trackpep.com

Privacy Policy

Last updated: 2026-05-31

This Privacy Policy explains how TrackPep ("TrackPep", "we", "us") collects, uses, stores, and protects your information when you use the TrackPep website and mobile app (together, the "Service"). By using the Service you agree to this Policy.

1. What TrackPep is — and is not

TrackPep is a personal record-keeping and journaling tool for people who want to keep their own log of medications, peptides, doses, injection sites, side effects, weight, hydration, and related notes, and to see their own history and simple trends.

TrackPep is not a medical service and does not provide medical, pharmaceutical, or health advice. Specifically, TrackPep:

  • does not provide medical advice, diagnosis, treatment, or clinical recommendations;
  • does not recommend, prescribe, suggest, promote, sell, or endorse any medication, peptide, supplement, dosage, or course of treatment;
  • is not a healthcare provider, pharmacy, telehealth service, or medical device, and is not a substitute for professional medical care;
  • does not verify, validate, or take responsibility for anything you choose to record. The data in your journal is information you enter for your own reference.

You are solely responsible for your own health decisions. Always consult a qualified, licensed healthcare professional before starting, stopping, or changing any medication or treatment. If you think you may have a medical emergency, contact your local emergency services immediately. See our Medical Disclaimer for more.

2. What the Service actually does

The Service simply helps you keep and view your own records. It lets you:

  • record entries you choose to add (doses, side effects, weight, hydration, inventory, notes);
  • perform arithmetic helpers, such as a reconstitution calculator, on the numbers you enter;
  • view your own history, charts, and reminders you set for yourself;
  • export or delete your data on request.

3. Data we collect

  • Account data — email address, optional display name, your authentication provider (Google or email), and your language and unit preferences.
  • Health journal data (sensitive) — anything you choose to log: compounds, doses, injection sites, side effects, weight, hydration, notes, and optional photos. We treat this as sensitive personal data. It is stored encrypted at rest and is accessible only to your account.
  • Device & technical data — operating system, app version, and language, used for diagnostics and to keep the app working.
  • Crash & product analytics — aggregate, de-identified usage analytics (PostHog) and crash reports (Sentry). We do not send your health journal data to analytics or crash tools.
  • Payment data — subscriptions are processed by the app stores (Apple/Google) or our web payment provider. We receive only your entitlement status (Free/Pro); we never receive or store your full card details.

4. How we use your data — and what we never do

We use your data only to provide the Service to you: showing your own timeline and trends, syncing your devices, sending reminders you set, and generating exports you request. We do not analyse, profile, or process your data for our own commercial purposes.

We never sell your data. We never share your health or medical data with any third party for advertising, marketing, or their own use, and we never share it with data brokers. We do not use your data to train machine-learning models. Your medical data is for you, and you alone.

5. Service providers

To run the Service we rely on a small number of infrastructure providers that store or process data strictly on our behalf and only to operate the Service — primarily our secure cloud database (Supabase). They are bound by data-protection terms and are not permitted to use your data for their own purposes. De-identified crash and usage diagnostics (Sentry, PostHog) never include your health journal data, and subscription processing (Apple, Google, and our web payment provider) only returns your Free/Pro status. We may disclose data only where required by law.

6. Storage & retention

Your data is stored only so the Service can show it back to you and keep your devices in sync — it remains yours. It is encrypted and protected with row-level security, so only your account can read it. We keep it while your account is active; when you delete your account, your records are removed promptly and roll off any backups within 30 days. You can export or permanently delete your data at any time.

7. Your rights

Depending on where you live (e.g. under the GDPR, UK GDPR, or CCPA), you have rights to access, correct, delete, export, and restrict the processing of your data, and to withdraw consent. In the app you can:

  • Access & export your data (Settings → Export);
  • Correct any entry (every record is editable);
  • Delete your account and all data (Settings → Delete account);
  • Withdraw consent to optional analytics (Settings → Privacy).

To exercise any right, or if you have a complaint, contact support@trackpep.com.

8. Security

We use encryption in transit (TLS) and at rest, row-level security, and provider-managed authentication. The mobile app supports an optional biometric / passcode lock. No system is perfectly secure, but we work to protect your data and to notify you of material incidents as required by law.

9. Children

TrackPep is intended for adults aged 18 and over. It is not directed to children, and we do not knowingly collect personal data from anyone under 13 (or the minimum age in your jurisdiction). If you believe a child has provided us data, contact support@trackpep.com and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here with a new "Last updated" date and, for material changes, take additional steps such as notifying account holders.

11. Contact

Questions about this Policy or your data: support@trackpep.com.

Privacy Policy — TrackPep | TrackPep AI