pepys / privacy
P

Privacy Policy

Pepy's · ntystyle.com/apps/pepys/privacy
Last updated: July 3, 2026 Controller: Cibotari Cristina (Chișinău, Moldova) Contact: contact@ntystyle.com

Plain-Language Summary

Pepy's is a tracking, organization, and educational app for women using GLP-1 medications (such as Wegovy and Ozempic).

Pepy's is not a medical device and does not provide medical advice, diagnosis, treatment recommendations, or dosing instructions.

We collect account information, onboarding information, subscription information, device information, and health-related tracking information you choose to enter.

We use this information to operate the App, sync your data, provide tracking tools, personalize your experience, manage your subscription, improve the App, maintain security, and respond to support requests.

  • We do not sell your personal information or consumer health data.
  • We do not share your personal information or consumer health data for targeted advertising.
  • We do not use your personal health data to train our own AI models.

Some features use third-party providers, including Google Gemini, Supabase, and Apple. We limit the information shared with each provider to what that feature needs.

Apple Health data is read with your permission and is not stored on our servers.

You may access, correct, export, or delete your data, and you may have additional rights depending on where you live.

This summary is for convenience only. The full Privacy Policy below controls.

1. Overview

Pepy's ("Pepy's," "we," "us," or "our") is owned and operated by Cibotari Cristina, based in Chișinău, Moldova.

This Privacy Policy & Health Data Privacy Notice explains how we collect, use, store, disclose, transfer, and protect information when you use Pepy's, our website, and related services.

By creating an account or using the App, you agree to this Privacy Policy, which is incorporated into our Terms of Service.

Data Controller: Cibotari Cristina is the data controller responsible for personal information processed under this Privacy Policy.

2. Medical Disclaimer

Pepy's provides tracking, organization, educational, and informational features only. Pepy's is not a healthcare provider, medical device, pharmacy, telehealth service, emergency service, or substitute for professional medical advice.

Pepy's does not provide medical advice, diagnosis, treatment recommendations, prescriptions, or dosing instructions. Any information provided through the App — including AI-generated responses, scan results, estimates, reminders, or tracking insights — is for informational and organizational purposes only.

Always consult a qualified healthcare professional before making health-related decisions.

3. Key Terms

  • Personal information — information that identifies, relates to, describes, or could reasonably be linked to a person or household.
  • Health data — information about your health, body, GLP-1 or medication use, dose logs, injection sites, symptoms and side effects, weight, cycle, nutrition, hydration, activity and exercise, sleep, inventory, body-composition or body-scan estimates, progress photos, meal photos, notes, and similar information you enter, upload, scan, import, or generate in Pepy's.
  • Sensitive personal information — information treated as sensitive under applicable privacy laws, including health data, consumer health data, account credentials, and certain other protected information.
  • Consumer health data — health-related information protected under laws such as the Washington My Health My Data Act, Nevada consumer health data laws, and similar state laws.
  • De-identified data — data processed to remove or obscure personal identifiers so it is not reasonably linked to a specific person.
  • Aggregated data — data combined from multiple users into summary statistics or trends.

4. Where This Policy Applies

ServiceHow it works
iOS AppYou may create an account, track information, manage your subscription, use AI features, and optionally connect Apple Health.
WebsiteProvides marketing information, links, legal pages, and support contact options.
Support communicationsIf you contact us, we process the information you choose to send.
Pepy's currently launches on iOS only. If we add Android, we will update this Privacy Policy to reflect Google Play and any Android-specific data handling.

5. Information We Collect

Account Information. Name (if provided), email address, authentication provider (such as Apple), account ID, and basic account settings. Used to create and manage your account, authenticate you, sync your data, provide support, and secure the App.

Onboarding Information. Information you provide during onboarding, such as your display name, starting weight, goal weight, unit preference, and feature preferences. Used to personalize your experience and provide relevant tracking tools.

