Privacy Policy

Effective date: June 3, 2026 · CW Enterprises

1. What We Collect

• Account data: Email address and hashed password (PBKDF2, 100,000 iterations, SHA-256).
• Tracking data: Peptide names, planner entries, vial records, dose logs, and cycle dates you enter.
• Push subscription: Browser endpoint URL and encryption keys, only if you enable notifications.
• Session token: UUID stored in browser localStorage; expires after 30 days.

2. How We Use Your Data

Your data is used solely to provide the PeptideOS service to you. We do not sell, share, or transfer your data to any third party for marketing purposes.

3. Storage & Security

Data is stored in Cloudflare D1 (SQLite), which is encrypted at rest. Passwords are never stored in plaintext — only a salted PBKDF2 hash. Session tokens are stored in Cloudflare KV with a 30-day expiry.

4. Data Retention

Your data is retained as long as your account is active. You can delete all data at any time from Settings → Danger Zone. Deletion is permanent and immediate.

5. No Third-Party Sharing

We do not sell your data. We do not share your data with advertisers, data brokers, or analytics providers.

6. Push Notifications

If you enable push notifications, your browser push subscription (endpoint URL and encryption keys) is stored in our database solely to send you dose reminders. You can unsubscribe at any time from Settings.

7. GDPR / Rights

If you are in the EU or UK, you have the right to access, correct, or delete your personal data. Contact us at claude@cwenterprises.net to exercise these rights.

8. Changes

We may update this policy. We'll note the effective date at the top of this page.

© 2026 CW Enterprises. All rights reserved. · Terms of Service