Privacy Policy

Last updated: 2026-04-15

GLP Keeper ("we," "us," or "our") is operated by Connecting The Dots Inc. This Privacy Policy describes how we collect, use, and protect your personal information when you use the GLP Keeper mobile application and website (collectively, "the Service").

1. Information We Collect

1.1 Health Data You Provide

• Body measurements: weight, height, body fat percentage
• Nutrition data: protein intake, meal logs
• Exercise records: activity type, duration, resistance training logs
• Progress photos: face and body photos you voluntarily upload
• Medication information: GLP-1 medication type and dosage schedule
• Wellness indicators: sleep, energy levels, appetite ratings

1.2 Account Information

• Name, email address (via Sign in with Apple or Google OAuth)
• Language and unit preferences (metric/imperial)
• Subscription status and purchase history (managed by Apple/Google)

1.3 Automatically Collected Data

• Device type, operating system version
• App version, crash logs
• Anonymous usage analytics (screen views, feature usage)

2. How We Use Your Data

• Providing personalized insights, trend analysis, and AI-generated recommendations
• Generating your rebound risk score and pattern reports
• Improving the accuracy of our algorithms and AI models
• Sending push notifications and email reminders you opted into
• Customer support and account management

3. How We Store and Protect Your Data

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Storage: Health data is stored on Cloudflare D1 (SQLite) infrastructure. Photos are stored on Cloudflare R2 with private access controls.
• AI Processing: Photo analysis uses server-side AI APIs. Images are processed and not retained by third-party AI providers beyond the processing request.
• Access Controls: Only authorized personnel with a legitimate need can access personal data, subject to audit logging.

4. What We Never Do

• We never sell your personal data to third parties.
• We never use your data for advertising or ad targeting.
• We never share identifiable health data with insurance companies, employers, or data brokers.
• We never train AI models on your personal photos or health data without explicit consent.

5. Data Retention and Deletion

• Active accounts: Data is retained as long as your account is active.
• Account deletion: You can request complete data deletion at any time through the app settings or by emailing privacy@glpkeeper.com. We will delete all personal data within 30 days of your request.
• Inactive accounts: Accounts inactive for 24 months will receive a notification before data is archived or deleted.
• Subscription cancellation: Canceling your subscription does not delete your data. You must separately request data deletion if desired.

6. Your Rights

6.1 GDPR (European Economic Area)

If you are in the EEA, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability (export your data in a machine-readable format)
• Withdraw consent at any time

6.2 Korean Personal Information Protection Act (PIPA)

If you are in the Republic of Korea, you have the right to:

• Access, correct, and delete your personal information
• Suspend processing of your personal information
• Be notified of any data breaches within 72 hours

6.3 California Consumer Privacy Act (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt out of data sales (we do not sell data).

7. Third-Party Services

• Apple / Google: Authentication and in-app purchase processing
• RevenueCat: Subscription management (receives anonymized purchase data)
• Cloudflare: Infrastructure hosting (D1, R2, Workers)
• OpenAI: AI analysis processing (no data retention by provider)
• Resend: Transactional email delivery

8. Children's Privacy

GLP Keeper is not intended for users under 18. We do not knowingly collect personal information from minors. If we discover that a minor has provided personal data, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least 14 days before the changes take effect.

10. Contact

For privacy-related inquiries or data requests:
Email: privacy@glpkeeper.com
Company: Connecting The Dots Inc.