User-Entered Tracking Data. Health-related tracking data you choose to enter, which may include: GLP-1 or medication names, inventory and product information, dose logs and history, injection sites, symptoms or side effects, weight, cycle information, nutrition and meal logs, hydration, activity and exercise, sleep, progress photos and daily check-ins, notes, reminders, and custom entries. Used to provide Pepy's core tracking, organization, reminder, history, and personalization features.

Meal Scanner Data. If you use the Meal Scanner, meal photos or related information may be processed by an AI provider (Google Gemini) to generate nutritional estimates. Meal photos are used to return the requested result.

Progress Photos and Uploaded Images. If you save progress photos, body photos, or other images in the App, those images may be stored with your account and are treated as sensitive information where required by law. You should not upload images containing unnecessary personal, medical, or identifying information.

Body Scanner Data. If you use the Body Scanner, photos you provide may be processed by an AI provider (Google Gemini) to generate body-composition or body-related estimates. These estimates are returned to you and are not a medical assessment. Body scan photos are not used to identify you or to build biometric templates.

Pepy's Agent and AI Messages. If you use the Pepy's Agent or other AI features, your messages and limited session context may be sent to an AI provider (Google Gemini) to generate a response or perform a logging action you request. The Pepy's Agent is for educational and organizational purposes only and does not provide medical advice. We do not use Pepy's Agent messages or your personal health data to train our own AI models.

Apple Health Data. With your permission, Pepy's may read certain Apple Health data — specifically steps, active energy, and related activity metrics you authorize — to power the Activity feature. Apple Health data is read with your permission and is not stored on our servers. We will not sell Apple Health data, use it for advertising or marketing, or share it except as permitted by Apple's HealthKit rules and applicable law.

Subscription Information. Subscriptions are processed by the Apple App Store. We may receive subscription status, entitlement status, product identifier, renewal status, and purchase metadata. We do not receive your full payment card information.

Device and Technical Information. Device type, operating system, app version, crash reports, performance logs, basic diagnostics, and network/request metadata (such as IP address where processed by service providers for routing, security, and abuse prevention).

Crash and Error Reporting (Sentry). We use Sentry to capture crash reports and error diagnostics so we can fix bugs and keep the App stable. Sentry may receive technical data such as device type, operating system, app version, error stack traces, and limited request metadata (which may include an IP address for routing and abuse prevention). We do not intentionally send health entries, dose logs, symptoms, injection sites, notes, weight, cycle data, or medication tracking details to Sentry.

Support Communications. If you contact us for support, we collect the information you choose to include. Please avoid sending unnecessary health information through support requests; if you include it, we treat it as sensitive where required and use it only to respond to and record your request, prevent misuse, and comply with legal obligations.

6. Health Data Privacy Notice

This section explains how Pepy's handles health data and consumer health data.

Pepy's may collect health data that you choose to enter, upload, scan, import, or generate, including GLP-1 and medication information, inventory, dose logs, injection sites, symptoms and side effects, weight, goal weight, cycle information, nutrition, hydration, activity and exercise, sleep, body-composition or body-scan estimates, progress photos, meal logs and photos, and notes.

We use health data to: provide Pepy's core tracking features; help you organize logs, history, and reminders; sync your data across your account; provide AI features you request; personalize your experience; improve functionality and reliability; maintain security and prevent misuse; respond to support requests; and comply with legal obligations.

Note on PDF export: If you use the "Export report for doctor" feature, the report compiles data you have entered — which may include your display name, starting weight, dose history, and cycle data — into a PDF that you choose to download and share. You control whether and with whom you share that report.
  • We do not sell consumer health data.
  • We do not share consumer health data for targeted advertising.
  • We do not use personal health data to train our own AI models.

If we materially expand how we use, disclose, license, sell, or otherwise process consumer health data, we will update this Privacy Policy and provide any notices, consents, written authorizations, opt-outs, or other mechanisms required by applicable law. (The Washington My Health My Data Act requires valid authorization before selling consumer health data, and both seller and purchaser must retain that authorization for six years.)

