Privacy Policy
Last updated: May 10, 2026
1. Who we are
Pepty AI is a personal log for peptide protocols, available as an iOS app. This Privacy Policy covers the Pepty AI mobile app and the marketing site at pepty.ai. The app is published by an independent developer; for any questions, email hello@pepty.ai.
2. What data Pepty AI collects
None, by default. Pepty AI does not have user accounts, does not run servers that store your data, and does not include analytics, telemetry, or third-party tracking SDKs. Everything you log — doses, vials, blends, measurements, daily mood logs, side effects, lab results, photos, and notes — lives in a SQLite database on your device, accessible only to the Pepty AI app.
3. Where your data lives
All app data is stored locally on your device using Apple's and Google's standard on-device storage (SQLite via Expo, plus Apple Photos for any progress images you save). When you uninstall Pepty AI, your data is deleted with it. We do not have a copy.
You can export your data at any time from Settings → Export my data. The export is a JSON file you can save, share, or delete as you choose. We do not see exports.
4. Third-party services we use
Apple Health (iOS only, opt-in)
If you grant permission, Pepty AI reads your latest weight and body-fat measurements from Apple Health, and writes back the measurements you log. This data flows directly between Pepty AI and the Health app on your device. It does not go to us. Apple's HealthKit framework restricts how this data is handled; we never transmit it off the device.
OpenAI (only when you use AI features)
Pepty AI's optional AI features — the AI Routine Builder, the "Ask Pepty AI" calculator helper, side-effect context blurbs, daily-log insights, and lab-result interpretations — send the text you type to OpenAI for one-time parsing or summarization. Specifically:
- The text travels through a small Pepty AI-operated proxy (so the OpenAI key isn't shipped in the app); the proxy does not log or store request bodies.
- OpenAI processes the text per their privacy policy. Per OpenAI's terms for API traffic, your inputs are not used to train their models.
- If you don't tap an AI feature, no text is sent.
RevenueCat (subscription handling)
Subscription purchases flow through Apple's StoreKit (iOS) or Google Play Billing (Android), and are verified by RevenueCat. RevenueCat assigns an anonymous, randomly-generated user ID per device — it does not contain your name, email, Apple ID, or any other identifying information. RevenueCat receives the purchase event from Apple/Google and tells the app whether your subscription is active. RevenueCat's full privacy policy describes their handling.
Local notifications (no push servers)
Dose reminders are delivered as local notifications scheduled by your device. Pepty AI does not run a push notification server and does not know when reminders fire.
5. What we don't do
- We do not collect names, emails, phone numbers, or birthdates.
- We do not run analytics SDKs (no Google Analytics, Firebase, Mixpanel, etc.).
- We do not show ads or share data with advertisers.
- We do not sell, rent, or trade any data, because we don't have any.
- We do not track your location.
6. Permissions Pepty AI may ask for
- Notifications — to deliver local dose reminders.
- Apple Health (iOS) — to read/write weight and body-fat measurements you choose to sync.
- Camera — to take progress photos directly inside the app. Photos save to your device.
- Photo library — to attach progress photos and to save photos you take.
Each permission is opt-in. Denying any of them keeps the rest of the app working.
7. Children's privacy
Pepty AI is not intended for use by children under 13 (or under the age of digital consent in your jurisdiction). Pepty AI does not knowingly collect data about children. Because Pepty AI does not collect personal data at all, this is enforced by design.
8. Security
Because your data lives on your device, the security of your data depends primarily on your device's lock screen, biometric authentication, and OS-level protections. The proxy used for AI requests communicates over HTTPS only.
9. Your rights
Since we don't store data on our servers, requests for access, deletion, or correction are satisfied directly from within the app: Settings → Export my data for a copy, Settings → Delete all my data to wipe everything, or simply uninstall the app. If you're in the EU, UK, California, or another jurisdiction with data-protection laws, those rights still apply — but in practice, we have no records to access or delete because we never had them.
10. Changes to this policy
If this policy changes, we'll update the "Last updated" date at the top, and material changes will be announced in the app's release notes. Continuing to use Pepty AI after a change means you accept the updated policy.
11. Medical disclaimer
Pepty AI is a personal log, not a medical device. It does not diagnose, prescribe, or recommend doses. Always talk to a clinician about anything you put in your body. If you experience severe side effects (chest pain, fainting, severe allergic reaction), seek emergency care.
12. Contact
Questions about this policy? Email hello@pepty.ai.