Privacy Policy
ClearDosage is a peptide dosage calculator and personal tracking tool. This policy explains exactly what data we collect, how health-adjacent information is handled, and what controls you have over your data.
1. Data We Collect
Account information
When you create an account, we collect your email address. This is required to authenticate you and to associate your saved configurations with your account.
Calculator configurations (always cloud-synced for signed-in users)
When you save a peptide configuration (peptide amount, BAC water volume, desired dose, syringe type), that configuration is stored in our cloud database and linked to your account. Protocol configurations contain no personally identifiable health information — they are just calculation presets.
Health-adjacent data — local only by default
The following data types stay on your device only, in your browser's local storage, unless you explicitly enable cloud sync for each one:
- Dose logs — scheduled dose dates, whether a dose was taken or skipped, logged timestamps, actual dose amounts, injection site, and linked vial.
- Wellness entries — daily mood (1–10), energy (1–10), sleep quality (1–10), optional body weight, and freeform notes.
- Injection site logs — which anatomical site was used and when. Currently local-only with no cloud sync option.
- Vial tracker records — peptide name, amount, reconstitution date, shelf life, vendor name, and lot number.
- Dosing protocols — protocol name, dose frequency, cycle length, and reminder times.
All of the above can be cleared at any time by clearing your browser's local storage, or from within the app's settings.
Anonymous analytics
With your consent (opt-in banner on first visit), we collect anonymized usage events — which features you use, navigation patterns, and app version. Events are linked to a randomly generated anonymous ID, not your email or account ID. You can withdraw analytics consent at any time from in-app settings.
Infrastructure metadata
Standard server logs: API request timestamps, HTTP status codes, Lambda execution duration, and WAF decisions. These logs are retained for 7–30 days (depending on environment) and are used solely for security and reliability purposes. No request body content is logged for health data endpoints.
2. Cloud Sync for Health Data
Cloud sync for dose logs and wellness entries is off by default. When you sign in for the first time, you will be asked whether to enable it. You can change this decision at any time in Settings → Privacy & Data Sync.
Two sync modes
We offer two levels of cloud sync, depending on your subscription tier:
| Tier | Sync mode | How data is stored | Cross-device? |
|---|---|---|---|
| Plus | Anonymous sync | Stored under a randomly generated ID (anon_<uuid>) that lives only in your browser's local storage. It is not linked to your email or account ID on our servers. |
No — single device only |
| Pro | Account sync | Stored under your account ID, enabling retrieval on any device you sign into. | Yes — all signed-in devices |
What is stored when cloud sync is enabled
If you enable wellness sync, we store: date, mood score, energy score, sleep quality score, optional weight, and notes. If you enable dose log sync, we store: protocol ID, scheduled date, status (taken/skipped/pending), logged timestamp, actual dose amount, optional injection site, optional vial ID, and optional volume drawn.
We do not store: diagnosis codes, prescription information, provider names, medication brand names, or any information about why you are using a particular peptide.
3. HIPAA Disclaimer
If you are a healthcare professional using ClearDosage to assist patients, you should not enter patient-identifying information into the app. Each patient should use their own account.
4. Consent Audit Trail
When you grant or revoke consent for cloud sync — whether through the initial prompt, the Privacy settings, or by deleting your cloud data — we record a consent event linked to your account. These records include: the data type affected, whether consent was granted or revoked, the version of this policy in effect, a timestamp, and the context (onboarding, settings, or deletion).
Consent records are retained for 24 months from the date of the event, regardless of whether you delete your account or your cloud data. This is a legal audit requirement. Consent records do not contain any health data.
5. Data Retention
| Data type | Retention |
|---|---|
| Calculator configurations | Until you delete them or your account |
| Cloud-synced dose logs | Until you delete them via "Delete my cloud data" or delete your account |
| Cloud-synced wellness entries | Until you delete them via "Delete my cloud data" or delete your account |
| Consent audit records | 24 months from the consent event (retained even after account deletion) |
| Analytics events | Up to 13 months in raw storage; aggregated indefinitely in aggregate form |
| Server access logs | 7–30 days |
| Local data (your device) | Until you clear browser storage or uninstall the app |
6. Your Controls and Rights
Delete your cloud health data
If you have enabled cloud sync, you can permanently delete all synced wellness entries and dose logs from our servers at any time from Settings → Privacy & Data Sync → Delete my cloud data. You will see a receipt confirming how many records were deleted. Deleting cloud data also automatically disables cloud sync for those data types.
Disable cloud sync
You can turn off cloud sync for wellness or dose logs at any time in Settings. Disabling sync does not delete data that has already been synced — use "Delete my cloud data" for that.
Export your data
You can export your saved configurations as JSON from within the app at any time.
Delete your account
To delete your account and all associated cloud data, contact us through the contact page. We will delete your account data within 30 days. Consent audit records will be retained for the required 24-month period.
Analytics opt-out
You can withdraw analytics consent at any time from the in-app settings. This will stop further event collection. Historical aggregate data is not attributable to you individually.
7. Data Sharing
We do not sell, rent, or trade personal data. We share data only with the following categories of service providers, under contractual data protections:
- AWS — cloud infrastructure, database hosting, authentication (Cognito), and analytics pipeline.
- Stripe — payment processing. We share your email with Stripe when you subscribe. Stripe's privacy policy governs their use of payment data.
- Amazon Bedrock — AI features (protocol builder, stack analysis, dose recommendations). Prompts sent to Bedrock may include peptide names and dose context, but do not include your email or health tracking data.
We may disclose information if required by law, regulation, legal process, or governmental request. In the event of such a request, the privacy protections described in Section 2 (anonymous storage for Plus users) mean that cloud health data for Plus subscribers is not linkable to a specific individual on our end.
8. Security
We apply the following controls to protect your data:
- All data in transit is encrypted via TLS.
- All DynamoDB tables use AWS-managed encryption at rest.
- Authentication is handled by AWS Cognito with support for MFA.
- API endpoints are protected by AWS WAF with rate limiting and bot mitigation.
- Plus-tier health data is stored under a pseudonymous ID with no link to your account in the data store.
No internet-connected system can be guaranteed 100% secure. If you believe you have found a security issue, please contact us through the contact page.
9. Children
ClearDosage is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy to reflect changes in the app's functionality or applicable law. Material changes will be noted with an updated "Last updated" date at the top of this page. Continued use of the app after a policy update constitutes acceptance of the revised terms.
11. Contact
Questions, requests, or concerns about this policy can be sent through /contact.