7. How We Use Information

We use information to: provide, operate, and maintain Pepy's; create and authenticate accounts; sync data across your account; provide tracking, logging, reminder, and history features; provide AI features you request; process meal scans; personalize your experience; manage your subscription and entitlements; send reminders and notifications you enable; respond to support requests; improve functionality and fix crashes; understand general usage patterns; prevent fraud, abuse, and unauthorized access; enforce our Terms of Service; comply with legal obligations; and protect the rights, safety, and security of users, Pepy's, and others.

8. Future Uses We May Consider

We may consider additional uses in the future, including research partnerships, de-identified or aggregated trend analysis, product improvement using de-identified or aggregated data, AI model improvement using de-identified, aggregated, or consented data, and business or acquisition-related transfers.

We do not currently sell personal information or consumer health data. Before beginning any future practice that requires notice, consent, written authorization, or opt-out rights, we will update this Privacy Policy and implement the mechanisms required by applicable law.

Nothing in this section changes our Apple HealthKit commitments. Apple Health data is excluded from any sale, advertising use, unrelated third-party disclosure, or AI training use that would violate Apple's rules or applicable law.

9. How We Share Information

We share information only as described in this Privacy Policy.

Service Providers. We share information with vendors that help us operate Pepy's. They may process information only to provide services to us, subject to contractual obligations and applicable law:

Service ProviderPurposeData Involved
SupabaseAuthentication, database, storage, backend infrastructureAccount data, tracking data, technical data
Google GeminiPepy's Agent, Meal Scanner, Body Scanner, AI featuresMessage text, meal photos, body-scan photos, limited session context
Apple App StoreiOS billing and subscriptionsSubscription status and purchase data
Apple HealthKitOptional activity syncSteps, active energy, and authorized activity metrics, read locally
RenderBackend hosting infrastructureRequest routing, technical data
SentryCrash and error reportingDevice type, OS, app version, error stack traces, request metadata (incl. IP)
Support tools / emailCustomer supportInformation you choose to send

AI processing (Google Gemini API). When AI features (Pepy's Agent, Meal Scanner, Body Scanner) process your data, we use the Google Gemini API as a data processor acting on our instructions. Data sent to the Gemini API is not used to train Google's models and is subject to Google's API data-handling terms (no-training / limited-retention tier), not the consumer Gemini service. Google processes this data solely to return the requested result to us.

Legal and Safety Disclosures. We may disclose information if required by law, subpoena, court order, legal process, or government request, or if we believe it necessary to protect the rights, safety, property, or security of Pepy's, our users, our company, or others.

With Your Consent. We may share information with third parties when you give us explicit consent or direct us to do so (for example, when you export and share a PDF report).

Business Transfers. If Cibotari Cristina, Pepy's, or substantially all of our assets are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, assignment, change of control, or similar transaction, your information may be transferred to the acquiring or successor entity. If that entity intends to materially change how personal information, sensitive personal information, or consumer health data is used, shared, sold, or processed, it will provide notice and obtain any consent, written authorization, or opt-out required by applicable law before those new practices begin. You may delete your account or exercise applicable privacy rights before or after the transaction, subject to legal exceptions. Apple HealthKit data is excluded from any business-transfer use that would violate Apple's rules or applicable law.

10. What We Do Not Currently Do

Pepy's does not currently: sell personal information; sell consumer health data; share personal information for cross-context behavioral advertising; share health data for targeted advertising; use health data for advertising; use Apple Health data for advertising, marketing, data mining, or sale; use your personal health data to train our own AI models; provide medical advice, diagnosis, treatment recommendations, or dosing instructions; store Apple Health data on our servers; or use geofencing to target users near health service locations.

If any of these practices change, we will update this Privacy Policy and provide notice, consent, written authorization, opt-out rights, or other mechanisms where required by law.

11. Apple HealthKit Commitments

If you connect Apple Health, Pepy's will comply with Apple HealthKit rules. Apple Health data:

  • Will not be sold;
  • Will not be used for advertising;
  • Will not be used for marketing;
  • Will not be used for use-based data mining;
  • Will not be shared with third parties except as permitted by Apple and applicable law;
  • Will only be accessed with your permission;
  • Will only be requested for data types relevant to App functionality;
  • Will not be stored on our servers unless a future feature clearly states otherwise and receives required permissions.

