Privacy Policy

Last updated: May 19, 2026

Introduction

PepAI is built and operated by Optimal Apps. This Privacy Policy explains what data PepAI collects when you use the app, why we collect it, and the choices you have. We try to keep this short and plain. PepAI only collects what it needs to help you track your GLP-1 and peptide routine.

What We Collect

Account data. When you sign in with Apple, we receive an opaque Apple user identifier (Apple’s “sub”). We do not collect your email or phone number from Apple unless you choose to share your email at sign-in. Your Apple identifier is paired with a Convex user record on our backend (hosted at mild-marmot-345.convex.cloud) so we can recognize your account across devices.

On-device logs. Your weight log, dose log, water log, body measurements, and face-scan photos are stored locally in an SQLite database on your iPhone. This data stays on your device unless you explicitly enable backup.

Photos for analysis. When you run a color analysis or skin scoring, the photo may be sent to our FastAPI server (glpserver.onrender.com) for AI processing. We do not retain the photo after the result is returned. The AR face-tracking scan runs entirely on-device using AVFoundation and Vision; no image leaves your iPhone for that flow.

Analytics. We use Mixpanel to log event names (for example, injection_logged) so we can understand which parts of the app are used and fix bugs. We do not send the values attached to those events — the dose in milligrams, the compound name, your weight, or any other personal field is not included in the analytics payload.

Push notifications. If you allow notifications, Apple Push Notification Service issues a device token. We forward this token to Mixpanel, RevenueCat, and our FastAPI server so we can send you the reminders you’ve enabled.

What We Don't Do

We do not sell your personal information. We do not show third-party ads. We do not embed advertising SDKs. We do not share your dose history or body data with brands, pharmacies, or insurers. PepAI is funded by member subscriptions.

Service Providers

PepAI relies on a small set of trusted third parties to operate: Apple (Sign in with Apple, App Store payments, Push Notification Service), RevenueCat (subscription management; no card details ever touch our servers), Mixpanel (event-name analytics), Convex (user record database), and our own FastAPI server (AI photo analysis). Each receives only the minimum data required to perform its function.

Your Rights

You can request a copy of the data we hold about your account, ask us to correct it, or ask us to delete it entirely. To do any of these, contact us at the email below and we will respond within 30 days.

Children

PepAI is intended for adults and is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Medical Disclaimer

PepAI is a tracking tool, not a medical device. It does not provide medical advice and does not tell you what dose to take. Always consult your healthcare provider for any dosing or treatment decision.

Changes to This Policy

We may update this Privacy Policy as the app evolves. When we make material changes we will update the “last updated” date above and notify users in-app where appropriate.

Contact

Questions about your data or this policy? Email us at support@optimalapps.ca.