Privacy Policy

Last updated: June 11, 2026

InsertMD ("we," "our," or "us") operates the PepPal mobile application and getpeppal.com website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

1. Agreement

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Wellness App; Not a HIPAA Covered Entity

PepPal is a wellness tracking application operated by InsertMD. We help you log doses, weight, meals, and related wellness data for personal tracking purposes.

We are not a HIPAA covered entity and do not provide medical care, prescribe medications, or dispense peptides. When you tap links to purchase peptides or book telehealth with third-party providers, you leave our app and those services are governed by the third party's own privacy policies and terms.

3. Information We Collect

3.1 Account Information

  • Email address and authentication identifiers (via Supabase Auth)
  • Sign-in method (email/password, Apple, or Google)
  • Profile preferences you set in the app

3.2 Wellness & Tracking Data

  • Injection and dose logs (peptide name, amount, site, date/time)
  • Weight, energy, side effects, and related wellness metrics
  • Meals, calories, and macronutrients you log or scan
  • Protocols and educational suggestions you accept or customize
  • Onboarding questionnaire responses (goals, symptoms, medications, conditions — all user-entered)

3.3 Photos & AI Analysis

  • Progress photos and food photos you choose to upload
  • AI-generated analysis results from our Supabase Edge Functions (e.g., food or body composition estimates)

3.4 Apple Health (Optional)

  • If you grant permission, we may import fitness data such as weight and step count from Apple Health. You can revoke this permission in iOS Settings at any time.

3.5 Automatically Collected Information

  • Device type, operating system, and app version
  • Usage events and feature interactions (via PostHog analytics in the mobile app)
  • Website visit analytics (via Vercel Analytics on getpeppal.com)
  • IP address, browser type, and access times when you use the website

4. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Sync your tracking data across devices when you are signed in
  • Generate educational protocol suggestions (not medical advice)
  • Process photos through AI analysis when you request it
  • Send service-related notifications you enable
  • Respond to support requests
  • Detect, prevent, and address technical issues and abuse
  • Analyze aggregated, anonymized usage to improve the product

5. We Do Not Sell Data or Use Health Data for Advertising

We do not sell your personal information. We do not use health or wellness data collected through the Service for third-party advertising or marketing. Any analytics we use are for product improvement, not ad targeting based on your health information.

6. Sharing with Connected Coaches & Trainers

If you connect to a coach, trainer, or organization using an invite code, we share your wellness tracking data only after you give explicit consent. You can revoke consent and disconnect at any time from your Profile settings.

  • Coaches may see: dose logs, weight trends, meals/macros, protocols, and related tracking data you generate in the app
  • Coaches do not receive: your email address or authentication credentials through the provider dashboard
  • Organization owners and authorized staff access data according to their role and your active consent

7. Third-Party Processors & External Links

7.1 Service Providers

  • Supabase — authentication, database, and file storage
  • Cloud AI providers — photo and food analysis via Supabase Edge Functions
  • Apple and Google — sign-in authentication
  • PostHog — product analytics (mobile app)
  • Vercel — website hosting and analytics
  • Email delivery — support message handling

7.2 External Commerce & Telehealth

Shop and Telehealth buttons may open third-party websites in your browser. Those sites have their own privacy practices. We do not control and are not responsible for third-party data handling after you leave the app.

8. Data Retention & Account Deletion

We retain your data while your account is active and as needed to provide the Service. You may delete your account from the app (Profile → Delete Account). When you delete your account, we delete or anonymize your personal data within a reasonable period, subject to legal retention requirements.

If you connected to a provider organization, disconnecting revokes future access; historical data shared while connected may remain in the provider's records according to their policies.

9. Data Security

We use industry-standard safeguards including encryption in transit (TLS/HTTPS) and access controls on our infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us and we will delete it.

11. Your Rights (GDPR & EEA)

If you are in the EEA, you may have rights to access, rectify, erase, restrict, or port your personal data, and to object to or withdraw consent for certain processing. Contact us to exercise these rights.

12. California Privacy Rights (CCPA)

California residents may request to know what personal information we collect, request deletion, and confirm that we do not sell personal information. We do not sell personal information.

13. Health Data Commitment

We treat wellness and health-related data you enter with care. We do not sell such data. In the event of a security breach affecting your personal information, we will notify you as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

Questions about this Privacy Policy or your data rights? Contact InsertMD:

Email: support@getpeppal.com

Website: https://getpeppal.com/contact

InsertMD, United States

PepPal GLP-1 & Peptide Tracker is the App Store listing name for the PepPal app.