PeptidePal Privacy Policy

Summary of Key Points

This privacy notice for Blank Labs LLC ("we," "us," or "our") describes how and why we access, collect, store, use, and share ("process") your personal information when you use PeptidePal (formerly Pep Pal; the "app") — a peptide research, reference, and personal tracking app. PeptidePal lets you browse a peptide library, configure protocols, log doses, and chat with an AI research assistant.

In short: we collect the minimum needed to run your account, your onboarding preferences, the chat messages you send our AI, and anonymous usage analytics. Your dose logs and protocol history stay on your device. We do not sell your personal information, we do not use your data for advertising, and you can delete your account in the app at any time.

What Information We Collect

Account information. When you sign up with Sign in with Apple or Sign in with Google we receive your email address and an account identifier from Apple or Google. We store this in our Supabase database so we can authenticate you on future launches. We never receive your Apple ID or Google account password.

Onboarding and health-adjacent preferences. During onboarding we ask you about your goals (for example weight loss, recovery, longevity), your experience level with peptides, any obstacles you'd like our help with, the peptides you are currently exploring, preferred check-in cadence, and basic demographics (age, biological sex, height, and weight). You choose what to share. We store your answers in our Supabase database so PeptidePal can personalize what you see. This information is never used for advertising and is never shared with third parties for marketing.

Tracking data stored only on your device. Your personal dose logs, protocol schedules, stack configurations, streak history, and chat history are stored locally in the app using on-device storage. They are not uploaded to our servers. Because they live on your device, you are responsible for backing them up; if you delete the app or lose your device, we cannot recover them.

AI chat messages. The messages you type into the PeptidePal chat assistant are transmitted to our backend and forwarded to our AI provider to generate a response (see "AI Chat Feature" below). The response is returned to your device and stored there. We do not persist your chat messages or the responses on our servers.

Referral code redemptions. If you enter a referral code and redeem it with a paid subscription, we store the code, the redemption timestamp, and a transaction identifier from Apple so we can honor the referral and prevent double-redemption. We verify the App Store receipt with Apple and discard the raw receipt; we do not keep a copy.

Payment data. All purchases flow through the Apple App Store. Apple handles your payment information. We do not receive or store your payment method, credit card number, or billing address.

Usage analytics. We collect anonymous, device-scoped product usage data (for example which screens you viewed, how far you progressed through onboarding, whether a paywall was shown, approximate message counts) using TelemetryDeck. Events are stamped with a random device identifier that resets when you reinstall the app; they are not linked to your name, email, or a cross-app advertising identifier.

Automatically collected information. When your device connects to our servers we receive standard technical information (IP address, approximate device and OS type, app version, request timestamps). We use this for security, abuse prevention, and debugging. We do not correlate it with advertising identifiers.

What We Do Not Do

We do not sell your personal information. We do not use your personal information, chat messages, or onboarding answers for advertising or marketing to you. We do not share your data with data brokers. We do not track you across other apps or websites and we do not request permission to access the iOS Advertising Identifier (IDFA).

How We Use Your Information

We process the information described above to: create and authenticate your account; personalize the in-app experience based on your onboarding answers; generate AI chat responses to the messages you send; verify subscription and referral eligibility with Apple; deliver push notifications you opt into (dose reminders, streak alerts, refill reminders — scheduled on your device); understand aggregate product usage so we can improve the app; protect the service from abuse and fraud; and comply with legal obligations.

We do not process your information for any purpose that is incompatible with the purposes above without your consent.

AI Chat Feature

PeptidePal's AI chat assistant helps you research peptides and explore the peptide library. When you send a message it is transmitted over TLS to our backend, combined with a system prompt describing PeptidePal's research-only scope, and forwarded to our AI provider. The generated response is streamed back to your device.

What is sent. Only the message text you type, the prior messages in the same chat session (so the assistant has context), and, optionally, a short summary of your active protocol if you have configured one in the app and allowed the assistant to use it. Your email, your Supabase user identifier, and your raw tracking logs are not included.

AI provider. Our current AI provider is Anthropic, PBC (Claude). Anthropic processes your messages under its commercial terms and does not use API inputs to train its models. Anthropic may retain inputs for up to thirty (30) days solely for trust-and-safety and abuse monitoring, after which the data is deleted. If we change AI providers we will update this policy.

No server-side chat history. PeptidePal does not store your chat messages or AI responses on our servers. Your chat history lives on your device in the app's local storage; deleting the app deletes your chat history.

