Privacy

Privacy policy.

How PepTide handles local health tracking data, health-platform permissions, purchases, diagnostics, and support requests.

Effective date and scope

This Privacy Policy is effective 2026-07-03. It applies to PepTide, peptidewaves.com, support workflows, store-submission links, and related public pages operated by Omniscient Labs.

Summary

  • PepTide is built as a local-first personal record-keeping app for adults.
  • Launch-version tracking records stay on your device unless you choose to export a backup, grant Apple Health or Health Connect permissions, contact support, use purchases, or enable a provider-backed feature.
  • PepTide does not sell personal information, health records, HealthKit data, Health Connect data, or medication or peptide logs.
  • PepTide does not use advertising trackers in this build and does not use health-platform data for advertising, data-broker activity, or unrelated profiling.
  • Data deletion instructions are available at https://peptidewaves.com/delete-account.

Information you enter

You may enter medication or peptide names, user-defined amount labels, dates, injection sites, side effects, weight, measurements, food, water, mood, sleep, workout, fasting, notes, reminder schedules, heads-up reminder offsets, rotation preferences, and other personal records. This information can be sensitive health-related information.

Information collected automatically

The app and its service providers may process device type, operating system, app version, installation identifiers, purchase identifiers, entitlement status, crash reports, diagnostics, performance information, support metadata, and security logs needed to run, protect, debug, or support the app. The launch version does not require a PepTide account or PepTide cloud profile.

How information is used

  • Store and display your user-entered records on your device.
  • Schedule local reminders that you configure.
  • Import or export selected Apple Health or Health Connect categories after permission.
  • Restore purchases, unlock Pro features, prevent billing abuse, and answer purchase-support questions.
  • Respond to support, privacy, deletion, safety, and legal requests.
  • Debug crashes, fix defects, maintain security, comply with app-store rules, and satisfy legal obligations.

Local storage

PepTide stores launch-version tracking data locally on your device with app storage. Deleting the app, clearing app storage, replacing your device, importing a backup, or using Reset All Data can remove local data from that installation. Device backups, operating-system account backups, screenshots, and exported files are controlled by your device and account settings.

Health sync

  • Apple Health sync is available on iOS production/development builds after HealthKit permission approval.
  • Health Connect sync is available on supported Android production/development builds after Health Connect permission approval.
  • Health permissions are requested only after you choose a health-sync category in the app.
  • Weight and water can be imported and exported when selected. Steps, active calories, workouts, heart rate, and sleep are read as summaries only.
  • Google Fit, Samsung Health, Fitbit, scales, watches, and other devices may contribute data when they share it into Health Connect. Direct account sync for those services is not active unless separately reviewed and released.

HealthKit and Health Connect commitments

  • PepTide does not sell HealthKit or Health Connect data.
  • PepTide does not use HealthKit or Health Connect data for advertising, data-broker activity, or unrelated profiling.
  • PepTide does not use HealthKit or Health Connect data to train AI models.
  • PepTide does not share HealthKit or Health Connect data with advertisers or data brokers.
  • You can revoke health-platform permissions in iOS or Android settings at any time.

Backups, imports, and exports

If you export a JSON backup, you control where that file is saved, copied, uploaded, or shared. Anyone with access to that file may be able to read its contents. Do not import a backup unless you trust the file and understand that it can replace local PepTide data on that device. PepTide does not promise that exported files are encrypted after they leave the app.

Purchases and subscriptions

PepTide Pro checkout, billing, receipt validation, subscription status, refunds, cancellation state, and restore flows are handled by the Apple App Store, Google Play, and RevenueCat. These providers may process product identifiers, transaction status, subscription status, expiration dates, refund or cancellation state, device or store region, and an app-generated customer identifier. PepTide does not receive or store your full payment card number.

Diagnostics and crash reporting

If configured for the submitted build, PepTide uses Sentry for crash and performance diagnostics. Diagnostics can include crash reports, stack traces, app and device context, performance spans, breadcrumbs, masked replay frames, and touch events needed to reproduce a technical issue. Default personally identifiable information is disabled and replay text and images are masked. Diagnostics are not used for advertising, health-data sales, medication profiling, or treatment decisions.

Service providers and sub-processors

PepTide may rely on Apple, Google, RevenueCat, Sentry, Expo, EAS, HealthKit, Health Connect, Cloudflare, hosting providers, email providers, and store-console services for app distribution, purchases, restore flows, diagnostics, updates, public websites, health permissions, and support. These providers process data under their own terms, privacy policies, data-processing terms, security controls, and legal obligations. We may add or replace providers as the app changes and will update disclosures when those changes materially affect users.

