Legal Document

Privacy Policy

Developed and operated by Apex Development Studio LLC · Effective: March 16, 2026 · Last Updated: March 27, 2026

Apex Development Studio LLC ("we," "our," or "us") develops and operates Journey Tracker and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your health and personal information when you use the Journey Tracker iOS application and associated website (journeytracker.app).

Please read this policy carefully. By using Journey Tracker, you agree to the practices described here.

1. Who We Are

Journey Tracker is an iOS application developed and operated by Apex Development Studio LLC. It is designed to help individuals undergoing GLP-1 therapy (including medications such as semaglutide, tirzepatide, and similar agents) track their health progress, medication history, laboratory results, and related health markers.

Apex Development Studio LLC operates Journey Tracker as a consumer health application. We are not a healthcare provider, health plan, or healthcare clearinghouse.

2. Information We Collect

2.1 Information You Provide Directly

When you use Journey Tracker, you may enter the following health information:

Body measurements: Weight, body fat percentage, muscle mass, BMI, and related metrics
Medication information: GLP-1 medication name, dose, injection dates, and injection site rotation
Side effect logs: Symptoms experienced during therapy, severity, and associated notes
Laboratory results: Blood test values including HbA1c, lipid panel, metabolic markers, thyroid markers, and other health markers you choose to enter
Health goals: Target weight and hydration goals
Notes: Free-text notes you add to any health entry

2.2 Information Collected Through Apple Health (HealthKit)

With your explicit permission, Journey Tracker may read from and write to Apple HealthKit. The specific data types accessed are listed during the permission request and may include:

Body weight and body composition metrics
Blood glucose readings
Blood pressure measurements
Dietary water intake
Laboratory results (if you connect your health system through Apple Health Records)

You control HealthKit access entirely. You can review and revoke any HealthKit permission at any time through iOS Settings → Privacy & Security → Health → Journey Tracker.

2.3 Information Collected Through Sign in with Apple

We use Sign in with Apple for authentication. Apple provides us only with a stable, opaque user identifier — not your Apple ID, real name, or email address.

2.4 Information We Do NOT Collect

Journey Tracker does not collect:

Your full name
Your physical address or precise location
Your date of birth
Your Social Security Number or government-issued identifiers
Your health insurance information
Your prescribing physician's information
Payment card information (payments are processed by Apple App Store)

3. How We Use Your Information

3.1 To Provide the Application

Your health data is used solely to operate the features of Journey Tracker — displaying your health trends, generating charts, tracking your GLP-1 progress, and providing the features you use.

3.2 AI-Powered Lab Analysis (Pro Feature)

If you subscribe to Journey Tracker Pro and use the AI Lab Analysis feature, a de-identified snapshot of your laboratory results and medication information is transmitted to the Google Gemini API, operated by Google LLC, to generate a personalized interpretation of your results. Before any data leaves your device, automated on-device processing strips personally identifiable information.

Your data is never used to train AI models. Journey Tracker operates on a paid Google AI billing account (Tier 1). Under Google's Gemini API Terms of Service, data submitted through paid-tier accounts is not used to train or improve Google's AI models.

Before this feature is activated, you will be shown a separate consent screen explaining exactly what data is transmitted and giving you the opportunity to consent or decline.

What is transmitted to the AI:

Your lab values as numbers (e.g., "HbA1c: 6.2")
Your GLP-1 medication name and current dose
How long you have been on therapy (relative duration, not a specific date)
Changes in your lab values over time (relative timeframes)

What we strip before transmission (automated on-device processing):

Names, personal identifiers, and contact information
Exact dates, timestamps, and date of birth
Account numbers, Apple ID, and patient record numbers
Any text our on-device system identifies as personally identifiable

We use automated on-device processing (Apple Vision OCR and on-device natural language analysis) to remove personal information before any data is sent. While we make every effort to remove all identifying information, no automated system is perfect. You can review exactly what was sent after each analysis within the app.

The AI analysis result is returned to your device and stored locally. It is informational only and does not constitute medical advice. Always discuss your lab results with your doctor before making health decisions.

