Privacy Policy

Effective Date: June 2026 · Last Updated: June 2026

This Policy applies to all users, including those in the United States, European Union, and elsewhere.

1. Introduction

GLP Coach ("we," "us," "our," or "Company") operates glpcoach.us ("Website") and the GLP Coach application ("Service"). We are committed to protecting your privacy. This Privacy Policy explains our data practices and your rights.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, password
Health Data: Weight, medication type, dose, side effects, protein intake, water consumption, energy levels, food types, injection times, notes, food-noise ratings
Profile Information: Medication name, start date, current weight, goal weight, other health markers
Payment Information: Processed through Paddle (we do not store credit card details)
Communications: Emails, support requests, feedback

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, time spent, clicks, searches
Device Information: Device type, operating system, browser type, IP address
Cookies & Tracking: Session cookies, analytics cookies (Google Analytics)
Location Data: Approximate location based on IP address (not precise)

2.3 Third-Party Data

Google OAuth: If you sign in with Google, we receive your Google account email and basic profile info
Payment Processor: Paddle collects payment and billing information

3. How We Use Your Information

We use collected information for:

Service Delivery: Generating AI insights, creating your health dashboard, sending weekly emails
Account Management: Creating/maintaining your account, authentication, password recovery
Communication: Sending service updates, newsletters, support responses
Analytics: Understanding user behavior to improve the Service
Legal Compliance: Fulfilling legal obligations, fraud prevention, security
AI Training: Training our Claude AI models on your anonymized health data patterns (with your consent)

We do NOT sell your personal data to third parties.

4. How We Share Your Information

4.1 Service Providers

We share information with:

Supabase: Database and authentication hosting
Vercel: App hosting and CDN
Anthropic (Claude API): AI insight generation (data processed to generate insights, not stored by Anthropic)
Paddle: Payment processing
Google Analytics: Usage analytics
Loops: Email service (for weekly insights)

Each provider has contractual obligations to protect your data.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

4.3 Business Transfer

If GLP Coach is acquired or merged, your data may be transferred as part of that transaction. We will notify you of any such change.

4.4 No Third-Party Sharing

We do NOT share your health data with healthcare providers, insurance companies, employers, or other third parties without your explicit written consent.

5. Data Security

We implement industry-standard security measures:

Encryption: HTTPS encryption in transit, encrypted storage at rest
Access Controls: Role-based access, API keys with restricted permissions
Monitoring: Regular security audits and threat monitoring
Backup: Regular backups with encrypted storage

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

Account Data: Retained while your account is active and for 90 days after deletion
Health Logs: Retained as long as your account exists, permanently deleted upon account deletion (at your request)
Backups: May be retained for up to 180 days for disaster recovery
Cookies: Session cookies expire when you log out; persistent cookies last up to 1 year

You may request deletion of your data at any time.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

Access all personal data we hold about you
Download your data in a portable format
Request a copy of your health logs

Request data access: [email protected]

7.2 Correction and Deletion

You may:

Correct inaccurate information in your account
Delete your account and associated health data at any time
Request erasure of specific data

Deletion is permanent. Once deleted, we cannot recover your data.

7.3 Opt-Out of Communications

You may unsubscribe from marketing emails by clicking the unsubscribe link. Transactional emails (account confirmations, password resets, service notices) cannot be disabled.

7.4 Cookie Management

Most browsers allow you to refuse cookies or alert you when cookies are being sent. Disabling cookies may affect Service functionality.

7.5 Do Not Track

We respect Do Not Track (DNT) signals and do not track you across other websites when DNT is enabled.

8. Privacy Rights by Jurisdiction

8.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

Right to Access: Request what personal data we hold
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Rectification: Correct inaccurate data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing for marketing or other purposes
Right to Withdraw Consent: Withdraw consent at any time

EU Representative: [email protected]

8.2 California (CCPA)

If you are a California resident, you have the right to:

Know: What personal data is collected, used, and shared
Delete: Request deletion of personal data (with exceptions)
Opt-Out: Opt out of the sale or sharing of personal data
Non-Discrimination: Not be discriminated against for exercising these rights

California residents may submit requests: [email protected]

9. Children's Privacy

The Service is not directed to individuals under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we learn that a child has provided us with personal data, we will delete such information promptly.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing information.

11. International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence (including India and the United States), which may have different data protection laws.

By using the Service, you consent to such transfers. For EU residents, we rely on Standard Contractual Clauses (SCCs) to ensure appropriate safeguards.

12. California Consumer Rights Notice

Under California law, we must disclose:

Categories of personal information: Identifiers, commercial information, biometric information (health data), internet activity, geolocation, and inferences
Purpose of collection: Service delivery, analytics, legal compliance
Sharing: With service providers (Supabase, Vercel, Anthropic, Paddle, Loops)
Retention period: See Data Retention section above
Your rights: Access, deletion, opt-out of sale/sharing (we do not sell data)

13. Data Breaches

In the event of a confirmed data breach affecting personal information, we will notify affected individuals without unreasonable delay (and in compliance with applicable laws).

Report a breach: [email protected]

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Service constitutes acceptance of changes.

For material changes, we will provide notice (e.g., email or prominent website notice).

15. Contact Information

For questions about this Privacy Policy or to exercise your rights:

GLP Coach
Email: [email protected]
Website: glpcoach.us

For EU/GDPR inquiries:
Email: [email protected]

For California/CCPA inquiries:
Email: [email protected]

Last Updated: June 2026