Peptide Tracker
Last updated: February 2025

Privacy Policy

Peptide Tracker is designed with privacy as a core principle. We collect minimal data and never sell or share your information with third parties.

Information We Collect

Data You Provide

  • Access Code: A randomly generated 12-character code used to identify your account. No email, password, or personal information is required.
  • Protocol Data: Peptide names, schedules, dosing information, and settings you create.
  • Dose Logs: Dates, times, amounts, and optional notes you record.
  • Feedback: If you submit feedback, we collect your message and optionally your email if you provide one.

Automatically Collected

  • Timezone: Your browser's timezone is detected automatically to ensure dose reminders are sent at the correct local time.
  • Cloudflare Analytics: We use Cloudflare's privacy-friendly analytics which does not use cookies or track individuals. This provides aggregate data like page views and country-level location.
  • Server Logs: Standard web server logs may temporarily record IP addresses and request information for security purposes.

Push Notifications (Optional)

  • If you enable dose reminders, we store your push subscription which includes a unique endpoint URL and encryption keys
  • This data is used solely to send you dose reminder notifications
  • You can disable reminders at any time, which deletes your push subscription
  • Push notifications are delivered via your browser's push service (e.g., Google for Chrome, Apple for Safari)

How We Use Your Data

  • To provide and maintain the Peptide Tracker service
  • To save and sync your protocols and dose logs
  • To respond to feedback or support requests
  • To improve the service based on aggregate usage patterns

Data Storage & Security

  • Your data is stored on servers located in the United States
  • All connections are encrypted using HTTPS/TLS
  • We use Cloudflare for additional security and DDoS protection
  • Access codes are the only identifier - we don't store emails or passwords

Data Retention & Deletion

  • Your data is retained as long as your account exists
  • You can export all your data at any time in JSON or CSV format
  • You can delete your account from the dashboard, which permanently removes all your data
  • Server logs are retained for up to 30 days

Third-Party Services

We use the following third-party services:

  • Cloudflare: CDN, security, and privacy-friendly analytics. Their Privacy Policy
  • Discord: Feedback messages are sent to a private Discord channel for review. No personal data is included unless you provide it.
  • Browser Push Services: If you enable dose reminders, notifications are delivered through your browser's push notification service (Google FCM for Chrome, Apple Push for Safari, Mozilla Push for Firefox).

Your Rights

You have the right to:

  • Access: View all your data in the dashboard
  • Export: Download your data in JSON or CSV format
  • Delete: Permanently delete your account and all associated data
  • Portability: Take your data with you using the export feature

Cookies & Local Storage

We use essential cookies and browser storage to provide functionality:

Cookies

  • Access Token: HTTPOnly cookie containing your encrypted JWT token (expires after 7 days)
  • Refresh Token: HTTPOnly cookie for extending your session (expires after 30 days)

Local Storage

  • Theme Preference: Your light/dark mode selection is stored locally
  • Offline Queue: When offline, pending actions are temporarily stored until connection is restored

Service Worker Cache

  • Static Assets: CSS, JavaScript, and images are cached for offline use
  • API Responses: Recent protocol and calendar data is cached for offline viewing
  • Cache is automatically updated when new versions are released
  • You can clear the cache by clearing your browser data or uninstalling the PWA

We do not use tracking cookies or third-party advertising cookies. All storage is for essential functionality only.

Offline Functionality

Peptide Tracker works offline through Progressive Web App (PWA) technology:

  • When offline, you can view your cached protocols and calendar data
  • Dose logs created offline are queued and automatically synced when you reconnect
  • Queued data is stored locally on your device until successfully synced
  • Failed syncs are retried automatically; you'll be notified of any sync errors

Data Processing

The following calculations are performed on your data:

  • Inventory Tracking: We calculate remaining doses based on your logged amounts and reconstitution settings
  • Unit Conversions: If you dose in mL, we convert to mg using your vial concentration for inventory tracking
  • Schedule Calculations: We determine upcoming doses based on your protocol frequency and cycle settings
  • Statistics: Compliance rates and usage patterns are calculated from your log history

All calculations happen on our servers using only the data you've entered. No data is shared externally for processing.

Children's Privacy

Peptide Tracker is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.

International Data Transfers

Your data may be transferred to and processed in the United States where our servers are located. By using the Service, you consent to this transfer. We take steps to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information (available via account deletion in the dashboard)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • No Sale of Data: We do not sell personal information to third parties

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights:

  • Legal Basis: We process your data based on your consent (by creating an account) and our legitimate interest in providing the Service
  • Right to Rectification: You can correct inaccurate data through the app
  • Right to Restriction: You can request restriction of processing in certain circumstances
  • Right to Object: You can object to processing based on legitimate interests
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority

Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • All data transmission is encrypted using TLS 1.2 or higher
  • Access codes are hashed before storage
  • Regular security audits and updates
  • Limited access to production systems
  • Automated backups with encryption at rest

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users through the app's notification system within 72 hours of becoming aware of the breach, where feasible. Because we do not collect email addresses, in-app notification and public disclosure are our primary means of communication.

Contact

If you have questions about this Privacy Policy or your data, please use the feedback widget in the app to contact us.