DosePeer

Privacy Policy

Updated: 2026-06-18

Last updated: 2026-06-18

1. Who we are (data controller)

Adam Koch, Weißensteinstr. 44, 58093 Hagen, Germany · kontakt@dosepeer.com. DosePeer is a private GLP-1 tracker. This policy explains what personal data we process and why, under the EU General Data Protection Regulation (GDPR).

2. Our privacy promise

DosePeer is built privacy-first. Your personal journal is end-to-end encrypted on your device (AES-256) — we cannot read its contents. We show no ads, use no AI on your data, and we never sell raw data. You are our customer, not the product.

3. Data we process

  • Account data — e-mail and (optional) display name, to create and secure your account. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Your journal — doses, side effects and notes. Encrypted on your device before it reaches us; stored as ciphertext we cannot decrypt.
  • Community contributions (optional) — if you opt in, structured survey answers join a pseudonymized pool used to compute aggregate statistics (“X% at this dose reported Y”). A separate pseudonymous identifier is used, kept apart from your account identity. Special-category (health) data: processed only on your explicit consent (Art. 9(2)(a) GDPR).
  • Technical data — server logs (IP, timestamp, user agent) kept briefly for security and stability. Legal basis: legitimate interest (Art. 6(1)(f)).

4. The community data pool is voluntary

The core app (your tracker, journal and trends) works fully without joining the pool. Contributing is a separate, explicit opt-in that you can withdraw at any time. Withdrawing stops future contributions; aggregates already computed cannot be re-identified to you because the pool is pseudonymized.

5. Hosting and processors

We host within the European Union (Hetzner Online GmbH, Germany), acting as a processor under Art. 28 GDPR. App-store subscriptions, if any, are handled by Google (Google Play Billing). We do not transfer personal data outside the EU/EEA unless covered by appropriate safeguards (e.g. Standard Contractual Clauses).

6. Retention

Account and journal data are kept while your account is active. Server logs are kept only briefly. On deletion, your account and journal are erased; see section 8.

7. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and to object, as well as to withdraw consent at any time. To exercise them, contact kontakt@dosepeer.com. You may also lodge a complaint with your supervisory authority — for us: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), ldi.nrw.de.

8. Account and data deletion

You can request deletion of your account and associated data at any time via kontakt@dosepeer.com or in-app. We will erase your account and journal; pseudonymized aggregate statistics that can no longer be linked to you may be retained.

9. Children

DosePeer is intended for adults (18+) and is not directed at children.

10. Changes

We may update this policy. Material changes will be announced in the app or on the site.

11. Contact

kontakt@dosepeer.com · Adam Koch, Weißensteinstr. 44, 58093 Hagen, Germany.