Privacy Policy

PepStack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the PepStack mobile application and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (e.g., Apple or Google), we receive basic profile information from that provider.

Health & Wellness Data

PepStack allows you to log peptide dosing schedules, bloodwork results, body measurements, symptoms, and other health-related information. This data is provided voluntarily by you and is essential to the core functionality of the Service.

Usage Data

We automatically collect information about how you interact with the Service, including device type, operating system, app version, session duration, feature usage, crash reports, and anonymized analytics. This data helps us improve the Service.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Personalize your experience, including AI-powered insights and recommendations
• Process subscriptions and payments
• Send transactional communications (e.g., account verification, billing receipts)
• Respond to support requests and inquiries
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your health data for advertising purposes.

3. Data Storage & Security

Your data is stored securely on infrastructure hosted by Supabase, which uses enterprise-grade encryption at rest (AES-256) and in transit (TLS 1.2+). We implement industry-standard security measures including row-level security policies, encrypted backups, and strict access controls.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach as required by applicable law.

4. Third-Party Services

We use the following third-party services to operate PepStack:

• Stripe— Payment processing. Stripe collects and processes your payment information directly. We do not store your full credit card number. Stripe's privacy policy applies to their handling of your data.
• RevenueCat — Subscription management across platforms. RevenueCat processes subscription status and purchase history.
• OpenRouter — AI model routing for intelligent features. When you use AI-powered features, anonymized or pseudonymized prompts may be sent to language model providers via OpenRouter. We minimize personally identifiable information in AI requests.

Each third-party service is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each service to function.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Under GDPR (European Economic Area)

• Right of Access — Request a copy of all personal data we hold about you
• Right to Rectification — Correct inaccurate or incomplete data
• Right to Erasure — Request deletion of your personal data
• Right to Portability — Receive your data in a structured, machine-readable format
• Right to Restrict Processing — Limit how we use your data
• Right to Object — Object to processing based on legitimate interests

Under CCPA (California)

• Right to Know — What personal information we collect, use, and share
• Right to Delete — Request deletion of your personal information
• Right to Opt-Out — Opt out of the sale of personal information (we do not sell your data)
• Right to Non-Discrimination — We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner as required by law).

6. Children's Privacy

PepStack is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at [email protected].

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records). Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytics and product improvement.

8. International Data Transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other mechanisms recognized by applicable data protection authorities.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a prominent notice within the app at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact Information

If you have any questions about this Privacy Policy or your personal data, please contact us at: