Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how Eduru (“we,” “us,” or “our”) handles information in connection with the PeptidePilot mobile application (the “App”) and this website (the “Site”), together the “Services.” PeptidePilot is a personal tracking tool for logging medication protocols, research peptide schedules, and related health metrics. It is not a healthcare provider and does not provide medical advice, diagnosis, or treatment.

By using the Services, you agree to the collection and use of information as described here. If you do not agree, please discontinue use of the Services.

2. Information We Collect

We collect only what is needed to make the App work. Most data stays tied to an anonymous identifier and is never linked to your real-world identity unless you choose to sign in.

Account data

By default, the App creates an anonymous user ID (UID) — no email, name, or phone number required. If you choose to sign in with Apple, we receive an email address (or Apple’s private relay address) solely to sync your data across devices.

Profile data

Information you choose to provide, such as name, age, sex, height, weight, and personal goals. This is used only to power tracking features like reconstitution math and body composition trends.

Tracking data

Data you enter to track your protocol: medications, dosages, injection logs, side effects, and weight logs. This is your personal record and is never sold or shared for advertising.

HealthKit data

With your explicit permission, the App reads weight, body fat percentage, and lean body mass from Apple Health. HealthKit access is read-only — we never write to, modify, or delete your Apple Health data, and HealthKit data is never used for advertising or shared with third parties.

Subscription data

Subscriptions are managed through RevenueCat and Apple In-App Purchase. We receive transaction identifiers and subscription status only. We never see or store your full payment card details — those are handled by Apple.

Crash data

We use Firebase Crashlytics to capture diagnostic crash reports so we can fix bugs. These reports contain device and error information and are configured to avoid personally identifying information (PII).

Analytics

We use TelemetryDeck for privacy-friendly, aggregate usage analytics. TelemetryDeck does not use the advertising identifier (IDFA), does not track you across apps or websites, and does not build advertising profiles. Analytics help us understand which features are used, in aggregate only.

3. How We Use Information

We use information strictly to provide and improve the Services, specifically to:

• Operate core features such as tracking, calculations, and reminders
• Sync your data across your devices when you sign in
• Manage subscriptions and entitlements
• Diagnose crashes and fix bugs
• Understand aggregate, anonymized feature usage

We never use your information for advertising, profiling, or resale.

4. Third-Party Services

The Services rely on a small set of trusted providers:

• Firebase (Authentication, Firestore, Crashlytics) — account, data storage, and crash reporting
• RevenueCat — subscription management
• TelemetryDeck — privacy-friendly analytics, no tracking, no IDFA
• Apple HealthKit — read-only health metrics
• Apple Sign-In — optional account sign-in

Each provider processes data only as needed to deliver its function and under its own privacy commitments.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We share data with the service providers listed above only to operate the Services, and we may disclose information if required by law or to protect the rights and safety of our users.

6. Data Retention

We retain your data for as long as your account exists. When you request account deletion, your associated personal data is deleted within 30 days, except where retention is required by law. Aggregate, anonymized analytics that cannot identify you may be retained.

7. Your Rights

You have meaningful control over your data:

• Access & export — export your data to CSV directly in the App (Settings → Export Data)
• Delete your account — in the App, go to Settings → Privacy & Data → Delete Account

GDPR (EU/EEA/UK users)

If you are in the European Union, European Economic Area, or United Kingdom, you have the rights of access, rectification, erasure, portability, restriction of processing, and objection. You may exercise these rights by contacting privacy@glppeptidetracker.com.

CCPA (California residents)

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@glppeptidetracker.com.

8. Children’s Privacy

The Services are intended for adults 18 and older and are not directed to minors. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

9. Health Data Disclosure

Health-related data you input is for your personal tracking only. PeptidePilot is not a healthcare provider and is not subject to HIPAA. We treat all health-related data with strict confidentiality, do not use it for advertising, and do not share it with third parties except the service providers required to operate the App.

10. International Transfers

Our infrastructure (Firebase) stores data on servers located in the United States. If you access the Services from outside the U.S., you understand your data may be transferred to and processed in the U.S. We rely on appropriate safeguards for such transfers, including standard contractual clauses where applicable.

11. Security Measures

We use industry-standard safeguards including encryption in transit (TLS), encryption at rest through our infrastructure providers, scoped access controls, and anonymous-by-default identifiers. No method of transmission or storage is 100% secure, but we work to protect your information.

12. Cookies

The App does not use cookies. This Site may use privacy-friendly, aggregate analytics (e.g., Vercel Analytics) that can set a minimal first-party cookie or identifier to measure traffic. It does not track you across other websites for advertising.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above, and where appropriate, through in-App notice.

14. Contact

Questions or privacy requests? Email privacy@glppeptidetracker.com.