TitrateGet the app
← Back to Titrate

Privacy policy

Effective May 5, 2026

App: Titrate · Peptide & GLP-1 Tracker
Data controller: PROSTACK AI LIMITED
Represented by: Iacob Pastina, Director
Companies House No.: 14978913
VAT registration: Not VAT registered
Registered office: 19 Inverness Terrace, W2 3JL, London, United Kingdom
Privacy contact: hello@compoundgroup.com

This policy describes what data Titrate processes, why, on what legal basis, and your rights. It is written to be readable, but every section below maps to a specific GDPR or Apple App Store requirement.

1. Plain-English summary

Almost nothing on our servers, because there are almost no servers. Titrate stores your tracking data in your private Apple iCloud container — your Apple ID, your encrypted storage, only you can read it. We never see it. The narrow exceptions are listed below.

2. What we process and why

2.1 Data stored on your device and in your private iCloud (we cannot read this)

All of the below sits in Apple’s CloudKit private database, encrypted by Apple in transit and at rest, accessible only by your Apple ID:

  • Compound library entries (including any you add yourself)
  • Active and past dosing protocols
  • Vials (reconstitution math, expiration, optional cost paid)
  • Shot history (date/time, dose, injection site, optional notes)
  • Weight entries
  • Side-effect entries (symptom + severity)
  • Hydration log (water entries)
  • Nutrition log (calories, protein, optional carbs/fat)
  • Glucose readings (if logged)
  • Body composition (if logged)
  • Progress photos (if added)
  • Your profile (date of birth, biological sex, height, preferred units, primary goals, optional monthly spend bracket)

Legal basis (GDPR Art. 6(1)(b) and 9(2)(h) where applicable): performance of the contract (the app you installed) and your explicit consent for any health-category data.

2.2 Data we see at the operational level (limited, not tied to identity)

  • Subscription status — via Apple StoreKit 2. We see only that a transaction occurred against an anonymous Apple transaction identifier, the product purchased (yearly or monthly), and renewal/expiry dates. We never see your name, email, payment card, or Apple ID.
  • App Store anonymized aggregate metrics from Apple — downloads, crashes, sessions. These are aggregated by Apple, not tied to you.
  • Crash reports— only if you opt in via iOS Settings → Privacy → Analytics & Improvements → Share With App Developers.
  • Anonymous device identifier for AI rate-limit bucketing — a 36-character UUID generated by iOS (identifierForVendor), unique to this app on this device, reset when you delete the app. We do not link it to anyone.

Legal basis: our legitimate interest in operating the service and preventing abuse (GDPR Art. 6(1)(f)).

2.3 Data we never collect

  • Your name, email, phone number, or any contact info — unless you email us
  • Your address, payment card, or any financial identifier
  • Your location
  • Behavioral analytics (no Mixpanel, Amplitude, Firebase Analytics, Sentry, etc.)
  • Any third-party advertising identifier (IDFA)
  • Anything from another app on your device

3. Optional permissions we may ask for

Each is opt-in. The app works (with reduced features) if you decline.

  • Apple Health (HealthKit) — read-only for bodyMass, dietaryEnergyConsumed, dietaryProtein, dietaryWater, bloodGlucose, bodyFatPercentage, leanBodyMass, waistCircumference. Your Health data stays on your device. We never write to Health unless you separately enable a write-back toggle.
  • Notifications — local-only via UNUserNotificationCenter. Reminders never traverse our servers.
  • Camera — for progress photos and AI food-photo scans. Photos used for progress tracking go to your private iCloud, never to us. Photos used for AI scanning are routed as described in section 4.
  • Photo library — only when you choose a photo to import.
  • Face ID / passcode — used only by the optional in-app lock. iOS handles authentication entirely on-device.

4. AI features — what is sent off-device, where, and what is retained

Three Titrate features call third-party AI infrastructure. All calls are routed through our Vercel Edge Function relay (titrate-landing.vercel.app) so our OpenRouter API key never sits in the iOS bundle. We list each path below in full.

4.1 Weekly summary (Pro feature)

  • What is sent:a structured snapshot of your last 7 days — counts of shots, weights, side effects, glucose readings, hydration, nutrition; pre-computed pattern observations (e.g., “plateau”, “side-effect spike”); adherence percentage; the active compound name. No personally identifying information is included — no name, no email, no Apple ID, no photos.
  • Where it goes:our Vercel Edge Function relay forwards the request to OpenRouter. OpenRouter routes to DeepSeek V3.1 (running on AtlasCloud or WandB — both U.S. infrastructure providers) as the primary model, with Anthropic Claude Haiku 4.5 (running on Amazon Bedrock, U.S.) as the fallback if the primary providers are unavailable.
  • What is retained: nothing. Every request is sent with provider.data_collection: deny, which contractually requires the model providers to not log, store, or train on the request or response. Our relay does not persist payloads either.
  • Anonymous bucketing: we attach the device-level identifierForVendor UUID for rate-limit accounting (10 requests per week free, 50 per week Pro). This is not tied to your identity.

4.2 Side-effect pattern summary (Pro feature)

Same architecture as weekly summary. Sends a snapshot of your last 30 days of side-effect entries (symptom, severity, timestamp, active protocol). Same providers, same ZDR contract, same retention policy.

4.3 Provider summary on the clinician PDF (Pro feature)

When you generate the clinician PDF, we send a structured 90-day snapshot to the same relay to produce the “Provider summary” paragraph at the top of the PDF. Same providers, same ZDR contract, same retention policy. The paragraph is marked as AI-generated on the PDF itself so the reading clinician knows.

