Privacy Policy
Important. GLPzy is local-first. Health-related records stay on this device unless you choose to export, share, restore from a local GLPzy backup file, or include information in a support request. No GLPzy account is required for core tracking. GLPzy does not use app-controlled iCloud storage or sync for health records. New-phone continuity relies on Apple device transfer or an encrypted local computer backup. Apple Health access is optional and limited to the permissions you grant.
1. Who we are
Steven Good, trading as GLPzy, is responsible for the processing of personal data described in this Privacy Policy, except where this policy states otherwise.
General privacy contact: [email protected].
2. Scope of this policy
This Privacy Policy explains what personal data we collect, how we collect it, the purposes for which we use it, the legal bases we rely on where required, the categories of recipients we share it with, how long we retain it, and the choices and rights available to you.
This policy applies to our website policy pages, the GLPzy iOS application, related services, and support interactions.
3. Categories of personal data we process
| Category | Examples | Purpose |
|---|---|---|
| Account and identity data | In the current version, we do not require in-app account creation. If you contact support, we may process your email address and related correspondence. Subscription entitlement status may be made available by Apple. | Support handling and subscription entitlement management |
| Health and wellness data you choose to enter | Medication name, dose amount, dose date and time, injection site, weight, symptom logs, side-effect logs, appetite, nutrition, notes, progress photos, habit logs, reminders | Core tracking, journaling, visualisation, reminders, user-controlled exports |
| Optional connected data | Optional Apple Health body weight history and height import, plus read-only body composition, sleep, movement, workout, calories, protein, and water context, limited to the permissions you grant. | Personal tracking import, setup context, and read-only daily review context inside the app |
| Support and communications data | Emails, support requests, screenshots you provide, related correspondence | Issue resolution, safety response, service improvement, record keeping |
| Device, diagnostics, and security data | App version, device model, iOS version, screenshots you choose to send, and any diagnostic package you choose to share with support | Support troubleshooting, compatibility review, and local-store recovery assistance |
| Transaction and subscription data | Subscription status, renewal status, purchase events, restore-purchase events, refund status where available via platform APIs | Access management, billing support, compliance, accounting and audit records |
4. How we collect data
- Directly from you when you enter records, contact support, or adjust settings.
- From Apple, including App Store subscription and entitlement information made available through Apple systems.
- From support material you voluntarily provide, such as screenshots or device details.
- The current version does not include advertising SDKs or third-party analytics SDKs.
5. How we use personal data
We use personal data to operate, secure, support, and improve the service, including to:
- provide the app’s core logging, journaling, reminder, export, and visualisation features on device;
- maintain subscription entitlements made available through Apple systems;
- respond to support, safety, and privacy requests;
- review support requests, screenshots, and diagnostic packages you choose to share;
- troubleshoot local-store recovery and compatibility issues;
- meet legal, regulatory, tax, accounting, and contractual obligations.
6. Health data and sensitive data handling
Some of the information processed by GLPzy may constitute health data or other sensitive personal data under applicable law. We process such information only as necessary to provide the features you choose to use, to support the service, and to meet applicable legal obligations.
We do not sell personal data. We do not use health data for targeted advertising. We do not share health data with advertising networks for marketing or cross-context behavioural advertising. We do not use health data to build advertising profiles.
7. Legal bases and conditions, where applicable
Where UK GDPR, EU GDPR, or similar data protection laws apply, we rely on one or more of the following lawful bases under Article 6:
- performance of a contract, to provide the services you request;
- legitimate interests, for security, service administration, fraud prevention, support, and reasonable service improvement;
- compliance with a legal obligation, where we must retain or disclose information by law;
- consent, where specific optional processing requires it.
Where processing involves health data or other special category data, we also rely on an applicable Article 9 condition where required, including explicit consent or another condition available under applicable law.
8. Apple Health
Apple Health access is optional. In the current shipped setup, GLPzy imports body weight history and height when you choose to grant permission, then reads body composition, sleep, movement, workout, calories, protein, and water summaries in read-only mode for Insights, Today, and Settings. GLPzy does not write data back to Apple Health in the current release posture.
9. Disclosure of personal data
App records remain on device unless you choose to export them, share them, restore them from a local GLPzy backup file, or send information to support. We disclose personal data only where reasonably necessary and subject to appropriate contractual, legal, and security controls. Recipients may include:
- email and customer support tools used to handle support requests you initiate;
- payment, accounting, and subscription service providers, where relevant;
- professional advisers, auditors, and insurers, where reasonably necessary;
- courts, regulators, law enforcement, and other parties where disclosure is required by law or necessary to protect rights, safety, or the integrity of the service;
- an acquirer, investor, or successor entity in connection with a merger, acquisition, financing, reorganisation, or asset sale, subject to lawful handling of the information.
10. International transfers
Where personal data is transferred internationally, we will implement appropriate safeguards required by applicable law. Depending on the transfer route, these safeguards may include adequacy regulations, standard contractual clauses, the UK international data transfer agreement, or other permitted mechanisms.
11. Storage, security, and confidentiality
We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. These measures may include encryption in transit, access controls, least-privilege permissions, logging, monitoring, and role-based restrictions.
No method of transmission or storage is fully secure. However, we design the service to minimise unnecessary collection and to limit access to sensitive information.
12. Retention
| Data type | Retention approach |
|---|---|
| Account data | The current version does not require an in-app account. Support correspondence and subscription-related records may be retained for limited legal, security, accounting, or dispute-handling reasons. |
| Health and wellness records | Stored on device until you delete them or delete the app, subject to Apple backup/device-transfer behavior and any local GLPzy backup file you choose to create. |
| Support records | Retained for up to 24 months after ticket closure, unless a longer period is required for legal claims, security, or compliance. |
| Support-provided diagnostics | Retained with the related support request for up to 12 months after receipt, unless a longer period is necessary for incident investigation or legal compliance. |
13. Your rights and choices
Depending on your location and the law that applies to you, you may have rights to access, correct, update, export, delete, restrict, object to, or appeal certain processing of your personal data, and to withdraw consent where processing depends on consent.
Further details are available on our User Privacy Choices and Data Rights page.
14. Account deletion
GLPzy does not require an in-app account for core tracking. You can delete local records using the in-app delete-data controls, delete the app from your device, or contact us regarding support correspondence or any exported data you previously shared with us.
15. Children
GLPzy is not intended for children under 18. We do not knowingly collect personal data from children in breach of applicable law. If you believe a child has provided personal data unlawfully, contact us using the details above.
16. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our practices, services, legal requirements, or operational controls. The revised version will be posted here with an updated effective date.
17. Contact us
Privacy enquiries: [email protected].
General support: [email protected].