Privacy Policy

GLP-1 Simple is a consumer wellness and education product that helps users track and manage their GLP-1 medication journey. This privacy policy explains how we collect, use, store, and protect your information.

GLP-1 Simple is not a hospital, doctor, pharmacy, health insurer, or emergency service. We comply with the FTC Health Breach Notification Rule, applicable state privacy laws (including CCPA/CPRA), and voluntarily adopt HIPAA-informed security best practices.

Profile information: Name, email, age range, biological sex, height range, current weight, goal weight, and activity level.

Medication information: GLP-1 medication type, current dose, start date, injection day and schedule, and GLP-1 experience level.

Health tracking data: Symptom logs (type, severity, mood, notes), injection history, protein and hydration intake, body measurements (weight, waist, hips, chest, arms), workout logs, and lab results (A1C, glucose, cholesterol, triglycerides, B12, vitamin D).

Health conditions and goals: Self-reported health conditions, primary goals, motivation, current symptoms, and dietary preferences.

Technical data: Browser type, timestamps, and service logs necessary to operate the product.

To provide personalized health tracking, summaries, progress reports, and wellness features.

To power AI Coach conversations: When you use the AI Coach, non-identifying health context (medication, symptoms, goals, journey phase) is sent to our AI provider for personalized coaching responses. Your name and email are never included in AI processing.

To generate personalized onboarding plans, recommendations, and insights based on your tracked data.

To maintain, secure, debug, and improve the product.

Our AI Coach is powered by Anthropic Claude. When you use AI features, only non-identifying health context is transmitted — your name, email, and other directly identifying information are stripped before any AI processing.

Anthropic does not use your data to train AI models, per their API terms of service.

AI processing requires your explicit consent, which you can grant or revoke at any time through Settings & Privacy.

AI-generated responses are educational and informational only. They are not medical advice, diagnosis, or treatment recommendations.

Your health data is primarily stored locally on your device using browser storage. Health-sensitive data (symptoms, injections, body measurements, lab results, medication information) is encrypted at rest using AES-256-GCM encryption.

Data in transit is protected by HTTPS/TLS 1.2+ encryption, enforced by our hosting provider.

Because data is stored locally, it remains on the device you use and does not automatically sync across devices. Avoid entering sensitive information on shared or public devices.

We do not sell your health information.

We do not share your health data with advertisers.

We use service providers (hosting, AI processing) subject to contractual protections that limit their use of your data to providing their services.

We may disclose information if required by law, court order, or to protect the safety of our users.

Access: You can view all data stored by the app at any time through the dashboard.

Export: You can download a complete copy of your data as a JSON file through Settings & Privacy.

Deletion: You can permanently delete all your data through Settings & Privacy. This action cannot be undone.

Consent management: You can grant or revoke consent for AI processing and analytics at any time through Settings & Privacy.

Correction: If you believe any stored data is incorrect, you can edit or delete individual entries through the relevant tracking pages.

California residents: Under CCPA/CPRA, you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information (we do not sell your data).

Your data is retained on your device for as long as you use the app. When you delete your data through Settings & Privacy, it is permanently removed.

We do not retain copies of your health data on our servers. AI conversations are not stored after the response is generated.

Technical logs (without health data) may be retained for up to 90 days for debugging and security purposes.

In the event of a data breach involving your health information, we will notify affected users within 60 calendar days of discovery, as required by the FTC Health Breach Notification Rule.

Notifications will include: what happened, what data was involved, what steps we are taking, and what you can do to protect yourself.

For breaches affecting 500 or more individuals, we will also notify the Federal Trade Commission.

AES-256-GCM encryption for health-sensitive data stored on your device.

HTTPS/TLS encryption for all data transmitted between your device and our servers.

Rate limiting on API endpoints to prevent abuse.

Data minimization: only necessary health context is processed by AI features, with personally identifying information removed.

Input validation and sanitization on all user inputs.

Regular security risk assessments.

GLP-1 Simple is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

We may update this privacy policy from time to time. If we make material changes to how we handle your health information, we will notify you through the app and request updated consent where required.

The consent banner will reappear when the privacy policy version changes, ensuring you are always informed of current practices.

For privacy questions, data requests, or concerns, contact us at privacy@glp1simple.com.