Back to PepLab

Legal

Privacy policy.

Effective June 1, 2026

The short version

We collect your email and the peptide tracking data you log. We don't sell it. If your clinic invited you to PepLab, your clinic sees some of it. You can export or delete everything any time from the app, no questions asked.

Who we are

PepLab is operated by Curatix AI Inc. (“PepLab,” “we,” “us”). PepLab is an iOS app and web dashboard for tracking peptide research and supplementation. This policy covers personal data we collect through the iOS app, the marketing site at peplabhq.com, and the clinic admin dashboard.

What we collect

We try to collect the minimum we need to make PepLab useful.

  • Account info. The email tied to your Apple ID, your first and last name (if you choose to share it), and your sign-in events.
  • Peptide tracking data. The vials, doses, schedules, side-effect notes, daily check-ins, weights, and progress photos you log inside the app. This is the data the app exists to keep.
  • Apple Health data. If you grant permission, we may read steps, weight, body composition, and sleep from Apple Health. Apple Health data stays on your device unless you explicitly sync a metric to PepLab's cloud (e.g. saving a weight log). We do not write data back to Apple Health unless you opt in.
  • Clinic invitation data. If a clinic invited you, we store the order ID and clinic identifier so the clinic can recognize you as their patient.
  • AI coach conversations. When you talk to the in-app coach, we send your message to Anthropic (Claude) to generate a reply. We store the conversation so you can scroll back. We do not use your messages to train models.
  • Device + diagnostic info. App version, iOS version, device model, and crash reports. Used to fix bugs.

What we don't collect

  • We don't collect contacts, photos (other than progress photos you explicitly add), location, microphone, or background activity.
  • We don't use ad-tracking SDKs.
  • We don't collect data on people who haven't signed up.

How we use it

  • Run the app for you. Persist your vials, doses, schedules, check-ins, and photos across devices. Send local dose reminders if you enable them.
  • Generate adherence stats. Calculate streaks, dose totals, and adherence percentages so you can track your protocol.
  • Share with your clinic, if you were invited. If you joined PepLab via a clinic invitation, your clinic admin sees your dose-level data and aggregate adherence. They do not see other clinics' patients.
  • Power the AI coach. When you message the coach, we send your message (and recent conversation context) to Anthropic to generate a reply.
  • Fix bugs + improve the product. Crash reports and aggregated usage to know what's working.

Who we share it with

We share personal data only with the third parties we need to run the app. We do not sell data. We do not share data with advertisers or data brokers.

  • Your clinic (if invited). The clinic that invited you sees your tracking data and adherence stats. Every clinic's data is isolated from every other clinic via row-level security.
  • Supabase (database + auth hosting, US-East region).
  • Anthropic (AI coach processing). Your coach messages are sent to Claude. Anthropic does not train on PepLab data per their commercial terms.
  • Resend (transactional email — invitations, password reset, account notices).
  • Apple (App Store, Sign In with Apple, App Store subscription billing).
  • RevenueCat (subscription state management for App Store subscriptions).

Your rights

You can do all of this yourself from inside the app.

  • Export your data. Profile → Account → Export my data. We bundle everything we have on you into a JSON file you can save anywhere.
  • Delete your account. Profile → Account → Delete account. This wipes your account and all of your tracking data within a few seconds. It cannot be undone.
  • Manual deletion request. If you can't reach the in-app controls, email privacy@peplabhq.com and we'll process it within 14 days.
  • Correct or access your data. Email privacy@peplabhq.com and we'll respond within 14 days.

Security

Data is encrypted in transit (TLS) and at rest (Supabase managed Postgres). Patient data is isolated between clinics via Postgres row-level security. Service-role keys never leave our servers. We do our best, but no system is perfectly secure — if you believe your account has been compromised, email privacy@peplabhq.com.

Data retention

We keep your tracking data for as long as your account exists. When you delete your account, your personal data is wiped from our primary database within seconds. Encrypted backups are retained up to 30 days, then permanently destroyed. Aggregated, de-identified usage statistics may be retained indefinitely.

Children

PepLab is rated 17+ and is not intended for anyone under 17. We do not knowingly collect data from children. If you believe a child has signed up, email privacy@peplabhq.com and we'll delete the account.

Research disclaimer

PepLab is provided for research and educational purposes only. It is not a medical device. The peptide catalog, AI coach replies, dose tracking, and adherence stats are not medical advice, do not diagnose or treat any condition, and are not a substitute for a qualified healthcare provider. Your logged peptide data is your own record-keeping. Do not rely on PepLab for medical decisions.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced in-app or by email. The current version always lives at peplabhq.com/privacy. The “Last updated” date below indicates the last substantive revision.

Contact

Privacy questions, export requests, deletion requests, or anything else:

privacy@peplabhq.com

Curatix AI Inc.
Tennessee, United States

Last updated: June 2, 2026