Privacy Policy

Effective date: April 30, 2026  ·  App: Atlas (iOS)  ·  Developer: Peptides AI

Summary

Atlas is designed to be private by default. As of version 1.0, all of your data stays on your device: we do not operate any backend servers of our own for app functionality, do not run analytics, do not use advertising SDKs, and do not share data with third parties. Nothing you enter in the app — protocols, doses, journal entries, health metrics, achievements — leaves your device unless you explicitly export it yourself. The only network services the app uses are Apple's StoreKit (for subscription purchases) and Apple's Sign in with Apple (only if you choose to sign in); both are governed by Apple's own privacy policy. If you have iCloud enabled, your protocol data may sync through your private iCloud database, which is between you and Apple — we cannot access it.

What data the app handles

Data stored locally on your device

• Protocol and dose data you create (peptide name, dosage, schedule, notes)
• Usage history (dose logs, adherence streaks, achievements)
• Your profile (optional: display name, body metrics, goals, preferences)
• App settings

This data is stored in your device's local app container using Apple's standard persistence frameworks (SwiftData and UserDefaults) and, where applicable, shared with the Atlas Widgets extension and Atlas Watch app via an App Group. It is not transmitted to us or anyone else.

iCloud sync (optional, automatic)

If you are signed into iCloud on your device, Atlas uses Apple's CloudKit framework to sync your protocols and entries through your private iCloud database. This sync is end-to-end between your devices and Apple's servers; we do not have access to the data, and Apple's privacy policy governs storage. You can disable this in Settings → [Your Name] → iCloud → Atlas.

Apple Health (HealthKit) — read-only

With your permission, Atlas reads the following metrics from Apple Health to correlate them with your protocol adherence:

• Heart rate
• Heart rate variability (HRV, SDNN)
• Resting heart rate
• Body mass
• Step count
• Active energy burned

Atlas does not write to Apple Health. The app requests read-only authorization (NSHealthShareUsageDescription); no NSHealthUpdateUsageDescription is declared because no write access is needed.

HealthKit data is processed entirely on your device. It is never uploaded, and it is never combined with any identifier that leaves your device. You can revoke HealthKit access at any time in Settings → Privacy & Security → Health → Atlas.

Sign in with Apple (optional)

If you choose to sign in with Apple, Atlas stores the opaque Apple user identifier, and — only when Apple provides them on first sign-in — your name and relay email, in your device's Keychain. These values are used solely to personalize the app and to detect when you revoke access. They are not transmitted to us. You can sign out at any time inside the app, and you can revoke the app's access at any time in Settings → Apple Account → Sign in with Apple.

Using Atlas does not require signing in. Every feature works without an account.

Notifications

Atlas schedules local dose reminders on your device using iOS's UserNotifications framework. Notification content never leaves your device and is not delivered through any remote push service.

Purchases (StoreKit)

Subscriptions and one-time purchases are processed by Apple via StoreKit. Atlas receives a purchase receipt from Apple to unlock paid features; it does not see or store your payment details. Apple's own privacy policy governs the purchase itself: apple.com/legal/privacy.

Biometric authentication (Face ID / Touch ID)

If you enable the app lock, authentication is performed on-device by Apple's LocalAuthentication framework. Atlas never receives your biometric data — only a yes/no result from the system.

What we do NOT collect

• No analytics, telemetry, or crash reporting SDKs
• No advertising or tracking identifiers (IDFA or otherwise)
• No third-party SDKs that phone home
• No precise or coarse location
• No contacts, photos, microphone, or camera access
• No proprietary cloud storage of your data on our servers

Atlas's App Privacy manifest (PrivacyInfo.xcprivacy) declares NSPrivacyTracking = false and an empty NSPrivacyCollectedDataTypes list.

Data sharing

We do not sell, rent, or share your personal data with third parties. We do not have the ability to — your data never leaves your device or your private iCloud database.

Data export and deletion

• Export: Atlas Pro subscribers can export all protocol history and tracking data as CSV, JSON, or PDF from Profile → Data Export. If you are not a Pro subscriber and need a copy of your data for legal or portability reasons, email privacy@peptidesai.com and we will walk you through a manual export at no charge.
• Deletion: deleting the app from your device permanently removes all Atlas data stored locally. To also remove the iCloud copy, sign into iCloud.com and delete the iCloud.com.peptidesai.app container, or wait — uninstalling from all your devices clears it within Apple's normal retention window. If you signed in with Apple, also revoke app access in Settings → Apple Account → Sign in with Apple to complete removal of the Keychain-stored identifier.

Because we do not operate a backend server of our own, there is no remote copy of your data on our systems for us to delete.

Children

Atlas is not directed at children under 13 and should not be used by them. The app is intended for adults making informed decisions in consultation with a qualified healthcare provider.

Medical disclaimer

Atlas is an educational and tracking tool. It is not a medical device, and it does not provide medical advice, diagnosis, or treatment. Many substances referenced in the peptide database are research chemicals not approved for human use. Always consult a qualified healthcare provider before starting, changing, or stopping any protocol.

Your rights (GDPR / UK GDPR / CCPA)

Because all personal data is stored on your device or in your private iCloud database, under your direct control, you can exercise the following rights at any time:

• Access / portability: Pro subscribers can export via Profile → Data Export; non-subscribers may request a free manual export by emailing privacy@peptidesai.com.
• Rectification: edit any entry directly in the app.
• Erasure: delete entries in the app, or uninstall to remove everything. Uninstalling works regardless of subscription status.
• Withdraw consent: revoke HealthKit or Sign in with Apple access in iOS Settings as described above.

We do not sell personal information as defined by the California Consumer Privacy Act (CCPA). We do not have a Data Protection Officer because we do not process personal data on our own systems.

Security

Data is protected by the standard iOS sandbox and, for credentials, the iOS Keychain with kSecAttrAccessibleAfterFirstUnlock. Enabling Face ID / Touch ID app lock adds a second barrier. No security measure is perfect; enabling a device passcode and keeping iOS up to date materially improves protection.

Changes to this policy

If this policy changes, the effective date above will be updated and the updated version will be made available at the same URL from which you are reading this. Material changes will also be surfaced in-app.

Contact

Questions or privacy requests: Peptides AI — privacy@peptidesai.com

This policy covers Atlas version 1.0.0 and later.