Privacy Policy

Peplo is built local-first. On the free tier, your vials, dose logs, reminder schedules, and preferences never leave your device. They are stored in your browser's IndexedDB, and we have no way to access them.

Pro subscribers may opt in to cloud sync, in which case copies of their data are stored on infrastructure we operate (see Section 5).

The following data is stored exclusively in your browser's IndexedDB and is not transmitted to us unless you explicitly enable cloud sync or use the Export Data feature:

• Vial inventory (peptide name, mg, reconstitution mL, dates, notes, optional photo)
• Dose logs (vial reference, mcg, units, injection site, timestamp)
• Reminder schedules
• App preferences (unit system, syringe size, theme, onboarding state)

We do collect a limited set of data on our servers, separated by purpose:

• Account and billing. When you create a Pro account, we receive your email address and a Stripe customer identifier. Payment card details are handled by Stripe and never touch our servers.
• Analytics events. We log a small set of typed events (e.g., scan_completed, protocol_generated, paywall_shown) to help us understand how the Service is used. We do not log personally identifiable information in these events.
• Web vitals and error reports. Vercel Analytics collects aggregated performance metrics; uncaught errors may be logged for debugging.
• Optional AI scan inputs. If you use the vial label scan feature, the image you submit is sent to a third-party vision model (see Section 5). The image is not retained by us beyond the duration of the request.

Peplo uses browser storage (cookies, IndexedDB, localStorage) for the following purposes:

• Session tokens generated client-side to rate-limit API calls.
• Theme and preference state.
• PostHog and Vercel Analytics may set first-party cookies for session continuity.

We do not use third-party advertising cookies or sell information to advertisers.

We rely on the following service providers. Each handles only the data necessary for its function and is contractually bound to confidentiality.

• Stripe — payment processing, billing management. Subject to Stripe's Privacy Policy.
• Anthropic — large-language-model inference for optional AI features. Anthropic does not train on customer data sent through the API.
• OpenAI — vision-model inference for the optional vial-label scan feature.
• Vercel — hosting, edge runtime, and aggregated Web Vitals metrics.
• PostHog — product analytics events.
• Upstash — Redis-backed rate limiting and push subscription storage.
• Supabase — authentication and cloud sync database for Pro users who opt in (planned).

We use the limited data we collect to:

• Operate, maintain, and improve the Service.
• Authenticate users and process payments.
• Detect and prevent abuse, fraud, or rate-limit violations.
• Communicate with you about your account, security, and material changes to the Service.
• Comply with legal obligations.

We do not sell or rent your personal information. We do not share your data with advertisers. We do not use your protocol library, dose logs, or other journal-style content to train AI models.

Local-device data persists in your browser until you delete it (via the Clear All Data action in Settings or by clearing site data in your browser).

Server-side account data is retained while your account is active. Upon account deletion, we delete your personal data within thirty (30) days, except where retention is required by law (e.g., tax records for completed transactions).

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data.
• Export your data in a portable format (see the Export Data feature in Settings).
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at [SUPPORT_EMAIL]. We will respond within thirty (30) days.

The Service is not intended for children under the age of eighteen (18). We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, contact us at [SUPPORT_EMAIL] and we will delete it promptly.

We use industry-standard administrative, technical, and physical safeguards to protect data we hold on our servers, including TLS encryption in transit, encrypted storage at rest, and principle-of-least-privilege access controls. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you in accordance with applicable law.

Our servers and subprocessors are located in the United States and the European Union. If you access the Service from another jurisdiction, your data may be transferred to, stored in, and processed in these locations. By using the Service, you consent to such transfers.

We may update this Privacy Policy from time to time. Material changes will be announced in the Service or via email at least fourteen (14) days before they take effect. The "Last updated" date at the top of this policy reflects the most recent revision.

Questions, concerns, or requests about this Privacy Policy should be directed to [SUPPORT_EMAIL]. If you are in the EU and wish to lodge a complaint with a supervisory authority, you may do so with the data protection authority in your country of residence.