encrypted blobs and has no ability to decrypt them.

11. App Permissions

Camera (optional):
- Used only for progress tracking
- No biometrics or facial templates created
- Encrypted on device before upload
- You control deletion
Notifications: For dose reminders and milestone celebrations.

12. International Users

PeptIQ operates in the United States. By using the App, you consent to processing in the U.S., which may differ from your local privacy laws.

GDPR Compliance (EU Users): If you're in the EU, you have additional rights including data portability and the right to be forgotten. Contact us to exercise these rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through the App or via email. Continued use of PeptIQ constitutes acceptance of the revised policy.

14. Contact Us

Questions or concerns?

Email: info@peptiq.app

You may also delete your data anytime from: Settings → Delete Account