Plain English first
You came here to track peptides, not to feed an ad network. Pinned is built so the only person profiting from your data is you. We hold the minimum amount needed to keep the app running, and we treat the rest like it isn't ours — because it isn't.
Nothing in here is going to surprise you. If something does, that's a bug — email us and we'll explain or fix it.
What lives on your phone
Your stack, your schedule, your dose log, your inventory, your Coach chats, and your Today screen state all save locally first. The service worker keeps a cached copy of the app shell so you can open Pinned on the subway, on a plane, or with two bars of LTE and everything still loads.
If you never sign in, nothing ever leaves your device. Guest mode is genuinely guest mode.
What we hold when you sign in
The email you signed up with. Auth is handled by Supabase, which stores a salted hash of your password — we cannot read it, and neither can they.
Whatever you choose to type into Profile (age, weight, goals, etc.). All optional. Encrypted at rest.
Your tracking data: vials, peptides, schedules, dose history, body-region map. Encrypted at rest.
Coach transcripts so the conversation persists between sessions.
Subscription state from Stripe (web) or Apple / Google (mobile) — basically a flag telling us whether you're on Pro.
Anonymous diagnostics: app version, device class, error stack traces. No identifiers, no peptide data.
What we never collect
Your real name (unless you put it in Profile).
Your address, phone number, or location.
Your payment card details — those go directly to Stripe / Apple / Google.
Your contacts, photos, or anything else outside the app.
Cross-app tracking IDs, advertising IDs, or third-party SDKs that vacuum data in the background.
Who touches the data besides you
Supabase — the database that holds your account and synced tracking data. Encrypted at rest, isolated by row-level security.
Anthropic — sees the text of Coach messages so Claude can reply. Per our API contract, your messages are not retained beyond the response and are not used to train models.
Stripe / Apple / Google — process subscription payments. They see what they need to charge you. We only see "Pro: yes/no".
That's the whole list. No analytics resellers, no ad networks, no data brokers.
Why we hold it
To run the app: render Today, sync your stack across devices, let Coach answer questions in context.
To bill correctly: confirm Pro status with the payment processor.
To find bugs: stack traces help us fix crashes you'd otherwise hit twice.
We don't use your data to train models. We don't profile you. We don't build behavioral segments.
Your moves
Export — Profile → Export Data drops everything you've logged into a JSON file. Yours. Take it anywhere.
Delete — Profile → Delete account wipes your account, doses, vials, schedules, and Coach history from our servers within 7 days.
Edit — every profile field is editable any time. Nothing is locked once entered.
GDPR / UK GDPR / CCPA specific requests (access, portability, restriction, objection): email hello@emberventures.io. We'll respond within 30 days.
How it's protected
TLS 1.3 for everything in transit. AES-256 at rest. Auth tokens rotate per session.
Backups are encrypted and held for 30 days, then deleted.
No system is bulletproof. If we ever confirm a breach affecting your data, we will email you within 72 hours and post a notice in the app.
Adults only
Pinned is for users 18 and over. We don't market to minors and we don't knowingly collect data from anyone under 18. If you believe a minor created an account, email hello@emberventures.io and we will remove it.
Updates to this policy
If we change something material, you'll see an in-app banner and an email at your account address. Cosmetic edits (typos, clarifications) just get a new "Last updated" date.
Reach us
hello@emberventures.io — privacy questions, deletion requests, anything else. A real human reads every email.