Privacy Policy

Dosefi (“we,” “our,” or “us”) operates the Dosefi mobile application and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

Because Dosefi is an aesthetic protocol logbook that handles sensitive health-adjacent data, we take your privacy seriously. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account information — email address, account identifier, and third-party authentication token when you create or sign in to an account.
• Protocol logs — records you enter including substance or protocol name, amount, unit, site, date, and time.
• Treatment records — records of aesthetic treatments such as Botox, microneedling, skin boosters, and similar procedures.
• Daily check-ins — self-reported wellness data including skin clarity, energy levels, mood, and other subjective metrics you choose to log.
• Body metrics — weight and any other body measurements you voluntarily enter.
• Photos and face map notes — optional progress photos, templated face map notes, and visual markings you choose to add to a log or protocol. In the current app version, these files are stored locally on your device unless you explicitly choose to send them to us for support.
• Notes — free-text notes you attach to logs or check-ins.
• Support information — email address and any information you include when contacting support, such as your device model, operating system version, or description of an issue.

1.2 Information Collected Automatically

• Device and app information — device type, operating system version, app version, and user- or account-level technical identifiers used for authentication and security. We do not access the IDFA (Identifier for Advertisers) or use device identifiers for advertising or cross-app tracking.
• Security and rate-limit data — IP address or hashed IP address, request timestamps, and similar technical data used to protect the website and prevent abuse.
• Diagnostics you provide — device model, operating system version, app version, screenshots, error descriptions, or logs you choose to send when contacting support.

1.3 Information We Do Not Collect

We do not collect government ID numbers, payment card numbers (payments, if any, are processed by third-party providers who handle their own data), or precise GPS location.

2. Face Data

Dosefi includes optional face mapping for visual recordkeeping. The face map is a simple templated face diagram that you may mark up as a logging reference to remember where a face-related session was recorded. The face data Dosefi may collect is limited to a templated face map note or optional photos you manually create inside the app, such as a face map image attached to a protocol or log entry.

• Dosefi does not use Face ID, TrueDepth APIs, facial recognition, face geometry, biometric templates, or biometric authentication.
• Dosefi does not identify you, verify your identity, infer sensitive traits, diagnose conditions, or recommend treatment from face data.
• Face map notes and optional photos are used only so you can visually remember where you logged an aesthetic treatment or protocol.
• Face data and optional photos are stored locally on your device in the current app version. They are not uploaded to Supabase, RevenueCat, advertising networks, data brokers, or third-party AI services unless you explicitly choose to send a screenshot or file to us for support.
• Face data and optional photos are retained until you delete the related log or protocol, delete your Dosefi account, remove the app from your device, or manually remove the file where your device allows it.

3. Sensitive Health Data

The data you log in Dosefi — including injection records, treatment history, body metrics, and wellness check-ins — may constitute health-adjacent or sensitive personal data under applicable law. We treat this data with the highest level of care:

• We use this data only to provide Dosefi features, show your personal timelines and charts, maintain security, troubleshoot issues, and improve app reliability. We do not use this data for advertising, marketing, or unrelated profiling.
• We do not sell, rent, or trade your health-adjacent data to third parties.
• We do not use your health-adjacent data for advertising purposes.
• We do not share your health-adjacent data with insurance companies, employers, or data brokers.

4. How We Use Your Information

We use the information we collect to:

• Create and maintain your account and deliver the core features of the Service.
• Generate personal timelines, charts, and summaries from your logged data.
• Send transactional notifications (e.g., reminders you configure, account security alerts).
• Diagnose technical problems and improve app stability.
• Protect the website from abuse and maintain service reliability.
• Comply with legal obligations.
• Respond to your support requests.

We do not use your data for behavioral advertising, third-party marketing, or profiling outside the scope of the Service.

5. Data Storage and Security

Your account, profile settings, protocol records, logs, check-ins, and subscription status are stored in the cloud using Supabase, a hosted backend platform. Supabase stores database records with security controls including encryption in transit (TLS) and platform-managed protections.

Optional progress photos and face map files are stored locally in the app sandbox on your device in the current version of Dosefi. These files are not uploaded to cloud storage unless a future version adds sync and this policy is updated before that change.

We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security.

Your data is stored using Supabase, our cloud infrastructure provider. Data is stored in the geographic region selected for the Supabase project at the time of setup. By using the Service, you consent to your data being stored and processed in that region. For details on available hosting regions, see supabase.com/docs/guides/platform/regions.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service providers — trusted third-party vendors who process data on our behalf under data processing agreements. These include: Supabase (authentication, database hosting, and file storage) and RevenueCat (subscription management). Any third party that processes user data on our behalf is required to provide the same or equal protection of user data as described in this Privacy Policy and required by applicable law.
• Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Dosefi, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or in-app notice before such a transfer occurs and before your data becomes subject to a different privacy policy.
• With your consent — in any other case where you have given explicit consent.

We do not send your protocol logs, photos, notes, or health-adjacent data to third-party AI services, and we do not use your personal data to train AI models.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account in the app by going to Settings and tapping the red Delete account link below the Dosefi logo, Dosefi deletes your account and associated cloud records immediately where technically feasible. Residual backups, security logs, or records we are legally required to keep may be retained for up to 30 days or as required by law.

Local photos and face maps are removed from the app’s local storage during account deletion where the operating system permits app-managed file cleanup. They are also removed if you uninstall the app.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your account and associated data. You may also delete your account directly in the app by going to Settings and tapping the red Delete account link below the Dosefi logo.
• Portability — request a machine-readable export of your data.
• Restriction — request that we restrict processing of your data in certain circumstances.
• Objection — object to processing of your data where we rely on legitimate interests as the legal basis.
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at hello@dosefi.app. We will respond within 30 days.

9. Children’s Privacy

The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, contact us at hello@dosefi.app.

10. Cookies and Tracking

The Dosefi mobile app does not use browser cookies. Our website may use essential storage technologies required for authentication and security (via Supabase). We do not use advertising cookies or third-party tracking pixels on our website. See our Cookie Policy for details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, where the changes are material, notify you by email or in-app notification. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.