De-identification is performed on a best-effort basis. By using the AI Lab Analysis feature, you acknowledge and accept that some information may not be fully removed by automated processing, and you accept the residual risk this represents.

3.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal or health information to any third party for any purpose, including advertising.

3.4 We Do Not Use Your Data for Advertising

Journey Tracker does not display advertisements and does not use your health data for advertising or marketing purposes of any kind.

4. How We Store Your Information

4.1 On Your Device

All of your health data is stored locally on your iPhone using Apple's Core Data framework. This data is encrypted at rest using iOS FileProtection (AES-256 encryption). Your data is only accessible when your device is unlocked.

4.2 iCloud Backup

If you have iCloud enabled, your Journey Tracker data may be backed up to your personal iCloud account through Apple's CloudKit framework. This data is:

Stored in your personal iCloud account, not any server controlled by us
Subject to Apple's privacy policy and security practices
Accessible only to you through your Apple ID
Not accessible to Journey Tracker developers under any circumstances

You can disable iCloud backup for Journey Tracker at any time through iOS Settings → [Your Name] → iCloud → Apps Using iCloud.

4.3 AI Analysis Results

Analysis results generated by the AI Lab Analysis feature are cached on your device in encrypted Core Data storage and synced to your personal iCloud account. We do not retain a copy of your analysis results on any server we control.

5. Information Sharing

5.1 Apple

We use Apple's platform services (HealthKit, CloudKit, Sign in with Apple, StoreKit) to operate Journey Tracker. Your use of these services is subject to Apple's Privacy Policy (apple.com/privacy).

5.2 Google LLC — Gemini API (AI Analysis Feature Only)

If you consent to use the AI Lab Analysis feature, a de-identified snapshot of your health data is transmitted to Google LLC via the Google Gemini API for processing. Personal information is stripped using automated on-device processing as described in Section 3.2.

Paid-tier account — your data is not used to train AI models. Journey Tracker operates on a paid Google AI billing account (Tier 1). Under Google's Gemini API Terms of Service, data submitted through paid-tier accounts is not used to train or improve Google's AI models.

Data Processing Addendum. Your data is processed under Google's Data Processing Addendum, which governs how Google handles personal data submitted through the API.

Log retention. Google retains API request logs only temporarily for security and abuse-prevention purposes — not for model training or any other purpose.

Results storage. AI analysis results are stored exclusively on your device and in your personal iCloud account. They are never stored on Journey Tracker's servers.

For full details on how Google processes API data, see the Gemini API Terms of Service and Google's privacy policy.

5.3 RevenueCat (Subscription Management)

Subscription management is handled by RevenueCat. RevenueCat receives subscription status information to verify your Pro subscription. RevenueCat's privacy policy is available at revenuecat.com/privacy.

5.4 Formspree (Contact Form)

The contact form on our support page is processed by Formspree, Inc., a third-party form submission service. When you submit the contact form, your name, email address, and message content are transmitted to and temporarily stored by Formspree in order to deliver the message to us. Formspree does not use this data for advertising and does not sell it. For details, see Formspree's Privacy Policy.

5.5 No Other Third-Party Sharing

We do not share your health or personal information with any other third parties.

6. Your Rights and Choices

6.1 Access Your Data

You can view all of your health data within the Journey Tracker app at any time.

6.2 Delete Your Data

You can delete all of your Journey Tracker data by:

Deleting individual entries within the app
Using Settings → Privacy & Security → Delete Account & All Data within the app (removes all on-device data)
Deleting the app (removes all on-device data)
Managing your iCloud storage to remove Journey Tracker backups via iOS Settings

6.3 Opt Out of AI Analysis

You can disable the AI Lab Analysis feature at any time through Settings → Features → AI Lab Analysis. Disabling this feature immediately prevents any further transmission of data to the Google Gemini API.

6.4 HealthKit Permissions

You can review and revoke any HealthKit permission at any time through iOS Settings → Privacy & Security → Health → Journey Tracker.

