Legal

Privacy Policy

Last updated: January 2025

1. Introduction

UpgradeYourself.app ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health optimisation platform.

We take your privacy seriously, especially when it comes to sensitive health data. Our platform is built with a privacy-first architecture using end-to-end encryption.

2. Information We Collect

2.1 Account Information

  • Email address (for account creation and communication)
  • Name (optional, for personalisation)
  • Password (stored securely using industry-standard hashing)

2.2 Health Data (Encrypted)

The following data is encrypted with your personal encryption key before storage. We cannot read this data:

  • Supplement stacks and protocols
  • Peptide protocols and dosing schedules
  • Health goals and preferences
  • Biomarker data and lab results
  • DNA/genetic analysis data
  • Biometric information (height, weight, etc.)

2.3 Usage Data

  • Pages visited and features used
  • Device type, browser, and operating system
  • IP address and approximate location
  • Session duration and interaction patterns

3. How We Use Your Information

  • To provide and maintain our service
  • To personalise your experience with AI-powered recommendations
  • To communicate with you about your account or our services
  • To improve our platform and develop new features
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. End-to-End Encryption

Your sensitive health data is protected using AES-256-GCM encryption. Here's how it works:

  • Your encryption key is derived from a passphrase only you know
  • Data is encrypted in your browser before being sent to our servers
  • We store only encrypted data - we cannot decrypt or read it
  • Your decryption key never leaves your device
  • If you lose your passphrase, we cannot recover your data

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Third parties that help us operate our platform (hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger or acquisition

6. Third-Party Services

We use the following third-party services:

  • Cloudflare: Hosting and security (EU data center)
  • Google Analytics: Usage analytics (anonymised)
  • PostHog: Product analytics (EU instance)
  • Google OAuth: Optional sign-in method

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Lodge a complaint with a supervisory authority

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we permanently delete all your data within 30 days, except where retention is required by law.

9. Security

We implement industry-standard security measures including HTTPS encryption, secure authentication, regular security audits, and our zero-knowledge encryption architecture. However, no method of transmission over the Internet is 100% secure.

10. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

[email protected]