Privacy Policy

The short version

• Health data stays on your device. Logs of peptides, GLP-1s, protein, calories, weight, and dosing are stored locally on your phone by default.
• We never sell your data. Not to advertisers, not to data brokers, not to insurers.
• We don't train models on your health data.
• Optional encrypted backup. You can opt in to encrypted cloud backup so you don't lose your stack when you change phones.
• You can delete everything, any time. One tap in Settings wipes your data from our systems.

What this policy covers

This Privacy Policy applies to the Stak mobile application (the "App") and the website at thestakapp.com (the "Site"), operated by The Stak App ("we", "our", "us").

Information we collect

1. Health and wellness data you enter in the App

When you use Stak, you may log information such as: peptide and GLP-1 compounds and doses, injection schedules, protein intake, calories, weight, body measurements, mood, sleep, and free-text notes (collectively, "Health Data").

Health Data is stored locally on your device. It is encrypted at rest using the device's secure storage. We do not have routine access to your Health Data and we never sell, rent, or share it with third parties for advertising.

If you enable iCloud Backup or our optional encrypted cloud backup, an encrypted copy of your Health Data may be stored with Apple iCloud or our hosting provider. Only you hold the keys to decrypt it.

2. Account information (if you create an account)

If you create an optional account, we collect your email address and a hashed password (or an Apple/Google identifier if you sign in with those). This is used only to authenticate you across devices.

3. Subscription and purchase data

Subscriptions are processed by Apple via the App Store. We receive a receipt confirming your subscription status. We do not receive or store your full payment card details.

4. Basic device and usage analytics

We collect a small amount of anonymized, non-Health-Data analytics to keep the App working:

• Crash reports (no Health Data attached)
• Anonymized feature-usage events (e.g., "user opened settings"), never the content of your logs
• Device type, OS version, and App version

5. Website analytics and marketing pixels

Our Site uses Meta Pixel and TikTok Pixel to measure ad performance and (with your continued use of the Site) show you relevant ads. These pixels see standard browser data (IP, user agent, the page you visited). They do not see any Health Data, because no Health Data is sent from the Site.

How we use information

• To run the App and your account
• To process subscriptions and provide customer support
• To fix bugs and improve the App through anonymized analytics
• To measure marketing performance on our website (via the pixels above)
• To send you product or account emails you have opted into

What we do not do

• We do not sell your Health Data.
• We do not share your Health Data with advertisers, data brokers, insurers, or employers.
• We do not use your Health Data to train machine-learning models.
• We do not provide medical advice, dosing recommendations, or diagnoses.

Your rights and choices

• Access and export. Export your data from Settings → Data → Export.
• Delete. Settings → Data → Delete everything will permanently remove your account and any cloud-backed data within 30 days.
• Opt out of analytics. Settings → Privacy → Analytics toggle.
• Marketing emails. Use the unsubscribe link in any email, or write to privacy@thestakapp.com.
• GDPR / CCPA. If you're in the EU/UK or California, you have additional rights to access, correct, port, or restrict processing of your personal information. Contact privacy@thestakapp.com and we'll respond within 30 days.

Children

Stak is rated 17+ and is not intended for children under 17. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@thestakapp.com and we will delete it.

Service providers

We use a small number of vetted service providers, only as needed:

• Apple App Store, for subscription processing and app distribution
• Hosting and cloud infrastructure (e.g., Vercel, AWS), to run the website and account services
• Anonymized analytics and crash reporting
• Email delivery for transactional emails

These providers act on our instructions, are bound by contractual confidentiality and security obligations, and never receive your Health Data.

International transfers

We are based in Canada and may transfer information to providers in the United States, the European Union, and other regions. Where required, we use Standard Contractual Clauses or equivalent safeguards.

Security

We use industry-standard encryption (TLS in transit; device-level encryption at rest), least-privilege access controls, and routine reviews. No system is perfectly secure. If we ever discover a breach involving your personal information, we will notify you and the relevant regulators as required by law.

Changes to this policy

We'll update the "Last updated" date when we change this policy. For material changes (such as new categories of data or new sharing), we'll also notify you in the App or by email before the change takes effect.

Contact

Questions about this policy or your data? Email privacy@thestakapp.com.