Privacy Policy

Effective date: March 23, 2026

Trough ("we," "our," or "the app") is a hormone and wellness tracking application for iOS. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Data you provide

• Account information: Email address or Apple ID (for authentication)
• Protocol data: Injection compounds, doses, frequencies, site rotation
• Daily check-ins: Self-reported energy, mood, libido, sleep quality, mental clarity scores (1-5 scale)
• Bloodwork: Lab values you manually enter (testosterone, estradiol, etc.)
• Supplement/compound logs: GLP-1, peptide, and ancillary compound doses
• Notes: Free-text notes including "Notes for Doctor" on bloodwork entries

Data from HealthKit (with your permission)

• Sleep duration and quality
• Daily step count
• Heart rate variability (HRV)
• Body weight and body fat percentage
• Resting heart rate

We never sell, share, or use HealthKit data for advertising or marketing. HealthKit data is used solely to display trends in the app and correlate with your self-reported wellness data. This data is stored on your device and, if you enable sync, in your private Supabase account.

Analytics data

• PostHog: We collect anonymous usage events (e.g., "check-in completed," "paywall viewed") to understand how the app is used. These events do not contain health data, bloodwork values, or personal identifiers.
• RevenueCat: Subscription status is managed through RevenueCat. We do not store your payment information — Apple handles all transactions.

2. How We Use Your Data

• To display your protocol, check-in history, PK curves, and insights within the app
• To sync data across your devices (if enabled)
• To generate weekly reports and PDF exports for your personal use
• To send dose reminders and check-in notifications (with your permission)
• To improve the app based on anonymous usage patterns

We never use your health data for advertising, sell it to third parties, or share it with insurers, employers, or data brokers.

3. Data Storage

Trough is offline-first. All data is stored locally on your device using SwiftData. If you enable cloud sync, data is stored in a private Supabase database. Your data is encrypted in transit (TLS) and at rest.

4. Data Sharing

We do not share your personal health data with anyone. The only third-party services that receive data are:

• Supabase (cloud sync) — stores your encrypted data if sync is enabled
• RevenueCat (subscriptions) — receives only subscription status, not health data
• PostHog (analytics) — receives anonymous usage events only

5. HealthKit

Trough requests read access to HealthKit data types (sleep, steps, HRV, body weight, heart rate) with your explicit permission. This data is:

• Used only to display in the app and correlate with your check-in data
• Never shared with third parties
• Never used for advertising or marketing
• Never stored outside your device and private sync database

6. Your Rights

• Access: View all your data within the app at any time
• Export: Export your data as CSV or PDF from within the app
• Deletion: Delete your account and all associated data from Settings. We will delete all cloud-synced data within 30 days.
• Revoke HealthKit: Revoke HealthKit permissions at any time in iOS Settings

7. Children

Trough is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors.

8. Changes

We may update this policy from time to time. Changes will be posted here with an updated effective date.

9. Contact

Questions about this policy? Email us at rob@gettrough.app.