Privacy Policy

Last updated: April 20, 2026

At GLP Flow, we take your privacy seriously. This policy explains what data we collect across our website, newsletter, and mobile app, how we use it, and your rights.

Summary

• We collect only what we need to run the app and the newsletter.
• We do not sell or share your data for advertising.
• You can delete your account and your data from inside the app at any time.

1. What We Collect in the Mobile App

When you create a GLP Flow account, we collect and store the following:

• Account info: your name, email address, and a unique user ID. Collected when you sign up with email or with Google Sign-In.
• Health info you enter: medication type, injection day, shot history, and any symptoms you log (such as nausea or energy level). We only store what you choose to type in. We do not read from Apple Health, Google Health Connect, or any other health platform.
• In-app activity: meal plans you view, meals you log, and buttons you tap. Used to improve the app.
• Diagnostic info: anonymous performance and crash data so we can fix bugs.
• Device identifiers: a Firebase install ID and a PostHog anonymous analytics ID. These are not tied to your real identity and are not shared with advertisers.

We do not collect your location, your contacts, your photos, or any files from your device.

2. What We Collect on the Website

• Newsletter email address: only if you subscribe. Used to send weekly GLP-1 meal plans, recipes, and tips.
• Basic website analytics: page views and traffic patterns via Cloudflare and Google Analytics. No advertising cookies.

3. Third-Party Services We Use

We work with the following service providers to run GLP Flow. Each one processes specific data on our behalf:

• Firebase (Google): authentication (email sign-in and Google Sign-In), Cloud Firestore (where your account data, shot log, and meal logs are stored), and Firebase Performance Monitoring (anonymous diagnostics). Firebase privacy information.
• PostHog: product analytics. Tracks anonymous in-app events (screen views, button taps) so we can understand how the app is used. Does not receive your health data. PostHog privacy policy.
• Google Sign-In: if you choose to sign in with Google, Google provides us with your name and email. We do not access anything else from your Google account.
• Beehiiv: newsletter delivery. Your email address is stored with Beehiiv only if you subscribe to the newsletter. Beehiiv privacy policy.
• Cloudflare: website hosting and basic traffic analytics. Cloudflare privacy policy.
• Canny: optional feedback board. If you submit feedback through the in-app Send Feedback button, your email and comment are sent to Canny. Canny privacy policy.

4. How We Use Your Data

• To let you sign in, use the app, and sync your data across devices.
• To build meal plans around your injection timing and medication.
• To fix bugs and improve features.
• To send you the newsletter, only if you asked for it.

We do not use your data for advertising, and we do not sell, rent, or trade your information.

5. Data Security

Data sent between your device and our servers is encrypted in transit using industry-standard TLS. Account and health data is stored in Firebase with Google's infrastructure security. We restrict internal access to data on a need-to-know basis.

6. Data Retention

We keep your account data for as long as your account is active. If you delete your account, we delete your profile, shot log, meal logs, and symptom logs from Cloud Firestore right away, and your Firebase Auth account is removed immediately. Anonymous analytics events may be retained for up to 12 months for aggregate trend analysis.

7. Your Rights

• Delete your account from inside the app: open Profile > Delete Account. This permanently removes your profile, shot history, meal logs, and symptom logs.
• Request deletion by email: email hello@glpflow.app and we will delete your account within 5 business days.
• Unsubscribe from the newsletter: every newsletter email has an unsubscribe link.
• Access or correct your data: email hello@glpflow.app and we will help.
• No selling of data: we do not sell, share, or trade your information with anyone for advertising.

8. Children

GLP Flow is not intended for anyone under 18. We do not knowingly collect data from children.

9. International Users

Our servers are located in the United States. If you use GLP Flow from outside the United States, your data will be transferred to and processed in the United States.

10. Changes to This Policy

If we update this privacy policy, we will note the date at the top of this page. Continued use of GLP Flow means you accept the updated policy.

Questions?

Email us at hello@glpflow.app with any privacy questions or concerns.