Privacy Policy
PeptPro
Last updated: May 6, 2026
Controller: Virex Tecnologia (peptpro@contato.com)
This Policy describes how the PeptPro app collects, uses, stores and shares your personal data. By using PeptPro you agree to this Policy.
Who we are
PeptPro is an educational app for tracking peptide protocols and metabolic well-being. We are not healthcare providers and we do not prescribe medications.
Data we collect
The table below summarises what personal data we collect, with examples and how it reaches us.
| Category | Examples | Source |
|---|---|---|
| Account | name, email, password (hashed) | you provide it |
| Profile | age, gender, height, weight, target weight, goals, motivations, activity level | you provide it |
| Peptide protocol | peptide name, dose, route of administration, frequency, week, phase, injection site, application dates | you provide it |
| Daily metrics | calories, protein, water, steps, workout, sleep | you + Apple Health (HealthKit, read-only, with your authorization) |
| Meals | meal description/photo, ingredients, computed macros | you provide it |
| Progress photos | optional facial and body photos | you upload them |
| Usage events | anonymous device identifier, telemetry events, crashes | generated automatically |
We do not collect sensitive health data beyond what you deliberately log. We do not use facial recognition or biometrics.
How we use your data
- Personalize your protocol, goals and recommendations.
- Calculate adherence, metrics and milestones.
- Show your own photos as a visual progress reference.
- Operate and improve the app (aggregate telemetry and bug fixing).
- User support.
- Comply with legal obligations.
AI features — third-party services (OpenAI)
Two app features use the AI service from OpenAI L.L.C. (United States) — model gpt-4o-mini. The table below summarizes the data handling of this third-party AI provider:
| Item | Details |
|---|---|
| Provider | OpenAI Inc. — OpenAI L.L.C. (United States) |
| Data sent | meal photo, body metrics (height, weight, BMI, target weight, activity level), active peptide protocol and doses, messages sent to Pep (the AI coach) |
| Purpose | nutritional analysis (calorie and macro calculation from the photo) and protocol coaching via chat |
| Retention | at most 30 days for abuse-monitoring, then discarded; API content is not used to train models. OpenAI policy: https://openai.com/policies/api-data-usage-policies |
| How to revoke | Settings → Privacy and AI, at any time (immediately stops sending any new data to OpenAI) |
4.1 Meal photo analysis
When you capture/select a meal photo:
- We send to OpenAI: the image URL, your height and weight, and your language preference.
- We receive: dish name, ingredients, calories, protein, carbohydrate, fat, fiber, sodium.
4.2 Pep (AI coach chat)
When you send a message to Pep:
- We send to OpenAI: the text of your message, name and goals, body measurements (height, weight, BMI, target weight, activity level), active peptide protocol and doses, recent activity and side effects, streaks and adherence over the last 14 days.
- We receive: Pep's reply.
Consent
Before the first call of each AI feature, we show you a screen explaining exactly which data will be sent and to whom. Nothing is sent unless you tap Allow. You can revoke consent at any time in Settings → Privacy and AI.
OpenAI guarantees
OpenAI processes the data under its API customer terms: it does not use API content to train models, retains data for at most 30 days for abuse-monitoring and then discards it. More details at https://openai.com/policies/api-data-usage-policies.
Face and body photos (progress)
If you choose to upload progress photos during onboarding, those images (including the face photo) are stored privately in our AWS S3 bucket (us-east-1 region) and referenced by our PostgreSQL database. They are used exclusively as your own visual progress reference inside your account.
We do not run face detection, facial recognition, or any biometric analysis on these photos. We do not train any model with them. We do not share them with any third party — not even with OpenAI.
You can delete a photo at any time by opening My Journey, tapping the image and tapping Delete — this removes the file from S3 and clears all references in our database. Deleting your account also permanently removes every photo we store for you.
Apple Health / HealthKit
PeptPro uses HealthKit in read-only mode to enrich your protocol metrics. We read weight, activity, sleep and heart rate if you authorize. Nothing is written back to Apple Health. HealthKit data is never shared with third parties and is never sent to OpenAI.
Retention
- Account data: while your account exists.
- Photos: until you delete them individually or delete the account.
- Operational logs: up to 90 days.
- Backups: up to 30 days after account deletion.
Deleting the account permanently removes your data and all your photos from S3.
Your rights (LGPD/GDPR)
At any time you can:
- Access and export your data.
- Correct inaccurate data.
- Delete your account and all associated data.
- Revoke consent for AI features.
- File a complaint with the ANPD (Brazil) or your local authority.
To exercise any right: . peptpro@contato.com
Security
Traffic always via TLS 1.2+. Passwords stored with bcrypt hash. Database and S3 bucket with access restricted by IAM. Continuous access auditing.
Children
PeptPro is not intended for users under 18 years old and does not knowingly collect data from minors.
Changes to this policy
We will notify you in the app before any material changes take effect.
Contact
Questions? peptpro@contato.com