These commitments override any broader future-use or business-transfer language in this Privacy Policy.

12. Where and How We Store Data

Data TypeStorageNotes
Account dataSupabaseLogin, account management, syncing
Tracking dataSupabaseApp features and account syncing
Uploaded / saved photosSupabase storage, or AI provider during processingStored only if saved by you or needed for the feature
Meal scan processingAI provider during processingUsed to return requested results
Apple Health data (steps, active energy)Local device onlyRead with permission, not stored on our servers
Subscription statusAppleNo full payment card data
Support messagesEmail / support toolsOnly information you choose to send

We use reasonable administrative, technical, and organizational safeguards designed to protect information, including encryption in transit and encryption at rest where supported by our service providers. No system can guarantee absolute security. If a data breach requires notification under applicable law, we will notify affected users as required.

13. Data Retention and Deletion

We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Data TypeRetention
Account dataWhile your account is active
Tracking dataWhile your account is active, unless deleted by you
Uploaded saved photosUntil deleted by you or your account is deleted
Subscription recordsAs needed for billing, support, fraud prevention, and legal compliance
Support recordsAs long as reasonably necessary for support and legal obligations
Crash / performance logsLimited period for debugging, then deleted or aggregated
Anonymous, aggregated, or de-identified dataMay be retained indefinitely

Upon account deletion request: active system data is deleted or deactivated within a reasonable period, generally within 30 days; backup copies may persist for a limited period before being overwritten; some information may be retained for legal, security, fraud-prevention, dispute-resolution, tax, or compliance purposes; and data already processed by third-party providers may remain subject to their retention schedules. Apple Health data requires no deletion from our servers because we do not store it there.

14. Your Privacy Rights

Depending on where you live, you may have rights to: access your information; correct inaccurate information; delete your information; export your information (data portability); withdraw consent; object to or restrict certain processing; opt out of sale, sharing, targeted advertising, or profiling where applicable; limit the use of sensitive personal information where applicable; appeal a denied request; and request a list of certain third parties to whom we disclosed personal information where required by law.

EEA / UK users. If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe our processing of your personal data infringes applicable law. You may contact us first at contact@ntystyle.com and we will try to resolve your concern.

You can manage many choices in the App, including editing or deleting tracking data, disabling AI features, revoking Apple Health access, and managing notifications.

For account deletion or privacy requests, contact: contact@ntystyle.com

15. California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the rights to know, access, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination for exercising those rights.

Categories of personal information collected (preceding 12 months):

CategoryExamplesCollected
IdentifiersName, email, account ID, device ID, IP addressYes
Customer recordsAccount profile and subscription informationYes
Protected classification characteristicsAge-related information, if providedLimited
Commercial informationSubscription tier, purchase status, historyYes
Biometric informationBody-scan photos are not used to identify you or build biometric templatesNot intentionally
Internet / network activityApp interactions, feature usage, crash logsYes
GeolocationGeneral region inferred from IP or storefrontLimited
Sensory dataPhotos you upload or scanYes
Professional / employment / education infoNot collectedNo
InferencesPreferences, goals, personalization based on inputsLimited
Sensitive personal informationHealth data, account credentials, photosYes

We do not currently sell or share personal information as defined under California law. If we begin a practice that qualifies as sale or sharing, we will provide a "Do Not Sell or Share My Personal Information" link and any required opt-out mechanisms. We may verify your identity before processing a request. You may designate an authorized agent. We will respond within the time required by law. We do not currently offer financial incentives for the collection, retention, sale, or sharing of personal information.

16. Washington Residents

Washington residents may have rights regarding consumer health data under the Washington My Health My Data Act, including confirming whether we collect, share, or sell consumer health data; accessing it; deleting it; withdrawing consent; and receiving information about certain third-party disclosures.

We do not currently sell consumer health data. We do not use geofencing to target users near healthcare facilities or locations providing health services. If we ever engage in a sale of consumer health data, we will obtain any written authorization required by law before doing so.

