Privacy Policy

Dosefi (“we,” “our,” or “us”) operates the Dosefi mobile application and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

Because Dosefi is an aesthetic protocol logbook that handles sensitive health-adjacent data, we take your privacy seriously. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account information — email address and password (or third-party auth token) when you create an account.
• Protocol logs — injection records including substance name, dose, injection site, date, and time.
• Treatment records — records of aesthetic treatments such as Botox, microneedling, skin boosters, and similar procedures.
• Daily check-ins — self-reported wellness data including skin clarity, energy levels, mood, and other subjective metrics you choose to log.
• Body metrics — weight and any other body measurements you voluntarily enter.
• Photos — progress photos you choose to upload. These are stored securely and are never shared without your explicit action.
• Notes — free-text notes you attach to logs or check-ins.

1.2 Information Collected Automatically

• Device information — device type, operating system version, and unique device identifiers.
• Usage data — screens viewed, features used, timestamps of interactions, and crash reports.
• Log data — IP address, app version, and error logs collected when the app encounters problems.

1.3 Information We Do Not Collect

We do not collect government ID numbers, payment card numbers (payments, if any, are processed by third-party providers who handle their own data), or precise GPS location.

2. Sensitive Health Data

The data you log in Dosefi — including injection records, treatment history, body metrics, and wellness check-ins — may constitute health-adjacent or sensitive personal data under applicable law. We treat this data with the highest level of care:

• We use this data only to provide and improve the Service for you.
• We do not sell, rent, or trade your health data to third parties.
• We do not use your health data for advertising purposes.
• We do not share your health data with insurance companies, employers, or data brokers.

3. How We Use Your Information

We use the information we collect to:

• Create and maintain your account and deliver the core features of the Service.
• Generate trend analyses, charts, and insights from your logged data.
• Send transactional notifications (e.g., reminders you configure, account security alerts).
• Diagnose technical problems and improve app stability.
• Comply with legal obligations.
• Respond to your support requests.

We do not use your data for behavioral advertising, third-party marketing, or profiling outside the scope of the Service.

4. Data Storage and Security

Your data is stored in the cloud using Supabase, a hosted backend platform. Supabase stores data in encrypted databases and applies industry-standard security controls including encryption at rest and in transit (TLS).

We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security.

Your data is stored using Supabase, our cloud infrastructure provider. Data is stored in the geographic region selected for the Supabase project at the time of setup. By using the Service, you consent to your data being stored and processed in that region. For details on available hosting regions, see supabase.com/docs/guides/platform/regions.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service providers — trusted third-party vendors (e.g., Supabase for database hosting, crash reporting tools) who process data on our behalf under data processing agreements with restrictions consistent with this policy.
• Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Dosefi, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or in-app notice before such a transfer occurs and before your data becomes subject to a different privacy policy.
• With your consent — in any other case where you have given explicit consent.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law or for legitimate business purposes such as fraud prevention or dispute resolution.

Aggregated, anonymized analytics data that cannot be linked to you may be retained indefinitely.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your account and associated data. You may also delete your account directly in the app under Settings › Account › Delete Account.
• Portability — request a machine-readable export of your data.
• Restriction — request that we restrict processing of your data in certain circumstances.
• Objection — object to processing of your data where we rely on legitimate interests as the legal basis.
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at hello@dosefi.app. We will respond within 30 days.

8. Children’s Privacy

The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, contact us at hello@dosefi.app.

9. Cookies and Tracking

The Dosefi mobile app does not use browser cookies. Our website uses a small number of essential cookies required for authentication and security (via Supabase). We do not use advertising cookies or third-party tracking pixels on our website. See our Cookie Policy for details.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, where the changes are material, notify you by email or in-app notification. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.