Privacy Policy

This Privacy Policy explains how Loop ("Loop," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use the Loop mobile application (the "App") and the website at tryloop.health (the "Site"). It also explains your rights under the EU General Data Protection Regulation (GDPR) and Slovenian data-protection law.

Loop is a personal tracking tool for self-administered injection routines. We built it to keep your routine private, and this policy reflects that.

Our Data Promise

In plain terms, before the detail:

• The compounds, doses, schedules, logs, notes, and other routine data you enter are yours. We use them to provide the App to you, nothing else.
• We do not sell, rent, or share your personal data with advertisers or data brokers, and we never use it for advertising.
• We do not use your health-related data to serve ads or to train AI models.
• You can export your data or delete your account at any time, which removes your stored data.
• You can start using Loop anonymously, without creating an account or giving us an email.

1. Who Is Responsible for Your Data

Loop is provided and operated by an individual based in Slovenia, who is the "data controller" for your personal data under the GDPR. For the controller's name and how to get in touch, see the Contact section at the end of this policy. The quickest way to reach us about privacy is hello@tryloop.health.

2. Information We Collect

We only collect what we need to run the App. Most of it is information you choose to enter.

Account and identity data. Loop uses Firebase Authentication for sign-in. Depending on how you sign in, this may include a unique account identifier, your sign-in method (anonymous, Apple, Google, or email), and, only if you provide them, your email address and display name. You can use parts of the App anonymously, in which case we hold only an anonymous account identifier and no name or email.

Routine and health-related data you enter. This is the core of the App and is entirely user-provided. It may include: the compounds you track (name, type, such as peptide, GLP-1, or TRT, colour tag, and notes); inventory/vial details; schedules and cycles; dose logs (amount, unit, the injection-site label you choose, an optional 0-5 pain level, an optional note, and the time you record); acknowledged missed doses; custom site labels; reminder preferences; and your time zone. Because this data can reveal information about your health, we treat it as special-category data and handle it accordingly (see Section 4).

Subscription data. If you subscribe, your purchase is processed by Apple and managed through RevenueCat. We receive your subscription status (for example, whether a trial or paid entitlement is active and when it expires) tied to your account identifier. We do not receive or store your payment-card details; those are handled by Apple.

Usage and diagnostic data. We use Firebase Analytics to understand how the App is used (for example: app opened, onboarding completed, paywall viewed, purchase completed) so we can fix problems and improve the App. We deliberately avoid sending sensitive health details, such as specific compound names, dose amounts, or your notes, to analytics. This data is associated with an app-instance identifier, not with advertising identifiers, and is not used for advertising or ad targeting.

Technical data. As with any app, basic technical information (such as device and app version and crash diagnostics) may be processed to keep the App working and secure.

Reminders. Dose reminders are scheduled as local notifications on your device; the reminder content itself stays on your device.

3. How We Use Your Information

We use your data to:

• provide, operate, and maintain the App and your account;
• store and sync your routine data across your sessions and devices;
• send the reminders and notifications you configure;
• calculate and display your own summaries, rings, streaks, calendars, usage charts, supply projections, and reconstitution math, from the values you enter;
• manage subscriptions, trials, and access to paid features;
• understand usage and diagnose problems so we can improve and develop the App;
• respond to your support requests;
• send essential service messages (such as security or policy notices); and
• detect and prevent fraud or abuse, and comply with our legal obligations.

4. Legal Bases for Processing (GDPR)

We rely on the following legal bases under Articles 6 and 9 of the GDPR:

• Performance of a contract (Art. 6(1)(b)) to provide the App and the features you ask for, including storing the data you enter and managing your subscription.
• Explicit consent(Art. 9(2)(a)) because your routine data can reveal information about your health, which is "special-category" data. We process it on the basis of your explicit consent, given when you choose to enter it into the App. You can withdraw this consent at any time by deleting the data or your account; withdrawal does not affect processing carried out before withdrawal.
• Consent (Art. 6(1)(a)) for optional analytics where consent is required.
• Legitimate interests (Art. 6(1)(f)) to keep the App secure, prevent abuse, and improve the Service, balanced against your rights.
• Legal obligation (Art. 6(1)(c)) where we must process data to comply with the law.