To exercise these rights, contact contact@ntystyle.com.

17. Nevada Residents

Nevada residents may have rights under Nevada privacy laws, including rights related to the sale of covered information and consumer health data. We do not currently sell consumer health data. To submit a Nevada privacy request, email contact@ntystyle.com with the subject line "Nevada Privacy Request."

18. Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Montana, Oregon, Tennessee, and other states may have additional privacy rights depending on applicable law (including rights to access, correct, delete, port, and opt out of sale, targeted advertising, or certain profiling). To exercise privacy rights, contact contact@ntystyle.com.

19. International Users and Legal Bases

Pepy's is operated from Moldova. Your account and tracking data are stored in the European Union (our database provider, Supabase, hosts this data in its eu-central-1 region). Some processing may occur outside the EU — for example, AI features (Google Gemini), backend hosting, and Apple services — where our service providers operate. If you use Pepy's from outside these regions, your information may be transferred to and processed in those locations.

If you are located in the European Economic Area, United Kingdom, or another region requiring a legal basis for processing, we process information under these bases:

Legal BasisPurpose
ContractTo create and manage your account and provide the App's core (non-health) functionality, subscriptions, and the services you request. The health information you enter is not processed on this basis — see "Special category data" below.
ConsentFor optional features such as Apple Health access, certain AI features, and notifications
Legitimate interestsTo secure the App, prevent abuse, improve performance, debug, and understand general usage
Legal obligationsTo comply with laws, tax and accounting rules, legal requests, and regulatory obligations

Special category data (Article 9 GDPR). Health-related data you enter into the app (including medication and dose logs, injection sites, weight, cycle, symptoms, and other health information) is special category data. We process it on the basis of your explicit consent (Article 9(2)(a) GDPR), which you provide through the in-app consent step during onboarding. You can withdraw this consent at any time by deleting the relevant data, disabling the feature, or deleting your account, as described in Your Privacy Rights.

Where personal data of EEA or UK users is transferred outside the EEA or UK, we rely on appropriate safeguards required by applicable law, such as Standard Contractual Clauses or another lawful transfer mechanism, together with contractual protections with our service providers.

EU Representative (Article 27 GDPR)

For users in the European Economic Area (EEA), our EU Representative pursuant to Article 27 GDPR is:

NTYSTYLE MANAGEMENT SRL (Romania)
Email: contact@ntystyle.com

You may contact our EU Representative on all matters related to the processing of your personal data and to exercise your rights under the GDPR.

20. Cookies, Tracking, and Global Privacy Signals

The App does not use traditional website cookies. Our website may use essential cookies and basic analytics to understand traffic; we do not currently use website cookies for cross-site behavioral advertising. You can control cookies through your browser settings.

Some browsers offer "Do Not Track" signals; there is no uniform standard, and we do not currently respond to them. Where required by law, we will honor legally recognized opt-out preference signals, such as Global Privacy Control, for applicable web-based activities.

21. Age Requirement

Pepy's is intended only for users who are 18 years or older. We do not knowingly collect personal information from anyone under 18. If we learn that we collected information from someone under 18, we will delete it as required by law.

22. Third-Party Links and Services

Pepy's may contain links to third-party websites, products, services, or content. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices, content, or policies.

23. Appeals

If we deny your privacy request, you may appeal by replying to our response or emailing contact@ntystyle.com with the subject line "Privacy Appeal." If you remain unsatisfied, you may contact your state Attorney General or applicable privacy regulator.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version will be posted at https://ntystyle.com/apps/pepys/privacy/. If we make material changes, we will provide notice where required by law (such as by email, in-app notice, or website notice). Continued use of Pepy's after the effective date of an updated Privacy Policy means you accept it, except where additional consent or authorization is required by law.

25. Contact Us

Cibotari Cristina
Operator of Pepy's
Email: contact@ntystyle.com
Privacy Policy: https://ntystyle.com/apps/pepys/privacy/
Terms of Service: https://ntystyle.com/apps/pepys/terms/

Read the Terms → Support →