4.4 AI food-photo scan (Pro feature)

  • What is sent: the photo you snap of a meal, plus a short text prompt asking the model to identify the foods.
  • Where it goes: our Vercel Edge Function relay forwards the image to Google Gemini 2.5 Flash via Google AI Studio (U.S. infrastructure).
  • What is retained: nothing. Same provider.data_collection: deny contract. Google does not retain the image or the response, does not train on it, and our relay does not store the image.
  • USDA enrichment:identified food labels are then looked up against the U.S. Department of Agriculture’s public FoodData Central API to attach nutrition data. The lookup contains only the food name, no personal data.

5. Sub-processors

We use the following processors. All process data only as instructed and under the contractual safeguards summarized above.

  • Apple Inc.(United States) — App Store delivery, StoreKit 2 subscription processing, CloudKit private container, HealthKit, Apple Sign-In if used.
  • Vercel Inc.(United States) — hosts our Edge Function relay and the marketing/legal website.
  • OpenRouter(United States) — routes AI inference requests to model providers under our ZDR account settings.
  • AtlasCloud, WandB(United States) — host DeepSeek V3.1 inference for the weekly / side-effect / clinical-PDF summaries.
  • Anthropic, Inc. (United States) via Amazon Web Services / Bedrock— fallback provider for Claude Haiku 4.5.
  • Google LLC (United States) via Google AI Studio— provider for Gemini 2.5 Flash food-scan inference.
  • U.S. Department of Agriculture— public FoodData Central API for nutrition lookups (no personal data sent).

6. International data transfers

Because the AI providers and our hosting infrastructure are located in the United States, requests you make to AI features result in personal data transfers from the European Economic Area to the United States. We rely on:

  • The EU–U.S. Data Privacy Framework for transfers to certified recipients;
  • Standard Contractual Clauses (SCCs) per Commission Implementing Decision (EU) 2021/914 for any transfer not covered by the framework;
  • The contractual ZDR safeguards described in section 4 to minimize the data exposed in each request.

7. Subscriptions

Titrate Pro is sold by Apple via the App Store using StoreKit 2. We never see your card, billing address, or Apple ID. Pricing, cancellation, refunds, and auto-renewal terms are in our Terms of Service. To cancel, use Settings → Apple ID → Subscriptions on your iPhone. Refunds: reportaproblem.apple.com.

8. Data retention

Tracking data — for as long as you keep the app installed and your iCloud container intact. Delete the app and the iCloud data and it is gone; we cannot recover it.

Subscription records — retained for as long as required by Apple and applicable tax law (typically 6 years for HMRC records under UK law).

AI request payloads — not retained (see section 4).

Anonymous rate-limit buckets — in-memory only, cleared on Edge Function cold starts.

Email correspondence — retained for the period reasonably needed to handle your inquiry, then deleted.

9. Your rights

Because nearly all of your data lives in your private iCloud container, you control it directly:

  • Access — open the app, your data is there.
  • Export— Profile → Data → Export (PDF / CSV / JSON).
  • Delete— Profile → Reset, or uninstall the app and remove the iCloud data via iCloud settings.

For the small amount of data we do see (e.g., subscription status, email correspondence), email hello@compoundgroup.com; we respond within 30 days.

EU/EEA & UK residents (GDPR / UK GDPR):you have rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). You also have the right to withdraw consent at any time without affecting prior processing, and to lodge a complaint with your local supervisory authority. In the United Kingdom, that is the Information Commissioner’s Office (ICO, ico.org.uk); in EU/EEA member states, your local data protection authority.

California residents (CCPA / CPRA): you have rights to know, delete, correct, and opt-out of sale or sharing of your personal information. We do not sell your personal information and have not sold or shared it in the prior 12 months.

Other U.S. state laws (Colorado, Connecticut, Virginia, Utah, and others): equivalent rights apply where you reside. Use the same email contact above.

10. Security

CloudKit is encrypted in transit (TLS 1.2+) and at rest by Apple. We do not run our own database. AI calls use HTTPS end-to-end. The optional Face ID/passcode lock adds a device-level barrier. We do not officially support jailbroken devices.

If we discover a personal data breach affecting you, we will notify the relevant supervisory authority within 72 hours under GDPR Art. 33, and you directly without undue delay where the breach is likely to result in a high risk to your rights (Art. 34).

11. Children

Titrate is rated 12+ on the App Store. Per our Terms of Service, the App is intended for adults (18+) only and is not directed at children. We do not knowingly collect data from anyone under 18. If you believe a minor has used the App, contact hello@compoundgroup.com and we will delete any associated data.

12. Automated decision-making

AI summaries describe patterns the user has logged. They do not make decisions about you that produce legal or similarly significant effects under GDPR Art. 22. Every AI-generated paragraph is marked on the surface where it appears, and our system prompts explicitly prohibit prescriptive recommendations, dose changes, or diagnoses. The clinician PDF is a self-tracking summary, not a clinical record.

13. Regulatory status — not a medical device, not HIPAA

Titrate is a general wellness self-tracking application, not a medical device under U.S. FDA, EU MDR, or UK MHRA rules. PROSTACK AI LIMITED is not a HIPAA covered entity or business associate (45 CFR § 160.103) and does not handle Protected Health Information. Detailed regulatory analysis is in section 1.1 of our Terms of Service.

Titrate does not prescribe, recommend dose changes, or interpret data clinically. The user is the sole originator and interpreter of all logged data. Always consult a qualified healthcare provider before starting, modifying, or stopping any medication or peptide protocol. In an emergency: 911 (US), 112 (EU).

14. Changes to this policy

If we change this policy materially, we will surface it in the app on next launch and require acknowledgement before continued use. Minor changes update the effective date at the top.

15. Contact

PROSTACK AI LIMITED
19 Inverness Terrace, W2 3JL, London, United Kingdom
Companies House No.: 14978913
Director: Iacob Pastina

hello@compoundgroup.com