Privacy Policy for Injectly

Last Updated: May 18, 2026

Injectly ("the App") helps you track injectable medications, peptides, and dose protocols. This Privacy Policy explains what information we collect, how it is used, and the choices you have. By using the App, you agree to the collection and use of information as described here.

Injectly is designed to be usable without an account. If you don't sign in, your data stays on your device and is never sent to a server.

1. Information We Collect

We only collect information necessary to operate the App.

1.1 Account Information (optional)

If you choose to sign in (Apple Sign-In or Google), we receive:

• Your email address
• Your name or display name (if provided by your sign-in provider)
• A unique account identifier

Used solely for authentication and to sync your data across devices.

1.2 Health Data

When you use the App, you may log:

• Medication name and dose
• Injection date, time, and notes
• Saved protocols, schedules, and reminders
• Body weight (used by the serum concentration calculator)

Health data is sensitive personal information. We only process it with your explicit consent. See section 3 for details.

1.3 Settings & Preferences

• Unit system (imperial / metric)
• Medication unit preference
• Theme (light / dark / system)
• Notification preferences

1.4 Device & Diagnostic Information

App version, device type, timestamps, and basic error logs required for app stability. We do not use third-party analytics or crash reporting. We do not track you across apps or websites.

2. How We Use Your Information

We use your information to:

• Authenticate your account (if you sign in)
• Provide the logging, reminder, and protocol features of the App
• Sync your data across your devices when sync is enabled
• Calculate serum concentration estimates for supported medications
• Maintain security and prevent abuse

We do not sell your data, share it for advertising, or use it to train any AI/ML model. We do not share data with third parties except the service providers listed in section 5.

3. Health Data Consent (EU / UK / Switzerland)

Under GDPR / UK GDPR, health data is a special category of personal data. We process it under explicit consent (Art. 9(2)(a)) only — not under contract.

On first launch, the App asks you to give explicit consent to process your health data. You can withdraw consent at any time in Settings > Privacy & Data. Withdrawing consent stops health data processing and deletes your health data; your account (email, preferences) remains active. You may re-consent later.

Other lawful bases we rely on:

• Contract (Art. 6(1)(b)) — for managing your account and sync features.
• Legitimate interests (Art. 6(1)(f)) — for security and abuse prevention.
• Legal obligation (Art. 6(1)(c)) — to comply with applicable laws.

4. Your Choices and Controls

From Settings > Privacy & Data inside the App you can:

• View this Privacy Policy
• Export your data (CSV)
• Withdraw health data consent (deletes health data, keeps account)
• Delete your account
• Clear all local data on this device

If you delete your account, your account is locked immediately and scheduled for permanent deletion after a 14-day grace period. During that period you can sign back in to cancel. After the grace period, your Auth user, all Firestore data, and any local caches are permanently removed.

You can also contact us at hello@injectly.fit at any time to request access, correction, export, or deletion of your data.

5. How Your Data Is Handled

We use industry-standard security practices, including encryption in transit (TLS), Firestore security rules that restrict access to your own data, and least-privilege access for any server-side operation.

We rely on the following service providers — strictly to operate the App, never for advertising or profiling:

• Apple (Sign in with Apple) — authentication.
• Google Firebase / Google Cloud — authentication (Google Sign-In), Firestore database, and notification delivery. Data may be processed outside your country, including the United States, under approved transfer safeguards (Standard Contractual Clauses where required).

These providers are not permitted to use your information for any other purpose.

6. Data Retention

We keep your data until you delete it or delete your account.

After you confirm account deletion, your data is permanently removed within the 14-day grace period plus a short processing window. Firebase automated backups use a 30-day rolling window; individual records cannot be separately extracted from backups. After 30 days, deleted data is no longer present in any backup.

7. California Residents

For California residents, health data is sensitive personal information. We only use it to provide the App features you request. We do not sell or share personal information. You may request access, correction, or deletion at any time via the in-app controls or by emailing hello@injectly.fit.

Response timelines: CCPA / CPRA — 45 days (extendable +45 with notice). GDPR / UK GDPR — 30 days (extendable +60 for complex requests).

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If material changes require re-consent, we will request it in-app.

9. Contact Us

Questions or requests:

Matthias Gattermeier
432 Suydam Street, Brooklyn, NY 11237
hello@injectly.fit