pepdose

Privacy Policy

Last updated 2026-05-15.

Not medical advice. pep-dose is a planning and tracking tool. It does not diagnose, treat, or prescribe.

1. What we collect

  • Account info. The email address from your sign-in provider (Apple, Google, or magic-link), and the provider account identifier (so we can recognize you across sessions).
  • Protocol data you enter. Peptide names, vials, reconstitution values, schedules, notes, and the dose events you record.
  • Research queries. When you use the research feature, the peptide name you searched is sent to our LLM provider (Anthropic) to generate a summary.
  • Operational data. Server and error logs (no protocol contents). We may enable basic page-view analytics in the future; if we do, it will be aggregate and anonymous.

2. What we don’t collect

  • No payment information (the service is free during preview).
  • No location data.
  • No advertising identifiers, and no third-party trackers.

3. How we use it

Account and protocol data is used to run the service for you: showing your dashboard and generating exports. If we add dose reminders later, they will be opt-in. Operational logs are used to diagnose bugs and keep the service stable.

4. Who we share it with

  • Anthropic (Claude API) — peptide research queries only, never the rest of your data. Subject to Anthropic’s privacy terms.
  • Resend — transactional email (sign-in links; and dose-reminder emails if we add that feature).
  • Vercel — hosting. (And page-view analytics if we enable it later.)
  • Neon — managed Postgres database.
  • Sentry — server and client error tracking.
  • Apple / Google — only the OAuth handshake when you sign in with them.

We do not sell your data, and we do not use it to train AI models.

5. Your rights

  • Export. Download your dose history as JSON, CSV, or PDF from History, or your full account (protocols, activations, research, quota records) as JSON from Settings → Data.
  • Delete. Permanently delete your account from Settings → Danger zone. Deletion is immediate and removes all attached data.
  • Correct. Edit any protocol, activation, or dose event in-app.

6. Retention

We keep your data while your account is active. When you delete your account, the database row and everything attached to it are removed immediately. Database backups are kept according to our hosting provider’s standard retention window and roll over from there.

7. Security

Data is encrypted in transit. Database access is restricted to the production application. We use industry-standard authentication via Auth.js. No system is perfectly secure; please tell us at security@pep-dose.com if you find an issue.

8. Children

pep-dose is not directed at people under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact us and we will delete the account.

9. Changes

We may update this Policy. Material changes will be announced in-product or by email.

10. Contact

Privacy questions? Email info@pep-dose.com.