Privacy Policy

Last Updated: May 25, 2026

IntoTheGrey ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application IntoTheGrey (the "App").

Health Data Protection

Your health and supplement tracking data is treated with the highest level of privacy protection:

  • NEVER used for advertising, marketing, or data mining
  • NEVER sold or shared with third parties
  • NEVER stored in iCloud or third-party cloud services
  • You have complete control over your health data (view, edit, delete at any time)

Your supplement tracking, dose logs, and wellness notes remain entirely private to you.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address and password when you create an account
  • Profile Information: Display name, measurement preferences (metric/imperial), theme preferences
  • Health-related Tracking Data: Supplement/compound names, vial inventory, reconstitution details, dose logs, reminder schedules, protocol plans (start/end dates, goal, duration), daily wellness entries (mood, energy, sleep, food-noise ratings — if you choose to log them), wellness goals, and notes that you choose to enter
  • Age Verification: Confirmation that you are 21 years of age or older
  • In-App Feedback: If you submit feedback through the in-app composer, your message, account email, app version, and device platform are sent to our private GitHub repository for triage. Feedback is treated as support correspondence, not as marketing data.

Important: All health-related data is stored solely for your personal tracking purposes. We do not analyze, aggregate, or use your health data for any purpose other than providing the app's functionality to you.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system version, unique device identifiers
  • Usage Data: App feature usage, screen views, session duration (only if you consent to analytics)
  • Crash Data: Error logs and crash reports to help us fix bugs (only if you consent)

1.3 Information We Do NOT Collect

  • Location data
  • Contacts or address book
  • Photos or camera data
  • Biometric data
  • Financial or payment information

2. How We Use Your Information

We use your information to:

  • Provide and maintain the App's functionality
  • Create and manage your account
  • Store and sync your tracking data across devices
  • Send you reminders you have configured
  • Improve the App based on anonymous usage patterns (with consent)
  • Fix bugs and improve stability (with consent)
  • Respond to your support requests
  • Comply with legal obligations

3. Data Storage and Security

3.1 Where Your Data Is Stored

Your data is stored securely using Supabase, with the primary database hosted in the European Union (Frankfurt, Germany — eu-central-1 AWS region). Supabase provides enterprise-grade security including:

  • Encryption at rest and in transit (TLS/SSL)
  • Row Level Security (RLS) - you can only access your own data
  • Regular security audits and monitoring
  • SOC 2 Type II compliance

Health-related data is isolated from analytics and stored exclusively for your personal use.

3.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted database connections
  • Row-level security policies ensuring you can only access your own data
  • Secure authentication with password hashing
  • Session timeouts after periods of inactivity
  • No storage of sensitive data in device backups

4. Data Sharing

We do not sell, trade, or share your personal information or health data with third parties except:

  • When required by law or legal process
  • To protect our rights, safety, or property
  • With Supabase (our infrastructure provider) under strict data processing agreements

We do NOT share your data with:

  • Advertisers or marketing companies
  • Data brokers or analytics aggregators
  • Insurance companies or healthcare providers
  • Any third party for commercial purposes

4.1 Sub-processors

We rely on the following sub-processors to operate IntoTheGrey. Each is bound by a data processing agreement and only processes data necessary for the stated purpose:

Sub-processorPurposeData sharedRegion
Supabase Inc.Database, authentication, row-level securityAll account & tracking dataEU (Frankfurt)
Cloudflare, Inc.Website hosting, in-app feedback API, transactional email routingRequest metadata; feedback messages in transitGlobal edge; email routed to EU
GitHub, Inc. (Microsoft)Stores user-submitted feedback as private issues for triageFeedback text, account email, app version, device platformUS
Expo (EAS)Mobile app build & distribution pipelineNo runtime user dataUS
Apple / GoogleMobile app distributionStandard store telemetry per their policiesGlobal

5. Analytics

Analytics are off by default. You can opt in (and out again) at any time from Settings → Privacy → Share Analytics. While analytics are off, no usage events are sent to our servers.

If you opt in, we collect anonymous usage events (screen views, feature taps, error logs) tied to your account ID for de-duplication. This data does NOT include:

  • Compound names or supplement details
  • Dosage information
  • Wellness ratings or notes
  • Any personally identifiable health data

Your choice is stored on your device and persists across sessions. You can withdraw consent at any time and we will stop collecting new events immediately. To delete previously-collected events, email [email protected].

6. Data Retention

  • Active accounts: Your data is retained as long as your account is active
  • Account deletion: All personal and health data is permanently deleted within 30 days
  • Backups: Deleted data is removed from backups within 90 days
  • Legal requirements: We may retain data longer if required by law

7. Your Rights (GDPR/CCPA Compliance)

You have the following rights regarding your personal and health data:

  • Right to Access: View all your data within the app at any time
  • Right to Rectification: Edit your profile, vials, and logs at any time
  • Right to Erasure: Delete your account and all associated data permanently
  • Right to Data Portability: Export all your vials, dose logs, protocols, and daily entries as CSV and JSON files from Settings → Profile → "Download My Data". You may also request a structured export by emailing [email protected].
  • Right to Object: Opt out of analytics tracking in Settings
  • Right to Withdraw Consent: Change privacy preferences at any time

To exercise any of these rights, contact us at [email protected] or use the in-app settings.

EU Residents (GDPR)

If you are in the European Union, you also have the right to:

  • Restrict processing
  • Lodge a complaint with a supervisory authority

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know whether your data is sold or disclosed (we do NOT sell data)
  • Equal service and price regardless of privacy choices

8. Children's Privacy

The App is intended for adults aged 21 and older. We do not knowingly collect information from anyone under 21 years of age. If we learn we have collected personal information from someone under 21, we will delete that information immediately.

9. International Data Transfers

Your account and tracking data is stored in the European Union (Frankfurt, Germany). Some sub-processors operate outside the EU:

  • Cloudflare processes website requests on a global edge network and routes administrative email; data in transit may briefly touch non-EU points of presence before delivery.
  • GitHub stores feedback submissions in the United States.

These transfers are safeguarded under the EU–US Data Privacy Framework and the providers' standard contractual clauses. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy in the App
  • Updating the "Last Updated" date
  • Sending a notification for material changes

Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

Summary

What We CollectWhyYour Control
Email & passwordAccount accessDelete account anytime
Tracking dataCore app functionalityEdit or delete anytime
Usage analyticsImprove the appOpt-in only, can disable
Crash reportsFix bugsOpt-in only, can disable

✓ We NEVER sell your data
✓ We NEVER share health information with advertisers
✓ We NEVER use health data for marketing or data mining
✓ Health data is NEVER stored in iCloud