PepMetrics logo← Back to Home

Privacy Policy

Last updated: December 2024

Digital VisionWorks LLC ("we," "our," or "us") operates PepMetrics, a personal wellness tracking application. This Privacy Policy explains how we collect, use, and protect your information when you use our app and website (pepmetrics.com).

1. Information We Collect

Waitlist (Current)

When you join our waitlist, we collect your email address through our email service provider, ConvertKit.

App (When Launched)

When you use the PepMetrics app, we may collect:

  • Account Data: Email address, password (securely hashed), and profile preferences
  • Protocol Data: Peptide names, dosages, schedules, dose logs, and notes you enter
  • Health Data (User-Authorized): Heart rate, heart rate variability (HRV), sleep stages, step count, and weight from Apple HealthKit or Google Health Connect
  • Progress Data: Weight entries, body measurements, and progress photos (stored locally on your device or encrypted in cloud storage if you enable sync)
  • Usage Data: App interactions and feature usage (anonymized and aggregated)
  • Device Data: Device type, operating system version, and app version (for debugging and support)

What We Do NOT Collect

  • Location data
  • Contacts or address book
  • Browsing history
  • Data from other apps on your device

2. How We Use Your Information

We use your information to:

  • Provide protocol tracking and dose scheduling functionality
  • Correlate your health data with your protocols to show patterns and insights
  • Power AI-generated pattern detection (using anonymized timing data only)
  • Improve our app based on aggregated, anonymized usage data
  • Manage your account and provide customer support
  • Send you product updates and launch notifications (you can unsubscribe anytime)

3. Health Data Protection

Your Health Data is Protected

  • Health data is NEVER sold or shared with advertisers
  • NEVER used for insurance or employment purposes
  • You control exactly which health metrics to share with the app
  • Permissions can be revoked in your device settings at any time
  • We request only the minimum necessary permissions for app functionality
  • Read-only access — we never write data to HealthKit or Health Connect
  • Health data stays on your device unless you enable cloud sync
  • No health data is stored in iCloud (per Apple requirements)

4. Third-Party Services

We use trusted third-party services to operate PepMetrics:

Supabase

Database hosting for user accounts and app data. All data is encrypted at rest and in transit. Row-level security ensures you can only access your own data.

ConvertKit

Email marketing for waitlist collection and product updates. You can unsubscribe from emails at any time using the link in any email.

Anthropic Claude API

Powers AI pattern detection and insights. Receives only protocol timing patterns — no raw health values or personally identifiable information is ever sent to this service.

Sentry

Error tracking and crash reports for app stability. No personally identifiable information or health data is included in error reports.

Apple HealthKit / Google Health Connect

Read-only access to health metrics you authorize. We never write data to your health stores. Data access can be revoked at any time in your device's Settings app.

5. Data Security

We implement industry-standard security measures to protect your data:

  • TLS 1.3 encryption for all data transmitted between your device and our servers
  • AES-256 encryption for data stored at rest
  • Secure token storage using iOS Keychain and Android Keystore
  • Row-level security in our database ensuring users can only access their own data
  • Certificate pinning for API connections to prevent man-in-the-middle attacks
  • 15-minute inactivity timeout with optional biometric re-authentication

6. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active
  • Protocol and dose data: Retained while your account is active
  • Health data: Stored locally on your device; cloud-synced data is deleted upon account deletion
  • Anonymized analytics: May be retained indefinitely for product improvement

When you delete your account, all personal data is permanently removed from our systems within 30 days.

7. Your Rights

You have the following rights regarding your data:

  • Export: Download all your data in a standard format
  • Delete: Request deletion of your account and all associated data
  • Revoke permissions: Disable health data access at any time in your device settings
  • Unsubscribe: Opt out of marketing emails using the link in any email
  • Access and correct: View and update your personal information within the app

For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to request deletion. We do not sell personal information.

For EU/EEA Residents (GDPR)

If you are in the European Union or European Economic Area, you have rights under the General Data Protection Regulation including the right to access, rectification, erasure, data portability, and the right to object to processing. Contact us to exercise these rights.

8. Children's Privacy

PepMetrics is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through the app or by email. We encourage you to review this policy periodically. Your continued use of PepMetrics after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Digital VisionWorks LLC

Email: info@digitalvisionworks.com

Florida, USA