← Back to SelfRX

Privacy Policy

Last updated: April 1, 2026

Overview

SelfRX ("we," "our," "us") is a personal health tracking application. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.

Age Requirement

SelfRX is for users 18 years of age or older. We do not knowingly collect data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it immediately.

Apple Health (HealthKit) Data

• What we read: Sleep analysis, heart rate variability (HRV), resting heart rate, steps, active calories, VO2 max, body mass (weight), menstrual cycle data, and blood oxygen.
• How we use it: To compute correlations between your protocols and health outcomes, displayed only to you.
• Where it goes: HealthKit data is processed on your device and sent to our server as aggregated daily summaries only. We never receive raw per-minute or per-sample data.
• Third-party sharing: We do not share your HealthKit data with any third party.

Protocol and Check-In Data

• What we store: The supplements, peptides, and protocols you choose to track (name, dose, route, frequency), your daily subjective scores, side effects, body measurements, and cycle tracking.
• How it's stored: Encrypted in transit (TLS) and at rest in our database.
• Purpose: To provide you with correlation analysis, trend tracking, and stack result cards.

Photos

• Progress photos are stored on your device only. Photo metadata (timestamp, linked protocols, type) may be synced to our server, but actual image files remain local.

Account Data

• Sign In with Apple: We receive your Apple identity token and, if you choose to share it, your email address. We store a hashed user identifier.
• Subscription data: Managed by RevenueCat. We receive entitlement status but do not store payment card details.

Analytics

• PostHog: Anonymous usage analytics (screen views, feature usage). No PII. No HealthKit data sent to analytics.
• Sentry: Anonymous crash reports scrubbed of PII.

Wearable Integrations

• Oura and WHOOP: If connected, we use OAuth2 to fetch aggregated daily summaries. We store OAuth tokens securely. You can disconnect at any time, which deletes your tokens.

AI Features

When AI-powered features (Personal Research Agent) are enabled:

• We send aggregated daily health summaries to Anthropic's Claude API for hypothesis generation.
• You will see an explicit consent screen naming Anthropic/Claude before any data is shared.
• You can opt out of AI features at any time while keeping the tracker.

What We Never Do

• Sell your data to third parties.
• Share individual health data with advertisers.
• Send raw HealthKit samples to our server or any third party.
• Make medical claims or provide medical advice.

Your Rights

• Access: View all stored data within the app.
• Export: Export all your data at any time.
• Delete: Permanently delete all data at any time.
• Disconnect: Remove wearable integrations and stored tokens.
• Opt out: Independently opt out of AI features, community sharing, or analytics.

Data Retention

Data is retained while your account is active. Account deletion permanently removes all data within 30 days. Anonymous aggregate analytics may be retained.

Security

• TLS 1.2+ for all data in transit.
• Database encryption at rest.
• iOS file protection (NSFileProtectionComplete) for photos.
• iOS Keychain for session tokens.
• Encrypted storage for wearable OAuth tokens.

Changes

We may update this policy. Material changes will be communicated through the app or email. Continued use constitutes acceptance.

Contact

Questions? privacy@selfrx.app