StackTrackr Privacy Policy

PeakHaus Fitness LLC ("PeakHaus Fitness LLC," "we," "us," or "our") operates the StackTrackr mobile application ("StackTrackr" or the "App"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use StackTrackr and any related services (collectively, the "Service").

By downloading, installing, or using StackTrackr, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Scope of This Policy

This Privacy Policy applies to all users of StackTrackr, including free-tier and paid subscription users. It covers information collected through the App, our backend services, and any communications you have with us (such as support requests). It does not cover third-party websites, applications, or services that may be linked from within StackTrackr, each of which is governed by its own privacy policy.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from optional integrations you choose to enable.

2.1 Information You Provide Directly

When you create an account, use features, or contact us, you may provide:

• Account Information. Your name, email address, and authentication credentials. If you sign in with Apple, we receive the identifiers Apple shares based on your preferences (you may choose to hide your email address through Apple's private relay service).
• Profile Information. Optional display name, preferences, and app settings you configure.
• Tracking and Protocol Data. Injection logs, dosage entries, reconstitution calculations, vial inventory records, protocol configurations, injection site selections, symptom notes, and any other data you enter into the App's tracking features.
• Custom Compound Data. Information about user-defined compounds, blends, or formulations you add to the App.
• Support Communications. Messages, email correspondence, and any attachments you send when contacting us for help.

2.2 Information Collected Automatically

When you use StackTrackr, certain information is collected automatically:

• Device Information. Device model, operating system version, unique device identifiers, language settings, and time zone.
• App Usage Data. Feature usage patterns, screens viewed, interaction events, session duration, and in-app navigation behavior. This data is collected in aggregate to improve the App and is not used to build advertising profiles.
• Crash and Performance Data. Through our error-monitoring service (Sentry), we collect crash reports, error logs, stack traces, device state at the time of a crash, and performance metrics. This data is used exclusively for diagnosing and fixing technical issues. Sentry may collect device identifiers and IP addresses as part of error reporting; IP addresses are not stored long-term and are used only for error grouping and resolution.
• Log Data. Server-side logs generated when your device communicates with our backend services, which may include IP addresses, request timestamps, and API endpoints accessed.

2.3 Information from Optional Integrations

StackTrackr offers optional integrations that require your explicit authorization:

• Apple HealthKit. If you grant permission, StackTrackr may read health data from Apple HealthKit, including but not limited to: heart rate variability (HRV), resting heart rate, sleep analysis, and body weight measurements. StackTrackr uses this data solely to provide biometric context alongside your tracking data within the App (for example, displaying health trends on your analytics dashboard). We do not sell, share with third parties, or use HealthKit data for advertising or marketing purposes. HealthKit data is processed locally on your device and may be transmitted to our servers only to the extent necessary to provide the features you have enabled. You can revoke HealthKit access at any time through your device's Settings > Privacy & Security > Health > StackTrackr.

We do not access HealthKit data unless you explicitly enable the integration, and we request only the specific data categories needed to provide the features described in the App.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Operating the Service. To create and manage your account, deliver core tracking and calculation features, process your entries, manage your vial inventory and protocols, and display your analytics and history.
• Personalizing Your Experience. To remember your preferences, apply your configured settings, and tailor the App's interface to your usage patterns.
• Improving the Service. To analyze aggregated usage trends, identify bugs and performance issues, and develop new features. We do not use your personal health or tracking data to train machine learning models.
• Communicating with You. To send service-related notifications (such as vial depletion alerts, protocol reminders, and injection schedule notifications), respond to support inquiries, and provide important updates about the Service.
• Subscription Management. To process and manage subscription status, verify entitlements, and coordinate with our payment processor (RevenueCat) to handle billing through the Apple App Store.
• Safety and Security. To detect and prevent fraud, abuse, or unauthorized access; to enforce our Terms of Service; and to protect the rights, property, and safety of PeakHaus Fitness LLC, our users, and the public.
• Legal Compliance. To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We may share information in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who process data on our behalf to help us operate the Service. These providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Our current service providers include:

• Supabase. Cloud database and backend infrastructure. Stores account information, tracking data, and app data. Supabase processes data in accordance with its privacy and security policies and maintains SOC 2 Type II compliance.
• RevenueCat. Subscription and in-app purchase management. Receives limited information necessary to manage subscription status, verify entitlements, and process billing events through the Apple App Store. RevenueCat does not receive your health data, tracking entries, or HealthKit data.
• Sentry. Error monitoring and crash reporting. Receives crash logs, device information, and performance data to help us identify and resolve technical issues. Sentry does not receive your tracking entries, health data, or HealthKit data.
• Apple (Sign in with Apple). Authentication provider. When you choose to sign in with Apple, Apple facilitates the authentication process according to its own privacy policy. We receive only the identifiers and, optionally, the email address you authorize Apple to share.

4.2 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to: comply with a law, regulation, legal process, or governmental request; enforce our Terms of Service; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of PeakHaus Fitness LLC, our users, or the public.

4.3 Business Transfers

If PeakHaus Fitness LLC is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, via email or a notice within the App) of any such change in ownership or control and any choices you may have regarding your information.

