Privacy Policy

Last updated: April 28, 2026

Pepta is built privacy-first. The short version: your dose history, weights, side effects, and notes live on your device. There is no Pepta account, no Pepta server that receives your health data, and no analytics that can identify you. This page explains what that means in detail and what we do collect.

The plain-English version. Pepta is on-device by default. We don't have your health data on our servers because there are no Pepta servers receiving your health data. You can export everything as a JSON file whenever you want, and you can delete everything in one tap from Settings.

1. What Pepta stores on your device

Pepta stores the following information locally inside the app, encrypted at rest by the operating system:

The medications you've added (e.g. Tirzepatide, Semaglutide), their cadence, and your default dose.
Each dose you log: timestamp, medication, dose amount, injection site, and any notes you add.
Each weight you log: timestamp and value.
Optional side-effect logs you create.
Your reminder schedule and notification preferences.
Pen and vial inventory data (doses remaining, expiration date) if you choose to track them.
App settings such as units (lb / kg), default range for the chart, and theme.

This data is stored using the operating system's standard secure storage (iOS Keychain-backed AsyncStorage on iOS, encrypted SharedPreferences on Android). It is not transmitted to Pepta or to any third party.

2. What Pepta does not do

Pepta does not require an account, email, or phone number to use the app.
Pepta does not upload your dose history, weights, or side-effects to any server.
Pepta does not include third-party advertising SDKs, tracking pixels, or fingerprinting libraries.
Pepta does not sell your data. There is no data to sell because we do not collect identifiable health data to begin with.
Pepta does not share your data with insurers, pharmacies, or pharmaceutical companies.

3. Anonymous, aggregate diagnostics

Like most apps, Pepta uses Apple's and Google's standard crash and performance reporting (App Store Connect Crash Reports / Google Play Console Vitals) so we can fix bugs. These reports contain things like the device model, OS version, and the line of code that crashed. They do not contain your dose history, weights, or any other health data, and they do not contain anything that identifies you. If you have crash reporting disabled at the OS level, Pepta will not receive these reports either.

4. Optional integrations you control

Pepta only talks to other services if you turn them on:

Local notifications. Pepta schedules reminders directly with your operating system. The reminders are scheduled and fired entirely on-device; they do not pass through Pepta's servers.
iOS share sheet / Android share intent. When you tap "Share clinician PDF," the PDF is generated on-device and handed to the operating system's native share sheet so you can choose where it goes (Messages, Mail, Files, AirDrop, etc.). Pepta does not see or upload the PDF.
Sign in with Apple (optional). Some future Premium features may use Sign in with Apple to recognize a paid status across devices. This identifier is opaque (a token from Apple); we do not get your name or email unless you explicitly choose to share them.

5. Backups and iCloud

On iOS, your Pepta data is included in your iPhone's standard system backup if you have iCloud Backup enabled for the device — this is the same way every iOS app's local data is backed up. Pepta does not have its own cloud sync. If you want a copy of your data, use Settings → Export data inside the app to generate a portable JSON file you control.

6. Children's privacy

Pepta is not designed for children under 13 and is not directed to them. Pepta does not knowingly collect information from children.

7. Your rights

Because your data lives on your device, you already have full control. Specifically you can:

Export everything. Settings → Export data writes a JSON file to the iOS share sheet with every dose, weight, medication, and setting.
Import on a new device. Settings → Import data restores from a previously exported JSON file.
Delete everything. Settings → Erase all data wipes Pepta's storage on the device. Deleting the app from your phone also removes all of its data.

Residents of California (CCPA), the EEA / UK (GDPR), and other regions with similar laws have additional rights under those laws — including the right to access, correct, and delete personal data. Because Pepta does not collect or store identifiable health data on our servers, the simplest way to exercise these rights is the in-app export and erase tools described above. If you have a question we cannot resolve through the app, contact us at the address below.

8. Changes to this policy

If we update this policy, we'll change the "Last updated" date at the top and announce the change in-app for material changes. Continued use of the app after a material change means you accept the updated policy.

9. Contact

Questions about this policy or about how Pepta handles data: hello@peptaapp.com.