Peptide Library Content

The PeptidePal peptide library contains general reference information about research peptides. The library is provided for educational purposes only and is not a personalized recommendation, a prescription, or medical advice. It is not tailored to your personal situation. See our Terms of Service for the full disclaimer, including the specific rules that apply to FDA-approved prescription drugs such as Semaglutide, Tirzepatide, and other GLP-1 medications.

Service Providers We Share Information With

We use the service providers listed below, and only the categories of data described, to operate PeptidePal. Each provider is contractually bound to process data only on our instructions.

• Apple Inc. — Sign in with Apple (account creation), App Store subscriptions and receipts, and Apple Push Notification service for delivering notifications you opt into.
• Google LLC — Sign in with Google (account creation), when you choose this method.
• Supabase Inc. — Managed Postgres database and authentication. Stores your email, onboarding answers, demographics, subscription flag, and referral redemptions.
• Google Cloud Platform (Google LLC) — Hosts our backend API (Cloud Run) and manages deployment secrets (Secret Manager). Receives API request metadata.
• Anthropic, PBC — Generates AI chat responses from the messages you send, as described in "AI Chat Feature" above.
• Superwall Inc. — Renders the in-app paywall and reports paywall analytics. Receives a device-scoped Superwall identifier and anonymized paywall interaction events; does not receive your email or Supabase identifier.
• TelemetryDeck (Telemetry Deck GmbH) — Processes anonymous product analytics events. Receives a device-scoped random identifier that resets on reinstall; does not receive your email, your Supabase identifier, or advertising identifiers.

We may also disclose information when required by law, to respond to lawful requests and legal process, to protect our rights and the safety of our users, or in connection with a merger, acquisition, or sale of company assets — in which case we will notify you and take reasonable steps to ensure the successor is bound by this policy.

International Data Transfers

Our servers and most of our service providers are located in the United States. If you access PeptidePal from outside the United States your information will be transferred to, stored in, and processed in the United States and in other countries where our service providers operate. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses.

How Long We Keep Your Information

We keep your account information for as long as your account is active. When you delete your account we delete your Supabase auth record and your profile row (which includes your email, onboarding answers, and demographics). Referral redemption ledger rows are retained to preserve creator-code accounting, but your user identifier is detached from them so they are no longer linked to you.

Your on-device tracking data (dose logs, protocols, chat history) persists only as long as you keep the app installed and is deleted when you uninstall PeptidePal.

How We Keep Your Information Safe

We use TLS for data in transit, enforce row-level security in Supabase so each user can only read their own row, store all service credentials in Google Cloud Secret Manager, and verify every backend request against a short-lived Supabase-issued token. Despite these safeguards, no transmission over the Internet is 100% secure; we cannot guarantee absolute security.

Minors

PeptidePal is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. By using PeptidePal you represent that you are at least 18 years old. If you believe a minor has provided us with personal information, please contact us at [email protected] and we will delete it.

Your Privacy Rights

Depending on where you live — including California, Colorado, Connecticut, Utah, Virginia, the EEA, the UK, Switzerland, and Canada — you may have the right to request access to the personal information we hold about you, to correct inaccuracies, to delete your personal information, to request a portable copy, and to withdraw any consent you previously gave. You also have the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at [email protected] from the email address associated with your account. The fastest way to delete your account is described below.

How to Delete Your Account

You can permanently delete your PeptidePal account from inside the app: open Settings → Delete Account and confirm twice. This action is immediate and irreversible. It deletes your Supabase authentication record and your profile row (email, onboarding answers, and demographics). Referral redemption entries are kept for accounting but are no longer linked to your identity. Your on-device tracking data is cleared when the app signs out.

Deleting your PeptidePal account does not cancel an active Apple App Store subscription. To cancel a subscription, open Settings → [your name] → Subscriptions on your iPhone and cancel PeptidePal; Apple handles subscription cancellation and refunds.

If you cannot access the in-app deletion flow, email us at [email protected] from the email address associated with your account and we will delete your account within thirty (30) days.

Do Not Track and Global Privacy Control

PeptidePal is a mobile app and does not respond to browser Do Not Track or Global Privacy Control signals from web browsers. We do not use the iOS Advertising Identifier (IDFA) or request App Tracking Transparency permission. Our analytics are anonymous by design.

Changes to This Notice

We may update this privacy notice from time to time. The updated version will be indicated by a revised "last updated" date above. If we make material changes we will take reasonable steps to notify you, for example through an in-app notice or by updating the app.

Contact Us

If you have questions about this notice or how we handle your personal information, you can reach us at [email protected] or by mail at: Blank Labs LLC, California, United States.