Privacy Policy

Pace is a tool for people using GLP-1 medications. We built it with privacy as a product decision, not a compliance checkbox. This page explains what we collect, what we don't, and what rights you have.

The short version

• We use Supabase for sign-in. We store your email address and a hashed password, nothing else about you in our auth layer.
• Your tracking data (symptoms, weight, injections, food noise, protein) is currently stored in your browser's local storage on the device you're using. It does not sync across devices yet, and we do not see it on our servers.
• When cross-device sync ships, that data will be stored encrypted at rest in our Supabase database, accessible only by you. We will update this policy and notify you before anything changes.
• We do not sell data. We do not run ad networks. We do not share with third parties beyond the subprocessors listed below.
• You can export or delete everything any time.

What we collect

Account data: email address and a hashed password handled by Supabase Auth. If you subscribe to Premium, Stripe handles payment and we store only the subscription status, never card details.

Health data you enter:medication, dose, injection dates, weight, symptoms, food noise, protein intake, notes. Stored in your browser's local storage today. Will sync encrypted via Supabase once cross-device sync ships.

Usage analytics: we use Vercel Analytics and Vercel Speed Insights for aggregate, privacy-friendly stats (page views, performance). No cookies, no cross-site tracking, no personal identifiers.

What we don't collect: we do not track location, contacts, advertising identifiers, or device fingerprints. We do not integrate Facebook Pixel, Google Ads, or any ad SDK.

Service providers

Pace uses a few trusted services to run the app, handle sign-in and payments, and help generate the summary on your doctor-ready report. We share only what each service needs to do its job, and your name and email stay on your device.

Your rights

Regardless of where you live, you can request a copy of your data, ask us to delete it, or revoke your account. For these requests, email us at support@thepen.club.

EU/UK residents: we rely on legitimate interest for minimal analytics and contract performance for Premium account data. California residents: we do not sell personal information.

Medical data & HIPAA

Pace is a consumer wellness tool, not a covered entity under HIPAA. We are not a substitute for medical advice. Never enter information that would compromise your safety if exposed, treat Pace like any other health-tracking app.

Children

Pace is not intended for anyone under 18. We do not knowingly collect data from minors.

Changes

If we change this policy, we will update the date at the top and notify Premium members by email at least 14 days before the change takes effect.

Contact

Questions about your privacy, or want to exercise any of the rights above? Email us at support@thepen.club.

See also: Terms of Service.