OptimizedHuman
Start free

Privacy Policy

Last updated: 2026-04-24

This Privacy Policy explains how Optimized Human LLC ("we", "us", "our") collects, uses, shares, and protects your personal information when you use OptimizedHuman and related applications (the "Service"). It applies to all users of the Service, globally. By using the Service you acknowledge the practices described here.

1. Information We Collect

Information you provide directly.

  • Account information — email address, password (stored as a salted hash; never in plain text), display name, and optional profile fields such as time zone.
  • Content you create — protocols, schedules, dose logs, injection-site coordinates, inventory entries, reconstitution parameters, wellness notes, weight logs, progress photos you choose to upload, comments, and any protocol you choose to share publicly or via link.
  • Payment information — handled by Stripe. We receive a customer identifier, subscription status, billing interval, and limited billing metadata. We do not store full payment card numbers on our servers.
  • Support and communications — anything you send us by email, in-app messages, or social channels.

Information collected automatically.

  • Usage data — pages visited, features used, in-app events, browser and operating-system type, device identifiers, approximate IP-based location, session timestamps.
  • Server logs — request URLs, response status, timestamps, IP addresses (hashed or truncated where feasible) — retained for security, abuse detection, and debugging.
  • Cookies and similar storage — essential cookies for authentication and session management; analytics cookies (Vercel Analytics) for aggregate traffic insights. We do not use advertising, retargeting, or cross-site tracking cookies.
  • Push notification identifiers — if you enable push notifications on mobile, we store the device token required to deliver them.

Information from third parties.

  • OAuth providers — if you sign in with Google, Apple, or similar, we receive the email address and basic profile the provider shares per your consent.
  • Stripe — subscription events (created, renewed, cancelled, failed), billing metadata, and fraud signals.

Sensitive-data note. Some content you enter may be considered sensitive personal data under certain laws (for example, information about medical conditions or biometric weight data). We treat this data with the same security controls described in Section 6 and do not use it for any purpose other than providing the Service to you.

2. How We Use Your Information

We use your information to:

  • Operate, maintain, develop, and improve the Service and its features;
  • Authenticate your account and safeguard the Service against fraud, abuse, and security threats;
  • Process payments, provide receipts, and manage subscriptions (via Stripe);
  • Send operational emails — such as password resets, receipts, security alerts, and important Service announcements — that you cannot opt out of while you have an active account;
  • Send optional product updates, newsletters, or marketing communications where you have opted in; you can unsubscribe at any time via the unsubscribe link or your account settings;
  • Respond to support inquiries and communications;
  • Detect, investigate, prevent, and respond to fraud, abuse, chargebacks, and violations of our Terms;
  • Conduct aggregate, anonymized analytics to understand usage patterns and inform product decisions;
  • Comply with legal obligations, respond to lawful requests from authorities, and enforce our rights.

Legal bases (for users subject to GDPR or UK GDPR): contract performance (operating the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (optional marketing, optional cookies), and legal obligations (tax, anti-fraud, responses to authorities). You can withdraw consent at any time where consent is the legal basis; withdrawing consent does not affect processing done before withdrawal.

We do not use your content to train public or third-party AI models. If in the future we offer AI features that process your content, we will do so to deliver the feature to you, disclose it clearly, and seek consent where required.

3. How We Share Your Information

We do not sell your personal data. We share information only as described below.

Service providers (subprocessors) we use to operate the Service:

  • Supabase — database hosting and authentication (United States);
  • Stripe — payment processing and subscription management (United States);
  • Vercel — web application hosting, analytics, and Core Web Vitals (United States / global edge);
  • Railway — backend API hosting (United States);
  • Sanity — content management for editorial content (global);
  • Expo / EAS — mobile build and push-notification infrastructure (United States);
  • Transactional email provider — receipts, password resets, security alerts (provider to be confirmed; bound by equivalent safeguards).

