Privacy Policy

Effective Date: February 2, 2026  |  Last Updated: February 2, 2026

1. Introduction

Pinned.life (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Pinned.life website, mobile applications, and related services (collectively, the “Platform”).

By accessing or using the Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information such as:

  • Name and email address
  • Authentication credentials (managed by our authentication provider)
  • Subscription tier and billing information
  • Profile preferences and settings

2.2 Health and Wellness Data

To provide our services, we collect health-related data that you voluntarily enter into the Platform, including:

  • Safety profile: Health conditions, allergies, and current medications (used for safety alerts and interaction warnings)
  • Injection logs: Dose events, injection sites, timing, and subjective reaction notes
  • Biomarkers: Weight, glucose levels, heart rate, and other self-reported metrics
  • Lab results: Bloodwork data entered manually or parsed from uploaded lab PDFs (ELITE tier)
  • Subjective assessments: Energy, mood, sleep quality, and pain level ratings
  • Progress photos: Images you choose to upload for personal tracking

2.3 Wearable and Device Data

If you choose to connect wearable devices or health tracking services (ELITE tier), we may collect:

  • Heart rate variability (HRV)
  • Sleep duration and sleep quality scores
  • Step counts and activity data
  • Calorie expenditure

This data is collected only with your explicit consent and authorization through the relevant device or service integration.

2.4 Usage Data

We automatically collect certain information when you use the Platform, including:

  • Device type, operating system, and browser information
  • IP address and approximate location
  • Pages viewed, features used, and actions taken
  • Session duration and interaction patterns
  • Error logs and performance data

2.5 Communications

If you contact us via email or support channels, we collect the content of your communications and any information you voluntarily provide.

3. How We Use Your Information

We use the information we collect to:

  • Provide core services: Operate the Platform, process schedules, generate safety alerts, calculate dosing, and track injection site rotation.
  • Safety and compatibility checking: Run your safety profile against our drug-peptide interaction database and safety engine to provide warnings and alerts.
  • AI-powered analysis (ELITE tier): Generate insights, weekly audit reports, correlation analyses, and stacking pattern assessments using your voluntarily entered data.
  • Pharmacokinetic simulation: Calculate serum level curves and peak detection based on your protocol data.
  • Supply management: Track vial inventory, predict reorder timing, and manage vendor information.
  • Analytics and improvement: Understand how users interact with the Platform to improve features and user experience.
  • Communication: Send service notifications, security alerts, and subscription-related messages.
  • Compliance and legal obligations: Comply with applicable laws, regulations, and legal processes.

We do not sell your personal information or health data to third parties.

Pinned.life is a tracking and informational tool. Our safety alerts and interaction warnings do not constitute medical advice and should not replace consultation with a qualified healthcare professional.

4. Health Data: Special Protections

We recognize that health and wellness data is particularly sensitive. We implement the following protections for your health-related information:

  • Encryption at rest and in transit: All health data is encrypted using industry-standard protocols (TLS 1.2+ in transit; AES-256 at rest).
  • Access controls: Health data is accessible only to authenticated users for their own accounts. Our engineering team accesses data only as necessary for service operation and debugging, under strict access controls.
  • No third-party health data sharing: We do not share your health data with advertisers, data brokers, or other third parties for their own purposes.
  • User control: You may export your data at any time (CSV/JSON) and request deletion of your account and associated health data.
  • AI processing: When AI analysis is performed on your data (ELITE tier), it is processed to generate insights for you only. We do not use your individual health data to train general-purpose AI models.

5. Security Measures

We implement and maintain appropriate technical and organizational security measures designed to protect your personal information, including:

  • Industry-standard encryption for data in transit (TLS/SSL) and at rest (AES-256)
  • Secure authentication via our authentication provider with support for multi-factor authentication
  • Regular security assessments and vulnerability testing
  • Role-based access controls limiting employee access to personal data
  • Application-level error monitoring and anomaly detection
  • Secure infrastructure with reputable cloud hosting providers

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach, in accordance with applicable law.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specifically:

  • Account data: Retained for the duration of your account plus 30 days following account deletion to allow for reactivation or data export.
  • Health and usage data: Retained for the duration of your account. Upon account deletion, health data is permanently deleted within 30 days, subject to legal retention obligations.
  • Billing records: Retained as required by applicable tax and financial regulations (typically 7 years).
  • Aggregated and anonymized data: We may retain anonymized, aggregated data that cannot be used to identify you for analytical and product improvement purposes indefinitely.

7. Third-Party Service Providers

We engage trusted third-party service providers to assist in operating the Platform. These providers process data on our behalf and are contractually obligated to protect your information. Our current categories of service providers include:

  • Authentication: Clerk (user authentication and session management)
  • Database and hosting: Convex (real-time database and backend infrastructure)
  • Analytics: PostHog (product analytics and usage insights)
  • Error tracking: Sentry (application error monitoring and performance)
  • Payment processing: Stripe (subscription billing and payment handling)
  • AI processing: Anthropic (Claude) and OpenAI (analysis and insight generation for ELITE tier features)

Each service provider is selected based on their security practices, compliance certifications, and data protection capabilities. We maintain data processing agreements with all providers that handle personal data.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Data processing agreements with all service providers requiring them to protect your data consistent with this Privacy Policy
  • Compliance with applicable cross-border data transfer regulations

By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 General Rights (All Users)

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data portability: Export your data in machine-readable format (CSV/JSON) at any time through the Platform.
  • Withdraw consent: Withdraw consent for data processing at any time, where consent is the legal basis for processing.

9.2 European Economic Area (EEA) Residents — GDPR

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to restriction: Request that we restrict processing of your personal data under certain circumstances.
  • Right to object: Object to processing of your personal data based on our legitimate interests.
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

Our legal bases for processing your data include: performance of a contract (providing our services), your consent (health data processing, wearable integration), legitimate interests (analytics, security, service improvement), and legal obligations.

9.3 California Residents — CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: Request information about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to limit use of sensitive personal information: You may limit the use and disclosure of your sensitive personal information to what is necessary to provide the services.

To exercise any of these rights, contact us at admin@pinned.life. We will respond to verifiable requests within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Platform, maintain your session, remember your preferences, and analyze usage patterns. The types of cookies we use include:

  • Essential cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the Platform to improve our services.
  • Preference cookies: Store your settings and preferences (e.g., theme selection, notification preferences).

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings.

11. Children’s Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to promptly delete that information. If you believe a child under 18 has provided us with personal information, please contact us at admin@pinned.life.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on the Platform
  • Sending an email notification to the address associated with your account
  • Displaying an in-app notification

The “Last Updated” date at the top of this Privacy Policy indicates when the most recent revisions were made. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Pinned.life
Email: admin@pinned.life

For data protection inquiries from EEA residents, you may also contact our Data Protection Officer at admin@pinned.life.