PepAI
Privacy Policy
Effective Date: February 19, 2026 ยท Last Updated: February 20, 2026
EFN Group LLC ("we," "us," or "our") operates PepAI ("the App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Authentication credentials (managed by Supabase Auth)
- Apple ID information (if you sign in with Apple)
1.2 Profile Information
During onboarding, you may provide:
- Research interest areas (e.g. recovery, fat loss, cognitive)
- Experience level with peptide research
- Where you are in your research journey
This information is stored in your user profile and is used solely to personalize your app experience.
1.3 User-Generated Data
As you use the App, you may create:
- Protocols (compound names, dosages, frequencies, notes)
- Injection logs (dates, compounds, dosages, injection sites, notes)
- Cycle records (names, durations, start/end dates)
- Cost estimations
- Chat messages with the AI assistant
- Vial inventory records
1.4 Device and Usage Information
We may automatically collect:
- Device type and operating system version
- App version
- Crash reports and error logs (via Expo)
- Push notification tokens (if you enable notifications)
We do not collect location data, contacts, or browsing history.
2. How We Use Your Information
We use your information to:
- Provide the App's functionality: Store your logs, protocols, and research data so you can access them across sessions.
- Process payments: Manage your subscription through RevenueCat and the App Store.
- Deliver AI responses: Send your chat messages to AI providers to generate research-related responses. Chat messages are sent without your personal profile data attached.
- Send notifications: Deliver protocol reminders and app updates if you opt in.
- Improve the App: Analyze anonymized usage patterns to fix bugs and improve features.
We do not:
- Sell your personal data to third parties.
- Use your health-related data for advertising.
- Share your data with data brokers.
- Make automated health decisions based on your data.
3. Third-Party Services
The App uses the following third-party services, each with their own privacy policies:
| Service |
Purpose |
Data Shared |
| Supabase |
Authentication, database, cloud functions |
Account data, user-generated content |
| RevenueCat |
Subscription management |
Anonymous user ID, purchase history |
| Anthropic (Claude) |
AI chat responses |
Chat message text (no personal profile data) |
| Google Gemini |
AI chat responses (fallback) |
Chat message text (no personal profile data) |
| Apple Sign In |
Authentication |
Apple ID token |
| Expo |
Push notifications, crash reporting |
Device token, crash logs |
We require third-party providers to handle your data in accordance with their published privacy policies and applicable data protection laws.
4. Data Storage and Security
- Your data is stored on Supabase's infrastructure (cloud-hosted PostgreSQL databases).
- All data is protected by Row Level Security (RLS) policies โ you can only access your own data.
- Data is transmitted over HTTPS/TLS encryption.
- Authentication tokens are stored securely on your device.
- We do not store your password โ authentication is handled by Supabase Auth.
While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your data.
5. Data Retention
- Your data is retained as long as your account is active.
- If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
- Chat messages sent to AI providers are subject to those providers' retention policies.
- Anonymized, aggregated data may be retained indefinitely for analytics purposes.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data.
- Correct inaccurate data.
- Delete your account and associated data.
- Export your data in a portable format.
- Opt out of push notifications at any time through your device settings.
- Withdraw consent for optional data processing.
To exercise any of these rights, contact us at support@pepai.cc.
6.1 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the sale of personal information. We do not sell personal information.
- Non-discrimination for exercising your privacy rights.
6.2 European Residents (GDPR)
If you are in the European Economic Area, our legal bases for processing your data are:
- Contract performance: To provide the App's functionality.
- Legitimate interest: To improve the App and prevent fraud.
- Consent: For optional features like push notifications.
You may contact your local data protection authority if you have concerns about our data practices.
7. Children's Privacy
The App is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, contact us at support@pepai.cc.
8. Push Notifications
We may send push notifications for protocol reminders and app updates. You can opt out at any time through your device's notification settings. We use Expo Notifications to deliver push notifications.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Your continued use of the App after changes constitutes acceptance of the updated policy.
The "Last Updated" date at the top of this policy indicates when changes were last made.
10. Contact
For privacy-related questions or requests, contact us at:
EFN Group LLC
Email: support@pepai.cc
For general inquiries: support@pepai.cc