The short version
Your health data is yours. We collect only what's needed to run the app. We store it securely with row-level isolation. We never sell it, share it, or use it for advertising. You can delete everything at any time by emailing support@preptrackr.app.
The sections below explain each point in detail. If something isn't clear, email us.
1. Who we are
PrEP Trackr is a personal health tracking app for people on PrEP (pre-exposure prophylaxis). It is operated by the PrEP Trackr team. You can reach us at support@preptrackr.app.
2. What data we collect
We collect only the data required to operate the app and provide the features you use.
| Data type | Why we collect it |
|---|---|
| Email address and name | To create and authenticate your account. |
| Dose logs | Timestamps of when you log a PrEP dose. Optional: photos of your pill and notes you add. |
| Testing records | HIV and STI test dates and results that you choose to enter. |
| Lab results | Values you enter (e.g. CD4, viral load, kidney function markers). |
| App settings | Reminder times, notification preferences, PrEP type, pill supply count. |
| Push notification token | A browser-issued token that allows us to send dose reminders to your device. Stored per device. Deleted when you unsubscribe. |
| Session data | An authentication token stored in your browser to keep you signed in. This is a standard session cookie and is not used for tracking. |
We do not collect: location data, contacts, browsing history, device identifiers, or any data beyond what you explicitly enter into the app.
3. How your data is stored and secured
PrEP Trackr uses Supabase as its backend database, hosted on AWS infrastructure in the United States. All data is stored with row-level security (RLS) enabled — meaning database rules enforce that your records can only be read or written by your own authenticated account. No other user can access your data, and no staff access is routine.
All data is transmitted over HTTPS (TLS). Passwords are never stored in plain text — authentication is handled by Supabase Auth, which uses bcrypt hashing.
Photos you attach to dose logs are stored in Supabase Storage, also scoped to your account with access controls.
4. What we never do with your data
- We do not sell your data. Ever. To anyone.
- We do not share your data with advertisers, data brokers, insurance companies, employers, or any third party.
- We do not use your health data for advertising or to build profiles for marketing.
- We do not use third-party analytics trackers (such as Google Analytics, Meta Pixel, etc.) that would expose your data to other companies.
- We do not connect to your clinic, pharmacy, or health system. Your app records are entirely separate from any medical records.
5. Push notifications
If you enable dose reminders, your browser creates a push subscription token and we store it in the database. This token is used exclusively to send you notifications you've requested. We do not use it to track usage or send unsolicited messages. You can unsubscribe at any time in the app's settings, which deletes the token from our database.
6. Third-party services
We use a small number of third-party services to operate the app:
- Supabase (database and auth) — Privacy policy
- Vercel (web hosting) — Privacy policy
- Cloudflare Turnstile (bot protection on signup form) — uses no user data for profiling; Privacy policy
No other third-party services receive your health data or personal information.
7. Your rights and choices
- Access: You can view all your data in the app at any time.
- Correction: You can edit or delete individual records in the app.
- Deletion: You can request complete deletion of your account and all associated data by emailing support@preptrackr.app. We will confirm deletion within 7 days.
- Export: If you want a copy of your data before deleting, let us know and we'll provide it.
- Notifications: You can disable push notifications in the app settings at any time, which removes your push token from our database.
8. Data retention
We retain your data as long as your account is active. If you delete your account, all data is permanently deleted within 7 days. We do not maintain backups of deleted user data beyond standard infrastructure backup windows (30 days), after which it is fully purged.
9. Children
PrEP Trackr is not intended for use by people under 18. We do not knowingly collect data from minors. If we become aware that we have done so, we will delete the account and associated data promptly.
10. Changes to this policy
If we make material changes to this privacy policy, we will update the "last updated" date at the top and, if the changes are significant, notify active users by email. Continued use of the app after a change constitutes acceptance of the updated policy.
11. Contact
Questions about this policy, requests to access or delete your data, or any privacy concerns: email us at support@preptrackr.app. We respond to all privacy-related requests within 7 days.