Privacy Policy

Effective: May 13, 2026

PACO Peptide ("we", "our") is an application operated by ooabi LLC. This policy explains what information we collect when you use PACO Peptide, how we use it, and what control you have over it.

PACO Peptide is an informational tool for people using GLP-1 medications. We are not a medical provider. This policy describes our privacy practices — not our clinical practices (we don't have any).

Information we collect

Information you give us directly

When you create an account and use PACO Peptide, we collect:

  • Email address — for authentication and account communication
  • Health data you enter — weight, recorded doses, injection sites, symptoms you log voluntarily
  • Coach conversations (Bukowski) — the messages you send and the responses you receive
  • Private photos you upload — progress photos and food photos, including optional notes and nutrition fields

Information we collect automatically

  • Usage data — what pages you visit, how many coach messages you send, frequency of use (without personal content attached)
  • Technical information — device type, browser, approximate IP address (for security and fraud prevention)

Payment information

If you subscribe to PACO Peptide Pro, Stripe processes your payment. We do not store your credit card number. Stripe provides us with:

  • Your customer identifier (Stripe Customer ID)
  • Your subscription status (active, canceled, etc.)
  • Last four digits of your card (so we can show you which one you used)

Stripe's privacy practices: stripe.com/privacy.

How we use your information

We use the data we collect to:

  • Provide the service (show your history, calculate trends, give the coach context about your situation)
  • Process payments through Stripe
  • Improve the product (in aggregate, not individually)
  • Communicate with you about your account or important changes
  • Comply with legal obligations

We do not sell your data. We do not rent your data. We do not use your coach conversations to train AI models.

How your coach conversations are processed

Your messages to the coach are sent to Anthropic (the developers of the Claude model we use) to generate responses. Anthropic processes those messages according to their commercial use policy, which by default prohibits using them for training.

Anthropic's policy: anthropic.com/legal/privacy

We store your conversations in our database so you have history within PACO Peptide. If you delete your account, we delete your conversations.

How food photo analysis is processed

If you choose to analyze a food photo, the selected image is sent to Anthropic so the AI can estimate visible calories and macros. The estimate is not medical advice, may be wrong, and is shown for your review before you save it.

Food photos and progress photos are stored privately in Supabase. They are not public, not shown to other users, and can be deleted by you.

If you choose to analyze progress photos, the selected comparison images are sent to Anthropic so the AI can summarize visible, non-diagnostic differences and photo-consistency limits. This analysis is not a diagnosis, body-fat estimate, or medical assessment.

Articles in our journal

Articles in PACO Peptide's editorial journal are produced through an automated pipeline:

  • We pull abstracts of recently published GLP-1 and peptide research from PubMed (the NIH/NCBI public database)
  • A draft article is generated by Claude (Anthropic's LLM) summarizing the research
  • A human editor reviews and approves each draft before publication — drafts are not auto-published

No user data is sent to PubMed or Anthropic during this process. Article generation operates only on publicly available research abstracts.

Where your data is stored

  • Account and health data: Supabase (US servers, AWS us-west-1 region)
  • Private photos: Supabase Storage, same project and region as your account data
  • Payments: Stripe (PCI-DSS compliant)
  • Coach conversations: Supabase, same location as your account
  • Rate-limit counters: Upstash (Redis-based, used to enforce free-tier daily limits — receives only an opaque internal user identifier; no email, no health data, no message content)

Your rights

You have the right to:

  • View the data we have about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your history in a readable format

To exercise any of these rights, email us at privacy@pacopeptide.com. We respond within 30 days.

If you live in California (CCPA), the European Union (GDPR), or any jurisdiction with similar data protection laws, you have additional rights under those laws. We honor them as well.

Data retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data — health logs, coach conversations, account details — within 30 days of the deletion request, including from our active backups.

We may retain anonymized usage statistics (counts, frequencies, no personal identifiers) indefinitely for product analytics. These cannot be linked back to you after deletion.

We may also retain a minimal record of the deletion itself (date, anonymized account reference) for legal compliance and to defend against fraudulent re-registration attempts.

Minors

PACO Peptide is not directed at people under 18. We do not knowingly collect data from minors. If you discover that a minor has created an account, email us and we will delete it.

Security

We use encryption in transit (HTTPS) and at rest (database-level encryption). No platform is 100% impenetrable, but we take the security of personal medical data seriously.

If we discover a data breach that affects you, we will notify you in accordance with applicable laws.

Cookies

We use strictly necessary cookies for the application to function (session, authentication). We do not use third-party tracking cookies or advertising cookies.

Changes to this policy

If we change this policy in a significant way, we will notify you by email before the change takes effect. The "Effective" date at the top always reflects the current version.

Contact

ooabi LLC privacy@pacopeptide.com

For questions about this policy or your data.

This policy is also available in Spanish.