5. What We Never Do

• We do not sell, rent, license, or trade your personal data.
• We do not share your data with advertisers, data brokers, or marketing networks.
• We do not use your data to serve you advertisements or build advertising profiles.
• We do not use your health-related data to train artificial-intelligence or machine-learning models.
• We do not source, sell, or facilitate obtaining any substance, and we do not share your routine data for any such purpose.

We earn money from app subscriptions, not from your data.

6. Third-Party Services We Use

We rely on a small number of trusted providers ("processors") to run Loop. They process data only on our instructions and to provide their service to us:

• Google (Firebase) for Authentication, Cloud Firestore (data storage and sync), Analytics, and Remote Config. Provided by Google.
• RevenueCat manages your subscription status and entitlements across your account.
• Appledistributes the App through the App Store and processes subscription payments via In-App Purchase; also provides "Sign in with Apple" if you use it.
• Google Sign-In if you choose to sign in with Google.

Each provider operates under its own privacy policy and is selected for its security and data-protection standards. This list may change as the App evolves; we will update this policy accordingly.

7. International Data Transfers

Our providers, in particular Google (Firebase) and RevenueCat, may store or process data on servers located outside the European Economic Area, including in the United States. Where data is transferred outside the EEA, it is protected by appropriate safeguards as required by the GDPR, such as the European Commission's Standard Contractual Clauses or an applicable adequacy decision. You can contact us for more information about these safeguards.

8. Data Retention

We keep your data for as long as your account is active and you continue to use the App. When you delete your account, your stored personal data is permanently deleted within 30 days, except where we are required to keep certain limited information to comply with the law. You can delete your account at any time from within the App's settings, or by contacting us. You can also export your data (for example, as CSV) at any time.

9. Data Security

Your data is encrypted in transit (using TLS) and at restby our cloud infrastructure providers. Access to user data is restricted, and our database security rules are configured so that each account's data is accessible only to that signed-in account. We review our practices to protect against unauthorised access, loss, or misuse, and if a personal-data breach occurs that is likely to affect your rights, we will notify you and the relevant authority as required by the GDPR.

10. Your Rights

Under the GDPR and Slovenian law, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Eraseyour data ("right to be forgotten");
• Restrict or object to certain processing;
• Data portability: receive your data in a structured, commonly used, machine-readable format;
• Withdraw consent at any time, where processing is based on consent; and
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email hello@tryloop.health. We will respond within one month, as required by the GDPR. Many rights you can exercise directly in the App: you can edit or delete your entries, export your data, and delete your account at any time.

You have the right to lodge a complaint with the Slovenian supervisory authority, the Information Commissioner of the Republic of Slovenia (Informacijski pooblascenec), web: www.ip-rs.si, email: gp.ip@ip-rs.si, or with the authority in your country of residence.

11. Anonymous Use

You can use Loop without creating an account. In anonymous mode we do not collect your name or email, and your data is linked only to an anonymous identifier. If you later sign in, your data can be associated with your account so it persists across devices.

12. Children's Privacy

Loop is intended only for individuals 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided us with personal data, contact us at hello@tryloop.health and we will delete it.

13. Cookies and the Website

The Loop App does not use browser cookies. The Site (tryloop.health) may use essential cookies needed for the site to function, and may use privacy-respecting analytics to understand site traffic. Where required by law, we will ask for your consent before using non-essential cookies, and you can manage cookies through your browser settings.

14. Apple App Store

The App is distributed through the Apple App Store. Your use of the App is also subject to Apple's privacy policy and termswith respect to app distribution and payment processing. In line with Apple's requirements, this policy is publicly accessible and linked from the App, and you can request deletion of your account and data as described in Section 8.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above, and for changes that materially affect your rights we will provide additional notice where required by law. Your continued use of the App after an update takes effect means you accept the revised policy.

16. Contact

For any privacy question or to exercise your rights, email hello@tryloop.health. We aim to respond within 48 hours.