AI and automated processing

The launch build does not send medication logs, peptide records, HealthKit data, Health Connect data, body scans, meal photos, face scans, biometric templates, or AI chat history to a PepTide backend for model training. If future builds add provider-backed AI, inputs may be sent to one or more third-party AI inference providers for response generation. Provider processing, retention, abuse monitoring, service-improvement, legal, and security obligations will be governed by the provider terms, data-processing terms, API settings, and laws in effect at that time. AI output may be inaccurate and will not replace qualified professional advice.

Legal bases where required

  • Contract: to provide app functionality, purchases, restore flows, support, and requested services.
  • Consent: for health-platform permissions, notifications, optional exports/imports, and any future optional AI or sync feature that requires consent.
  • Legitimate interests: to secure the app, prevent abuse, debug crashes, maintain records, and improve reliability in ways that do not override user rights.
  • Legal obligation: to comply with app-store, tax, accounting, consumer-protection, legal-process, and regulatory requirements.

Retention and deletion

Local tracking data remains on your device until you delete it, reset the app, clear device storage, uninstall the app, replace the data through backup import, or your operating system removes it. Support emails are retained as needed to answer requests and maintain business records. Purchase, diagnostics, store, tax, security, and legal records may be retained by the relevant provider or by PepTide as needed for billing, fraud prevention, legal obligations, security, dispute resolution, or support. The public deletion path is https://peptidewaves.com/delete-account.

Your choices and rights

  • Edit or delete local entries inside the app.
  • Use Reset All Data to delete local app data from the installation.
  • Export a backup for your own records.
  • Revoke Apple Health, Health Connect, and notification permissions in system settings.
  • Manage or cancel subscriptions through Apple ID Account Settings or Google Play subscriptions.
  • Contact peptidewaves@gmail.com to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or another privacy-rights action where applicable.

Response timelines

We aim to respond to verified privacy requests within 30 days where GDPR, UK GDPR, or similar laws apply, and within 45 days where CCPA/CPRA or similar U.S. state laws apply, unless a lawful extension, identity-verification step, legal hold, fraud concern, or store/provider limitation applies.

U.S. state privacy notices

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, Iowa, Indiana, Tennessee, Florida, Montana, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and other states with consumer privacy laws may have rights to know, access, delete, correct, port, opt out of certain processing, appeal decisions, and avoid discrimination for exercising rights. PepTide does not sell personal information and does not share personal information for cross-context behavioral advertising in this build.

California, DNT, and GPC

For California Shine the Light, PepTide does not disclose personal information to third parties for their direct marketing purposes in this build. For CalOPPA, this policy is conspicuously linked from public routes and will be updated when material practices change. Browser Do Not Track signals are not standardized. Where legally required and technically applicable, we treat recognized opt-out preference signals such as Global Privacy Control as requests to opt out of sale or sharing. Because this build does not sell or share for targeted advertising, there is no advertising opt-out to apply.

Washington and health data laws

PepTide treats health-related records as sensitive. PepTide does not sell consumer health data, does not use health-platform data for advertising, does not share consumer health data for marketing, and does not use geofencing around healthcare facilities. We use health-related records only to provide user-requested app functions, support, security, legal compliance, and provider-backed purchase or diagnostic services described in this policy.

International transfers

If you use PepTide outside the United States, data processed by providers may be transferred to or processed in the United States or other countries where those providers operate. Where required, transfers rely on appropriate contractual, legal, or consent mechanisms such as Standard Contractual Clauses or provider data-processing terms.

Children

PepTide is intended for adults and is not directed to children or users under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to PepTide or to a support channel, contact us so we can take appropriate action.

Security and breach notification

We use reasonable administrative, technical, and organizational safeguards for systems we control, including access controls, provider security controls, private credential handling, release hardening, and encrypted transport where data leaves the device. No app, device, email system, app store, or provider can be guaranteed perfectly secure. If we determine that a security incident triggers a legal notice obligation, we will notify affected users, stores, regulators, or other required parties within required timelines.

HIPAA and professional records

PepTide is not a healthcare provider, health plan, healthcare clearinghouse, or business associate simply because you use the app for personal records. Unless a separate written agreement says otherwise, records you enter are personal app records, not HIPAA-covered medical records maintained by PepTide.

Business transfers and legal requests

If PepTide or its assets are involved in a merger, acquisition, financing, reorganization, sale, or similar transaction, relevant business records may transfer as part of that transaction. We may disclose information when legally required, to protect rights and safety, to enforce terms, to respond to valid legal process, or to prevent fraud, abuse, or security incidents.

Changes and contact

We may update this policy when the app, providers, legal requirements, store requirements, or data practices change. For privacy requests, contact Omniscient Labs at peptidewaves@gmail.com. For support requests, contact peptidewaves@gmail.com. Do not email emergency medical information; call local emergency services for urgent situations.

Last updated 2026-07-03.