6.5 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and non-discrimination for exercising your privacy rights. To exercise these rights, contact us at support@journeytracker.app.

6.6 Virginia, Colorado, and Other State Residents

Residents of Virginia (CDPA), Colorado (CPA), and other states with consumer privacy laws have similar rights to access, delete, and correct their personal information. Contact us at support@journeytracker.app to exercise these rights.

7. AI Lab Analysis — Important Disclosures

7.1 Informational Purpose Only

The AI Lab Analysis feature is not a medical device, does not provide medical diagnoses, and does not constitute medical advice. Always discuss your laboratory results with your prescribing physician or other qualified healthcare provider.

The analysis is intended to help you understand general trends in your health markers in the context of GLP-1 therapy. It is not a substitute for the advice of a qualified healthcare provider.

7.2 AI Limitations

AI-generated analysis may contain errors, omissions, or information that does not apply to your specific situation. The AI does not know your complete medical history, other medications you may be taking, or other factors relevant to interpreting your health markers.

7.3 Emergency Situations

If you believe you are experiencing a medical emergency, call 911 or your local emergency number immediately. Do not rely on Journey Tracker or its AI analysis feature in an emergency.

7.4 De-Identification and Data Flow

When you use the AI Lab Analysis feature, your lab data passes through the following pipeline on your device before anything is transmitted:

On-device OCR: Lab values are extracted using Apple Vision framework (from camera capture, PDF, or image import)
On-device de-identification: Names, dates, identifiers, contact information, and any text identified as personally identifiable are stripped using on-device natural language processing
Transmission: Only de-identified lab values, medication name/dose, therapy duration, and trend data are sent to Google Gemini AI
On-device storage: Analysis results are returned to your device and stored in encrypted Core Data storage, synced only to your personal iCloud account

De-identification is automated and best-effort. You can review what was sent after each analysis session within the app. Our privacy policy: journeytracker.app/privacy. Gemini API terms: ai.google.dev/gemini-api/terms | Google's privacy policy: policies.google.com/privacy.

8. Children's Privacy

Journey Tracker is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

Journey Tracker does not collect or store user data on our servers. All health data is stored locally on the user's device and, if iCloud is enabled, in the user's personal iCloud account — neither of which we control or can access. Because we have no server-side records, we are unable to identify or delete data belonging to any specific user, including minors.

If you believe a child under 18 has used Journey Tracker, please contact us at support@journeytracker.app and we will respond promptly. To remove all associated data, we recommend: (1) deleting the Journey Tracker app from the device, and (2) removing any iCloud data via iOS Settings → [Your Name] → iCloud → Manage Storage → Journey Tracker.

9. Data Security

We implement technical and organizational measures to protect your health information, including:

On-device encryption: All health data is encrypted using AES-256 encryption
Secure authentication: Sign in with Apple with optional biometric lock
Secure transmission: All data transmitted over the internet uses TLS 1.3 encryption
Best-effort de-identification: Before AI analysis, automated on-device processing strips names, identifiers, exact dates, and other personally identifiable information — no automated system is perfect, and users acknowledge and accept the residual risk
No developer server access: We do not operate servers that store your health data
Debug code exclusion: Developer and debug features are excluded from the production app

No security system is perfect. If we become aware of a security breach that affects your health information, we will notify you as required by applicable law.

10. Breach Notification

In the event of a security breach involving your health information, we will notify affected users in accordance with the FTC Health Breach Notification Rule and applicable state law. Notification will be provided through in-app notification within the timeframe required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app and update the "Last Updated" date at the top of this policy. Your continued use of Journey Tracker after such notification constitutes your acceptance of the updated policy. For material changes that affect how we process your health data, we will seek your renewed consent where required by law.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your health information, please contact us:

Company: Apex Development Studio LLC
Email: support@journeytracker.app
Website: journeytracker.app
Mailing Address: Available upon request — email support@journeytracker.app

For data deletion requests or to exercise your privacy rights, please email support@journeytracker.app with the subject line "Privacy Rights Request."