Back to Home

Privacy Policy

Last Updated: January 29, 2026

1. Introduction

MyStaQ ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our peptide protocol tracking application ("Service") accessible at https://MyStaQ.app.

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information that you provide directly:

  • Account Information: Email address, full name (optional), and password (encrypted)
  • Profile Information: Subscription tier (free or premium) and subscription status
  • Protocol Data: Peptide names, dosing schedules, amounts, routes of administration, and notes you choose to add
  • Dose Logs: Records of doses taken, including dates, times, injection sites, and any notes
  • Vial Information: Vial sizes, concentrations, reconstitution dates, expiration dates, supplier information, and lot numbers

2.2 Payment Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card information. We receive and store only:

  • Stripe customer ID (for subscription management)
  • Subscription status and billing cycle information
  • Last four digits of your payment method (from Stripe)

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, actions taken (anonymized via Plausible Analytics)
  • Device Information: Browser type, operating system, device type (for PWA optimization)
  • Log Data: IP address (anonymized), access times, error logs (via Sentry)

2.4 Cookies and Local Storage

We use cookies and browser local storage for:

  • Authentication session management (Supabase Auth)
  • Remembering your preferences (theme, settings)
  • Offline data caching (Service Worker for PWA functionality)
  • Analytics (privacy-friendly, no cross-site tracking)

3. How We Use Your Information

We use your information to:

  • Provide the Service: Store your protocols, track doses, manage vials, and display your history
  • Account Management: Create and maintain your account, authenticate you, and manage your subscription
  • Payment Processing: Process subscription payments via Stripe
  • Improve the Service: Analyze usage patterns (anonymized) to enhance features and user experience
  • Communications: Send transactional emails (verification, password resets, subscription updates)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We share data only in the following circumstances:

4.1 Service Providers

We use trusted third-party services that process data on our behalf:

  • Supabase: Database hosting and authentication (data encrypted at rest and in transit)
  • Stripe: Payment processing (PCI DSS compliant)
  • Vercel: Application hosting and delivery
  • Plausible Analytics: Privacy-friendly usage analytics (GDPR compliant, no cookies, no personal data)
  • Sentry: Error tracking and monitoring (anonymized error logs)
  • Resend: Transactional email delivery

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, or court order, or to protect our rights, property, or safety.

4.3 Business Transfers

If MyStaQ is acquired or merged with another company, your information may be transferred. You will be notified of any such change.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (HTTPS with TLS 1.3) and at rest (AES-256)
  • Authentication: Passwords are hashed using bcrypt (Supabase Auth)
  • Access Control: Row-level security (RLS) ensures you can only access your own data
  • Regular Backups: Database backups are performed daily (Supabase)
  • Monitoring: Continuous monitoring for security incidents (Sentry)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Data Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights:

6.1 Right to Access

You can request a copy of all personal data we hold about you.

6.2 Right to Rectification

You can update or correct your personal information at any time through your account settings.

6.3 Right to Erasure ("Right to be Forgotten")

You can delete your account and all associated data at any time. Go to Account → Delete Account. This action is permanent and cannot be undone.

6.4 Right to Data Portability

Premium users can export their data in CSV format. Free users can request a data export by contacting support.

6.5 Right to Object

You can object to processing of your personal data for marketing purposes (we do not currently send marketing emails).

6.6 Right to Restrict Processing

You can request that we limit how we use your data while you contest its accuracy or lawfulness.

To exercise any of these rights, contact us at privacy@MyStaQ.app. We will respond within 30 days.

7. Data Retention

We retain your data as follows:

  • Active Accounts: Data is retained for as long as your account is active
  • Deleted Accounts: All data is permanently deleted within 30 days of account deletion
  • Backup Data: Deleted data is purged from backups within 90 days
  • Legal Holds: Data may be retained longer if required by law or to resolve disputes

8. Children's Privacy

MyStaQ is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

Your data is stored on servers located in the United States (Supabase region: us-east-1). If you are accessing the Service from outside the US, your data will be transferred to and processed in the US.

We ensure adequate safeguards are in place for international transfers in compliance with GDPR (Standard Contractual Clauses with service providers).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

12. Disclaimer

MyStaQ is for informational and tracking purposes only. It does not provide medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider before starting any peptide therapy protocol. We are not responsible for any health outcomes resulting from the use of this Service.