Privacy Policy

Effective April 8, 2026 · Last updated April 8, 2026

What We Collect

We collect the minimum data needed to run the site and your account.

  • Account data: Email address, and name if you sign in with Google.
  • Protocol data: The peptides, doses, and schedules you save in the Schedule Builder. This is health-related information and we treat it with extra care (see below).
  • Analytics: Pages visited, time on site, device type, and general location (via Google Analytics). We don't tie this to your account.

Health-Related Data

Your protocol data (which peptides you use, your doses, your schedule) may qualify as health information under regulations like GDPR. Here's how we handle it:

  • Encrypted at rest in our database (Supabase).
  • Never shared with third parties. Never sold. Period.
  • Never sent to analytics tools.
  • You can delete it anytime by deleting your account.

Peptide Schedule is not a healthcare provider and is not subject to HIPAA. However, we apply strong protections to your data regardless.

Cookies

We use two types of cookies:

  • Authentication cookies (Supabase) — Required for login. These keep your session active. You can't opt out and still use account features.
  • Analytics cookies (Google Analytics) — Help us understand how the site is used. These collect anonymized browsing data.

Third-Party Services

We use these services to run Peptide Schedule:

  • Supabase — Authentication and database hosting. Stores your account and protocol data.
  • Google Analytics — Anonymous traffic analytics. No personal data is sent.
  • Google OAuth — If you sign in with Google, we receive your email and name from Google.
  • Vercel — Website hosting. Processes your requests and may log IP addresses.

Each service has its own privacy policy. We recommend reviewing them.

Your Rights

For EU residents (GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing

For California residents (CCPA)

You have the right to:

  • Know what personal information we collect
  • Request deletion of your data
  • Opt out of the sale of personal information (we don't sell any)

To exercise any of these rights, email hello@peptideschedule.com. We'll respond within 30 days.

Data Retention

We keep your account and protocol data as long as your account is active. If you delete your account, we remove your data within 30 days. Database backups may retain data for up to 30 additional days before being rotated.

Age Requirement

Peptide Schedule is for adults 18 and older. We don't knowingly collect data from anyone under 18. If you're under 18, don't create an account.

Changes to This Policy

We'll update this page when our practices change and note the date at the top. For significant changes, we may notify you by email.

Contact

Questions about your data? Email hello@peptideschedule.com.