Each provider is contractually obligated to process personal data solely to provide its service to us and in accordance with applicable law. A current list of subprocessors is available on request at privacy@optimizedhuman.app.

Other sharing.

  • Public protocols. When you choose to share a protocol publicly or by link, the content you marked shareable (title, compounds, schedule, and your display name) becomes visible to anyone with the link or to all users for public protocols. Do not publish content you want kept private.
  • Legal requirements. We may disclose information where we believe in good faith it is necessary to comply with a law, regulation, legal process, subpoena, or governmental request, or to protect our rights, safety, or property, or the rights, safety, or property of our users or the public.
  • Business transfers. If we are involved in a merger, acquisition, restructuring, bankruptcy, or sale of assets, your information may be transferred to the successor entity, subject to a privacy policy at least as protective as this one.
  • With your consent. For any other purpose disclosed to you and to which you consent.

4. Data Retention

We retain your account and associated data while your account is active and for up to ninety (90) days after account deletion to allow recovery from accidental deletion and to complete fraud-prevention reviews. After that period we delete or anonymize personal data, except where longer retention is required by applicable law (for example, tax and financial records, which we retain for up to seven (7) years per standard accounting practice).

Server logs are retained for up to ninety (90) days. Anonymized, aggregated analytics may be retained indefinitely. Payment records are retained by Stripe per its policies and applicable law.

5. International Data Transfers

Our infrastructure is primarily located in the United States. By using the Service you understand that your personal data may be transferred to, processed in, and stored in the United States or other countries where our providers operate. Where required by law, we rely on Standard Contractual Clauses, the EU–U.S. Data Privacy Framework (where applicable), the UK International Data Transfer Addendum, or equivalent safeguards to protect such transfers.

6. Security

We use industry-standard safeguards to protect your information, including TLS encryption in transit, encryption at rest for database storage, salted password hashing, least-privilege access controls, principle-of-least-privilege API keys, audit logs, and regular security review. Payment data is processed by Stripe, which is PCI DSS Level 1 certified; we do not store card numbers on our servers.

No method of transmission or storage is perfectly secure. We cannot and do not guarantee absolute security. If you have reason to believe your account has been compromised, contact us immediately at security@optimizedhuman.app.

7. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Request deletion of your account and associated personal data;
  • Object to or restrict certain processing;
  • Receive your personal data in a portable, machine-readable format (where technically feasible);
  • Withdraw consent for optional processing, such as marketing emails;
  • Lodge a complaint with your local data-protection authority.

Self-service data export is not yet available. To exercise any of the rights above, email privacy@optimizedhuman.app from the address associated with your account. We will respond within thirty (30) days (or as required by applicable law). We may need to verify your identity before fulfilling the request.

California residents (CCPA/CPRA). You have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to limit the use of sensitive personal information, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell personal information and we do not share personal information for cross-context behavioral advertising.

We do not discriminate against you for exercising any of these rights.

8. Children's Privacy

The Service is not intended for individuals under 18, and we do not knowingly collect personal information from minors. If you believe a minor has provided us personal data, please contact privacy@optimizedhuman.app so we can delete it.

9. Not Covered Entities

We are not a covered entity, business associate, or health information exchange under the U.S. Health Insurance Portability and Accountability Act (HIPAA), and the Service is not designed to be a HIPAA-compliant system. Do not enter, upload, or transmit protected health information (PHI) that requires HIPAA protection through the Service. Similar considerations apply to equivalent laws in other jurisdictions.

10. Third-Party Links and Services

The Service may contain links to third-party sites or services (for example, research articles cited in the peptide catalog). We are not responsible for the content, privacy practices, or terms of those third parties. Review their privacy policies before using them.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via the Service or by email before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

Privacy questions and rights requests: privacy@optimizedhuman.app

Security reports: security@optimizedhuman.app

Mailing address: 30 N Gould St, STE R, Sheridan, WY 82801, USA