Privacy Policy for Injectly
Injectly ("the App") helps you track injectable medications, peptides, and dose protocols. This Privacy Policy explains what information we collect, how it is used, and the choices you have. By using the App, you agree to the collection and use of information as described here.
Injectly is designed to be usable without an account. If you don't sign in, your data stays on your device and is never sent to a server.
1. Information We Collect
We only collect information necessary to operate the App.
1.1 Account Information (optional)
If you choose to sign in (Apple Sign-In or Google), we receive:
- Your email address
- Your name or display name (if provided by your sign-in provider)
- A unique account identifier
Used solely for authentication and to sync your data across devices.
1.2 Health Data
When you use the App, you may log:
- Medication name and dose
- Injection date, time, and notes
- Saved protocols, schedules, and reminders
- Body weight (used by the serum concentration calculator)
Health data is sensitive personal information. We only process it with your explicit consent. See section 3 for details.
1.3 Settings & Preferences
- Unit system (imperial / metric)
- Medication unit preference
- Theme (light / dark / system)
- Notification preferences
1.4 Device & Technical Information
Basic technical data — app version, device type, and timestamps — is used to operate core features such as sync and notifications. We do not run behavioral or advertising analytics, we do not collect crash-reporting or diagnostic telemetry, and we do not track you across other apps or websites. Storing and syncing your own data through our cloud provider (see section 5) is how the App works for you — it is not analytics or advertising.
2. How We Use Your Information
We use your information to:
- Authenticate your account (if you sign in)
- Provide the logging, reminder, and protocol features of the App
- Sync your data across your devices when sync is enabled
- Calculate serum concentration estimates for supported medications
- Maintain security and prevent abuse
We do not sell your data, share it for advertising, or use it to train any AI/ML model. We do not share data with third parties except the service providers listed in section 5.
3. Health Data Consent (EU / UK / Switzerland)
Under GDPR / UK GDPR, health data is a special category of personal data. We process it under explicit consent (Art. 9(2)(a)) only — not under contract.
Signing in and cloud sync are the same feature: an account exists to store and sync your health data across devices. Before you sign in, the App asks for your explicit consent to process and store your health data. If you do not consent, no account is created and your data stays only on your device. You can withdraw consent at any time: sign out to stop health data processing (your synced data is retained for when you return), or delete your account in Settings > Privacy & Data to also permanently delete your health data from our servers.
Other lawful bases we rely on:
- Contract (Art. 6(1)(b)) — for managing your account and sync features.
- Legitimate interests (Art. 6(1)(f)) — for security and abuse prevention.
- Legal obligation (Art. 6(1)(c)) — to comply with applicable laws.
Your rights. Subject to the conditions in the GDPR / UK GDPR, you have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent. You also have the right to lodge a complaint with your local data protection supervisory authority.
4. Your Choices and Controls
From Settings > Privacy & Data inside the App you can:
- View this Privacy Policy
- Export your data (CSV)
- Sign out (stops cloud sync and health data processing)
- Delete your account (also deletes your synced health data)
- Clear all local data on this device
If you delete your account, your account is locked immediately and scheduled for permanent deletion after a 14-day grace period. During that period you can sign back in to cancel. After the grace period, your Auth user, all Firestore data, and any local caches are permanently removed.
You can also contact us at hello@injectly.fit at any time to request access, correction, export, or deletion of your data.
5. How Your Data Is Handled
We use industry-standard security practices, including encryption in transit (TLS), Firestore security rules that restrict access to your own data, and least-privilege access for any server-side operation.
We rely on the following service providers — strictly to operate the App, never for advertising or profiling:
- Apple (Sign in with Apple) — authentication.
- Google Firebase / Google Cloud (Google LLC) — authentication (Google Sign-In), Firestore database, and notification delivery. Data is stored in the United States. For users in the EEA, UK, or Switzerland this is an international transfer; we rely on the Standard Contractual Clauses incorporated into our Data Processing Agreement with Google as the transfer safeguard. You can request a copy of the safeguards by emailing us.
These providers are not permitted to use your information for any other purpose.
6. Data Retention
We keep your data until you delete it or delete your account.
After you confirm account deletion, your data is permanently removed within the 14-day grace period plus a short processing window. Encrypted backups are kept on a rolling retention schedule; individual records cannot be separately extracted from backups, and deleted data ages out of backups when those backups rotate, after which it is no longer recoverable.
7. California Residents
For California residents, health data is sensitive personal information. We only use it to provide the App features you request. We do not sell or share personal information. You may request access, correction, or deletion at any time via the in-app controls or by emailing hello@injectly.fit.
Response timelines: CCPA / CPRA — 45 days (extendable +45 with notice). GDPR / UK GDPR — 30 days (extendable +60 for complex requests).
If you are a Washington or Nevada resident, our Consumer Health Data Privacy Policy describes additional rights specific to consumer health data.
8. Children
Injectly is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact hello@injectly.fit and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If material changes require re-consent, we will request it in-app.
10. Contact Us
Questions or requests:
Matthias Gattermeier
432 Suydam Street, Brooklyn, NY 11237
hello@injectly.fit