Privacy Policy
Last updated: June 9, 2026 · Effective: June 9, 2026
Introduction
PinPoint ("the App," "we," "our") is committed to protecting your privacy. This Privacy Policy explains what information the App collects, how it is used, and your rights regarding your data.
PinPoint is developed by Elysium Technology FZ-LLC ("the Developer"). By using PinPoint, you agree to the practices described in this policy.
Summary
We do not sell your data. Your dose logs, schedules, metrics, and notes stay on your device (and sync only through your own private iCloud if you enable it), and we have no way to access them. To improve the app, we also collect anonymous, aggregate usage analytics that are never tied to you and never include your health or protocol data. Details below.
Information We Collect
Information stored locally on your device
PinPoint stores the following data locally on your iPhone or iPad using Apple's SwiftData framework:
- Dose logs: compound name, dose amount, dose unit, date/time, injection site, pain level, and notes you enter
- Schedules: compound, dose, frequency, and start date
- Daily metrics: weight, calories, protein, water intake, and notes you enter
- Daily notes: free-form text and the date you enter
- Side effect logs: effect name, severity rating, and date
- Vials / inventory: compound, vial size, expiry date, cost, and remaining quantity
- Saved calculations: vial size, water volume, syringe size, and calculated results
- User profile: categories selected, experience level, height, weight, goals, notification preferences, theme selection, and disclaimer acceptance status
- Injection site rotation: site names and last-used dates
This data never leaves your device except through iCloud sync (described below) or when you explicitly export it.
iCloud sync
If you have iCloud enabled on your device, PinPoint uses Apple's CloudKit framework to sync your data across your Apple devices. This sync is:
- End-to-end private: your data is stored in your personal iCloud account. We do not have access to your iCloud data. Apple manages the encryption and storage.
- Controlled by you: you can disable iCloud sync for PinPoint in your device's Settings → [Your Name] → iCloud → Apps Using iCloud.
- Subject to Apple's privacy policy: iCloud data handling is governed by Apple's Privacy Policy.
Apple HealthKit
PinPoint can optionally read the following data from Apple Health, only when you explicitly grant permission:
- Body weight
- Dietary water intake
- Nutrition totals such as protein, carbohydrates, fat, and fiber
- Activity totals such as active calories and exercise time
PinPoint uses this data solely to populate your daily metrics within the App. If you grant body-mass write permission, PinPoint can also save new weight entries that you create in the App back to Apple Health. PinPoint does not write dose logs, medication records, protocol data, notes, side effects, or compound information to Apple Health. HealthKit data is not shared with any third party. You can revoke HealthKit access at any time in Settings → Health → Data Access & Devices → PinPoint.
Subscriptions
PinPoint uses RevenueCat and Apple's StoreKit to process subscription purchases and entitlement status. These services may receive subscription transaction identifiers, product identifiers, and an anonymous app user identifier needed to unlock Pro features. They do not receive your dose logs, schedules, notes, side effects, vials, or daily metrics from PinPoint.
If you request a refund from Apple, Apple may ask us to confirm information about your purchase, such as whether the subscription was delivered and used. By using PinPoint and making in-app purchases, you consent to our sharing of data regarding your usage and consumption of purchased content with Apple as part of resolving refund requests. This is limited to subscription and entitlement information; it never includes your dose logs, schedules, notes, side effects, or any health data. Apple makes the final refund decision.
Anonymous usage analytics
To understand how the App is used and where to improve it, PinPoint collects anonymous, aggregate usage analytics through PostHog, a third-party analytics provider. This is limited to product-interaction events, for example that a screen was viewed or a feature was used.
This analytics data:
- Is anonymous: it is tied to a random identifier generated on your device, not to your name, email, Apple ID, or any advertising identifier.
- Excludes your protocol and health data: it never includes your dose logs, compounds, doses, schedules, notes, side effects, vials, weights, or any other content you enter.
- Excludes your location: IP-based location lookup is disabled, and your IP address is discarded on receipt rather than stored.
- Is processed in the EU: events are sent to PostHog's European infrastructure.
We use this only to improve PinPoint. It is never sold, never used for advertising, and cannot be used to identify you.
Information we do NOT collect
Beyond the anonymous, aggregate analytics described above, PinPoint does not collect:
- We do not use crash reporting services
- We do not track your location
- We do not use advertising identifiers
- We do not use cookies or web tracking
- We do not collect email addresses, names, or account information (there are no accounts)
- We do not use advertising or cross-app tracking SDKs
How We Use Your Information
Your locally stored data is used exclusively to:
- Display your dose history, schedules, and metrics within the App
- Calculate reconstitution concentrations and injection volumes
- Generate estimated compound level charts based on your dose history and published pharmacokinetic data
- Suggest injection site rotation based on your usage history
- Provide daily metric tracking and weight trend visualizations
Data Sharing
We never sell your data, and we never share your protocol or health data with anyone. Specifically:
- We operate no servers of our own
- No data is shared with advertising networks or data broker services
- No data is sold, rented, or traded
The only data that leaves your device is:
- iCloud sync to your own Apple account (if enabled)
- Data export that you explicitly initiate (PDF, CSV, or JSON files shared via the iOS share sheet to a destination you choose)
- Subscription processing through Apple and RevenueCat, limited to purchase and entitlement information, not your protocol data
- Anonymous usage analytics through PostHog, limited to product-interaction events and never your protocol or health data (see above)
Data Retention and Deletion
- Your data persists on your device until you delete it within the App or delete the App itself
- Deleting the App removes all locally stored data
- iCloud data can be managed through your iCloud storage settings
- There is no account to "delete" because there are no accounts
Children's Privacy
PinPoint is not directed at children under 17. The App is rated 17+ due to its medical/health information content. We do not knowingly collect information from children.
Security
Your data is protected by:
- iOS device encryption (your device passcode/biometric)
- Apple's iCloud encryption for synced data
- No network transmission (except iCloud sync managed by Apple)
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last Updated" date at the top. Continued use of the App after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy, contact us at:
Email: [email protected]
California Residents (CCPA)
We do not sell personal information. We do not collect personal information beyond what is stored locally on your device. For questions about your rights under CCPA, contact us at the email above.
European Residents (GDPR)
Your protocol and health data are processed locally on your device. Anonymous, aggregate usage analytics are processed by PostHog on EU-based infrastructure and cannot be used to identify you. iCloud sync, if enabled, is governed by Apple's Data Processing Agreement and your Apple ID account settings. For questions about your rights under GDPR, contact us at the email above.