Privacy Policy

Last Updated: December 26, 2025

Introduction

PepBuddy ("we," "our," or "us") operates the PepBuddy mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using PepBuddy, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Service.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Authentication data from email, Google or Apple sign-in

Health and Protocol Data

When you use our Service, you may provide:

• Peptide and TRT protocol information (compounds, dosages, schedules)
• Dose logging history and adherence records
• Notes and custom protocol names

Inventory Data

If you use inventory tracking features, we collect:

• Peptide inventory information (vial quantities, expiration dates)
• Supplier names
• Cost information (if provided)

Location Data

With your permission, we collect approximate location data to:

• Provide region-appropriate supplement recommendations
• Customize reorder notifications based on supplier availability

You can disable location access in your device settings at any time.

Device and Analytics Data

We automatically collect:

• Device type, operating system, and version
• App usage patterns and feature engagement
• Crash reports and performance data
• IP address (used for security and approximate location)

How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Track your protocols and dose schedules
• Send push notifications for scheduled doses
• Manage your inventory and send reorder reminders
• Analyze app performance and fix bugs
• Improve the Service based on usage patterns
• Communicate with you about your account and updates
• Process payments for premium subscriptions
• Comply with legal obligations

We do not:

• Sell your personal information to third parties
• Share your health data with advertisers
• Use your data to make medical recommendations

How We Share Your Information

We share your information only with the following third-party service providers who assist in operating our Service:

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

We may also disclose your information if required by law, court order, or government request, or if necessary to protect our rights, safety, or property.

Data Retention

We retain your data for as long as your account is active. If you delete your account:

• All personal data is deleted immediately
• Anonymized, aggregated analytics data may be retained
• Backup systems are purged within 30 days

Your Rights and Choices

All Users

You have the right to:

• Access your personal data
• Export your data in a portable format
• Delete your account and all associated data
• Opt out of marketing communications
• Disable push notifications
• Revoke location permissions

To exercise these rights, contact us at dev@pepbuddyapp.com or use the in-app settings.

European Union Users (GDPR)

If you are located in the European Economic Area, you have additional rights:

• Right to rectification: Request correction of inaccurate data
• Right to restrict processing: Limit how we use your data
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent
• Right to lodge a complaint: File a complaint with your local data protection authority

Our legal bases for processing your data include:

• Contract: Processing necessary to provide the Service you requested
• Consent: Where you have given explicit permission (e.g., location data)
• Legitimate interests: Improving our Service, preventing fraud, ensuring security

To exercise your GDPR rights, contact us at dev@pepbuddyapp.com. We will respond within 30 days.

Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/SSL)
• Encryption at rest
• Secure authentication via OAuth providers
• Row-level security ensuring users can only access their own data
• Regular security audits

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

PepBuddy is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we discover that a user is under 18, we will delete their account and data immediately.

If you believe a minor has provided us with personal information, please contact us at dev@pepbuddyapp.com.

International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws than your jurisdiction.

By using PepBuddy, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy in the app
• Sending an email notification
• Displaying an in-app notice

The "Last Updated" date at the top indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: dev@pepbuddyapp.com

Address:
PepBuddy
4400 Blaisdell Ave, #2
Minneapolis, Minnesota 55419
United States