4.4 With Your Consent

We may share information for other purposes when you provide explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. Specific retention practices include:

• Account and Tracking Data. Retained for the duration of your account. When you delete your account, we initiate deletion of your personal data from our active systems within 30 days. Some information may persist in encrypted backups for up to 90 days before being permanently removed.
• Crash and Error Logs. Retained by Sentry for up to 90 days for debugging purposes, after which they are automatically purged.
• Server Logs. Retained for up to 90 days for security and operational purposes.
• Aggregated and De-identified Data. We may retain aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for analytical and improvement purposes indefinitely.
• Legal Obligations. We may retain certain information for longer periods if required by applicable law, to resolve disputes, or to enforce our agreements.

When you request account deletion through the App or by contacting us, we delete or de-identify your personal information from our production systems within 30 days, except where retention is required by law.

6. Data Security

We implement reasonable technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of data at rest in our database systems.
• Row-level security policies on our database to ensure users can only access their own data.
• Secure authentication through Sign in with Apple and token-based session management.
• Regular review of our data collection, storage, and processing practices.

Despite these safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law.

7. Your Rights and Choices

7.1 Account Controls

You can access, update, or correct much of your personal information directly within the App's settings. You can manage notification preferences, adjust HealthKit permissions, and configure other privacy-related settings from within the App.

7.2 Account Deletion

You may delete your account at any time through the App's account settings or by contacting us at privacy@peakhaus.io. Account deletion will permanently remove your account and associated data from our active systems, subject to the retention periods described in Section 5. Account deletion is irreversible — all tracking history, protocols, vial records, and other data associated with your account will be permanently lost.

7.3 Data Export

You may export your tracking data in CSV or JSON format from within the App. We encourage you to export your data before requesting account deletion.

7.4 Communication Preferences

You can manage push notification preferences within the App's settings. Service-critical notifications (such as security alerts or Terms of Service changes) may still be sent regardless of your preferences.

7.5 HealthKit Permissions

You can revoke StackTrackr's access to HealthKit data at any time through your device's Settings > Privacy & Security > Health > StackTrackr. Revoking access will prevent the App from reading new HealthKit data but will not automatically delete HealthKit-derived data already displayed in the App.

8. Rights for Users in Specific Jurisdictions

8.1 United States — California Residents (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to Know. You may request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete. You may request that we delete personal information we have collected from you, subject to certain legal exceptions.
• Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.
• No Sale or Sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

To exercise these rights, contact us at privacy@peakhaus.io. We will verify your identity before fulfilling your request. You may also designate an authorized agent to make requests on your behalf.

8.2 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have certain rights under the General Data Protection Regulation or equivalent local laws:

• Right of Access. You may request a copy of the personal data we hold about you.
• Right to Rectification. You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure. You may request that we delete your personal data, subject to certain legal bases for retention.
• Right to Restriction of Processing. You may request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability. You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object. You may object to our processing of your personal data in certain circumstances.
• Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

Our legal bases for processing your personal data include: performance of a contract (to provide the Service), your consent (for optional features like HealthKit integration), legitimate interests (to improve the Service and ensure security), and compliance with legal obligations.

To exercise these rights, contact us at privacy@peakhaus.io. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

8.3 Other Jurisdictions

If you reside in a jurisdiction with applicable data protection laws not specifically addressed above, we will honor the rights granted to you under those laws to the extent required. Please contact us at privacy@peakhaus.io with any questions or requests.

9. International Data Transfers

StackTrackr is operated from the United States. If you use the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. Where required by applicable law, we implement appropriate safeguards (such as standard contractual clauses) for international data transfers.

10. Third-Party Links and Services

StackTrackr may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with StackTrackr.

11. Children's Privacy

StackTrackr is intended for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information as promptly as possible. If you believe a person under 18 has provided us with personal information, please contact us at privacy@peakhaus.io.

12. Apple HealthKit Compliance

In accordance with Apple's HealthKit guidelines and requirements:

• We do not use HealthKit data for advertising or marketing purposes, or to sell to advertising platforms, data brokers, or information resellers.
• We do not disclose HealthKit data to third parties without your explicit consent, except to the extent necessary to provide the health-related features of the App.
• We do not use HealthKit data for any purpose other than providing health and fitness features to you within the App.
• HealthKit data is not stored in iCloud or any unsecured storage mechanism.
• We request access only to the HealthKit data categories that are necessary to provide the features described in the App.

13. Notifications and Alerts

StackTrackr may send push notifications related to your tracking protocols, injection schedules, vial status, and other service features. These notifications use generic messaging and do not include specific compound names, dosage amounts, or sensitive health details in notification previews visible on your lock screen. You can manage notification preferences within the App's settings or through your device's notification settings.

14. Do Not Track Signals

StackTrackr does not respond to "Do Not Track" browser signals, as there is no industry-accepted standard for how mobile applications should respond to such signals. Our data practices are the same regardless of any Do Not Track setting.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Provide notice within the App or by other reasonable means (such as email) prior to the changes taking effect.

Your continued use of StackTrackr after any changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

PeakHaus Fitness LLC Email: privacy@peakhaus.io General Support: support@peakhaus.io

PeakHaus Fitness LLC Legal Address: [Insert registered business entity and mailing address]

*This Privacy Policy is effective as of the "Last updated" date above and applies to all users of StackTrackr.*