Privacy Policy

Last updated: April 19, 2026

This Privacy Policy explains how Clarity Digital Therapeutics Inc. ("Clarity", "we", "our") collects, uses, discloses, and protects information in connection with the Pepture mobile application and the pepturepeptides.com website (together, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Summary

Pepture is designed to minimize the data we collect and to keep your health-related entries private. We do not sell your personal information. We do not share your protocol data with advertisers. You own your data and can export or delete it at any time from within the app.

2. Data we collect

Account data. When you create an account, we collect an email address and an encrypted password. An email address is required to sync data across devices and to recover access if you lose your device.

Protocol data. This is the data you enter in Pepture: peptide names, doses, reconstitution math, injection times and sites, cycle timelines, stack groupings, symptoms, biomarkers, notes, and attachments such as vial photos. Protocol data is stored on your device and, if you opt in, synced to our servers over TLS for cross-device access.

Health data from integrations. If you connect Apple Health or an Android health integration, Pepture reads categories you explicitly authorize (for example, weight, sleep, active energy). You control exactly which categories are shared, and you can revoke access at any time in the relevant OS settings.

Device and diagnostic data. We collect limited diagnostic data (app version, device model, operating system version, crash logs) to diagnose bugs and improve stability. This data is not tied to your protocol entries.

Website analytics. The pepturepeptides.com website uses Cloudflare Web Analytics, which is cookieless and does not fingerprint visitors. We collect aggregate counts of page views, referrers, and country-level geography. No per-visitor profile is built.

3. Data we do not collect

We do not run advertising trackers, do not sell your data, and do not use your protocol data to train third-party AI models. Pepture does not require a social login and does not tie your health entries to a public profile.

4. How we use data

We use account data to authenticate you and sync your records. We use protocol data solely to provide the app's core functionality: calculating doses, running cycle math, rendering the body map, tracking adherence, generating exports you request, and sending reminders you schedule. We use diagnostic data to find and fix bugs. We do not use your protocol data for marketing.

5. Legal bases (GDPR)

For users in the European Economic Area, the United Kingdom, and Switzerland, we process personal data under the following legal bases: performance of a contract (providing the Service you signed up for), legitimate interests (diagnostics, security, product improvement at the aggregate level), consent (health integrations, marketing emails), and legal obligations (responding to lawful requests).

6. Your rights

Depending on your jurisdiction you may have the right to access, correct, delete, export, restrict, or object to processing of your personal data. You can exercise most of these rights directly in the app: export creates a CSV and PDF of your data, delete account removes your data from our servers. To make a rights request in writing, email support@claritydtx.com and we will respond within the statutory timeframe (typically 30 days).

California residents (CCPA/CPRA). You have the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. The "Do Not Sell or Share My Personal Information" right is automatically satisfied for all users of the Service.

7. HIPAA alignment

Pepture is a consumer self-tracking app and is not a covered entity under HIPAA. We align our data handling with HIPAA Security Rule principles (access controls, encryption in transit and at rest, audit logging, least privilege) as a voluntary practice. If you enter Pepture into a clinical workflow that requires a Business Associate Agreement, contact us before doing so.

8. Children

Pepture is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a minor has created an account, email us and we will delete the account.

9. Data retention

We retain account and protocol data for as long as your account exists. When you delete your account we remove your protocol data from our production systems within 30 days, and from encrypted backups on a rolling 90-day cycle.

10. Security

We use TLS for all network traffic, encrypt data at rest in our primary database, enforce least-privilege access for employees, log administrative access, and run periodic security reviews. No system is perfectly secure; notify us immediately at support@claritydtx.com if you suspect a security issue.

11. International transfers

Clarity is headquartered in Canada. Our production infrastructure runs on cloud providers whose data centers are located in Canada and the United States. Where we transfer data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and equivalent safeguards.

12. Service providers

We use a small number of vetted service providers to operate the Service: cloud hosting, transactional email, crash reporting, and payment processing for in-app purchases. Each provider is bound by a data processing agreement that restricts their use of data to providing the service we contract for.

13. Changes to this Policy

If we materially change this Policy we will post the updated version at this URL and update the "Last updated" date above. For significant changes we will attempt to notify you in the app.

14. Contact

Clarity Digital Therapeutics Inc.
Email: support@claritydtx.com