← Back to injectly.fit

Privacy Policy for Injectly

Injectly ("the App") helps you track injectable medications, peptides, and dose protocols. This Privacy Policy explains what information we collect, how it is used, and the choices you have. By using the App, you agree to the collection and use of information as described here.

Injectly is designed to be usable without an account. If you don't sign in, your data stays on your device and is never sent to a server.


1. Information We Collect

We only collect information necessary to operate the App.

1.1 Account Information (optional)

If you choose to sign in (Apple Sign-In or Google), we receive:

Used solely for authentication and to sync your data across devices.

1.2 Health Data

When you use the App, you may log:

Health data is sensitive personal information. We only process it with your explicit consent. See section 3 for details.

1.3 Settings & Preferences

1.4 Device & Technical Information

Basic technical data — app version, device type, and timestamps — is used to operate core features such as sync and notifications. We do not run behavioral or advertising analytics, we do not collect crash-reporting or diagnostic telemetry, and we do not track you across other apps or websites. Storing and syncing your own data through our cloud provider (see section 5) is how the App works for you — it is not analytics or advertising.


2. How We Use Your Information

We use your information to:

We do not sell your data, share it for advertising, or use it to train any AI/ML model. We do not share data with third parties except the service providers listed in section 5.


3. Health Data Consent (EU / UK / Switzerland)

Under GDPR / UK GDPR, health data is a special category of personal data. We process it under explicit consent (Art. 9(2)(a)) only — not under contract.

Signing in and cloud sync are the same feature: an account exists to store and sync your health data across devices. Before you sign in, the App asks for your explicit consent to process and store your health data. If you do not consent, no account is created and your data stays only on your device. You can withdraw consent at any time: sign out to stop health data processing (your synced data is retained for when you return), or delete your account in Settings > Privacy & Data to also permanently delete your health data from our servers.

Other lawful bases we rely on:

Your rights. Subject to the conditions in the GDPR / UK GDPR, you have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent. You also have the right to lodge a complaint with your local data protection supervisory authority.


4. Your Choices and Controls

From Settings > Privacy & Data inside the App you can:

If you delete your account, your account is locked immediately and scheduled for permanent deletion after a 14-day grace period. During that period you can sign back in to cancel. After the grace period, your Auth user, all Firestore data, and any local caches are permanently removed.

You can also contact us at hello@injectly.fit at any time to request access, correction, export, or deletion of your data.


5. How Your Data Is Handled

We use industry-standard security practices, including encryption in transit (TLS), Firestore security rules that restrict access to your own data, and least-privilege access for any server-side operation.

We rely on the following service providers — strictly to operate the App, never for advertising or profiling:

These providers are not permitted to use your information for any other purpose.


6. Data Retention

We keep your data until you delete it or delete your account.

After you confirm account deletion, your data is permanently removed within the 14-day grace period plus a short processing window. Encrypted backups are kept on a rolling retention schedule; individual records cannot be separately extracted from backups, and deleted data ages out of backups when those backups rotate, after which it is no longer recoverable.


7. California Residents

For California residents, health data is sensitive personal information. We only use it to provide the App features you request. We do not sell or share personal information. You may request access, correction, or deletion at any time via the in-app controls or by emailing hello@injectly.fit.

Response timelines: CCPA / CPRA — 45 days (extendable +45 with notice). GDPR / UK GDPR — 30 days (extendable +60 for complex requests).

If you are a Washington or Nevada resident, our Consumer Health Data Privacy Policy describes additional rights specific to consumer health data.


8. Children

Injectly is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact hello@injectly.fit and we will delete it.


9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If material changes require re-consent, we will request it in-app.


10. Contact Us

Questions or requests:

Matthias Gattermeier
432 Suydam Street, Brooklyn, NY 11237
hello@injectly.fit