← My Pep Calc

Legal

Privacy Policy

Last updated: April 24, 2026

Gromby LLC, dba My Pep Calc ("we," "us," "our," or "My Pep Calc") operates mypepcalc.com (the "Site") and the associated web application (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

Summary in one paragraph. We collect the minimum information we need to run the Service: your email address, what you track inside the app (compounds, doses, rotation sites, logs you create), and technical information about how you use the Service. We do not sell your personal information. We use industry-standard processors to run the business (authentication, payments, analytics, email). You can delete your account at any time.

1. What we are, and what we are not

My Pep Calc is a tracking and logging tool. You use it to record information about health protocols you run with your own healthcare provider. We are not a telehealth provider, a pharmacy, a compounding facility, a medical device, a clinical service, or a HIPAA covered entity. We do not have access to your prescribing relationship. We do not diagnose, prescribe, or advise on any compound or protocol.

2. Information we collect

2.1 Information you give us

  • Account information. Email address, name (optional), password or passwordless credential (handled by our auth provider, Clerk).
  • Payment information. We do not store card numbers. All payment data is handled by Stripe under Stripe's privacy practices.
  • Content you create. Anything you enter in the Service — compounds, doses, reconstitution inputs, rotation sites, notes, logs, goals.
  • Communications. Email exchanges if you contact us at hello@mypepcalc.com.
  • Survey responses. Optional post-signup survey ("how did you hear about us").

2.2 Information we collect automatically

  • Device and usage information. IP address, browser type, OS, page URLs, referrer, clicks, session duration, approximate geographic location (country + region, not street address), errors encountered.
  • Cookies and similar technologies. See § 6.
  • Analytics events. Anonymous and authenticated product-usage events.

2.3 Information we do not collect

  • We do not collect your government IDs.
  • We do not collect your full medical record, doctor's identity, or insurance information.
  • We do not use biometric identifiers (face, fingerprint).
  • We do not access contacts, photos, or files on your device.
  • We do not collect data about anyone other than the account holder.

3. How we use information

  • Provide, operate, and secure the Service
  • Process LTD purchases and subscriptions
  • Send transactional email (welcome, receipts, password resets, product updates you asked for)
  • Send marketing email (only if you opted in; one-click unsubscribe in every email)
  • Measure how people use the Service to improve it
  • Investigate fraud, abuse, or policy violations
  • Comply with our legal obligations

We do not use your content to train any AI model we build or sell.

4. Who we share information with

4.1 Service providers ("processors")

We share information with vendors who perform services on our behalf. Each processes data under a written agreement and only to the extent necessary.

VendorPurposeData types
ClerkAuthenticationEmail, identity
StripePayment processingName, email, payment token
ConvexBackend databaseAccount data, content you create
MailgunTransactional & marketing emailEmail, email-interaction events
PostHogProduct analyticsUsage events, pseudonymous identifier
SentryError monitoringError stack traces, request context
VercelHostingRequest logs

4.2 Legal reasons

We may share information if we believe in good faith it is necessary to comply with a law, regulation, subpoena, or court order; protect our rights, property, or safety; or investigate fraud, abuse, or a security issue.

4.3 Business transfers

If we are acquired or reorganized, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.4 With your consent

We will share information outside the above only with your explicit consent.

We do not sell your personal information. For California residents: we have not sold personal information in the past 12 months and do not intend to.

5. How long we keep information

  • Account data: for as long as your account is active, then 30 days after deletion (to allow account recovery).
  • Payment records: 7 years (tax/audit requirement).
  • Marketing email records: until you unsubscribe, then a suppression list entry indefinitely to honor the unsubscribe.
  • Analytics events: 24 months rolling.
  • Server logs: 90 days.
  • Backups: up to 35 days after deletion.

6. Cookies

We use cookies for:

  • Essential cookies: authentication session (Clerk), fraud prevention (Stripe), security (CSRF).
  • Analytics cookies: pseudonymous identifiers (PostHog).
  • Attribution cookies: a 30-day cookie storing the UTM parameters of the first page you arrived on, so we know which content brought you.

7. Your choices and rights

You have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to fix data that's wrong.
  • Deletion — ask us to delete your account and associated data.
  • Portability — receive your data in a portable format.
  • Opt out of marketing — one-click unsubscribe in every marketing email.
  • Restriction / objection — ask us to stop certain processing.

To exercise any right, email hello@mypepcalc.com. We will respond within 30 days.

7.1 California residents (CCPA/CPRA)

In the past 12 months we have collected the categories of personal information described in § 2. We have not sold or shared (for cross-context behavioral advertising) any personal information. You have the rights listed in § 7, plus the right to designate an agent to act on your behalf.

7.2 EEA / UK residents (GDPR)

Legal bases we rely on: performance of a contract (providing the Service), legitimate interests (running the business, protecting against abuse), consent (marketing email, non-essential cookies), legal obligation. You may lodge a complaint with your supervisory authority. Cross-border transfers rely on Standard Contractual Clauses where applicable.

8. Children

The Service is not intended for anyone under 18. We do not knowingly collect information from children under 18. If you believe a child has used the Service, contact us and we will delete the account.

9. Security

We use reasonable administrative, technical, and physical safeguards, including TLS in transit, encryption at rest (at processor layer), least-privilege access internally, multi-factor authentication for admin accounts, regular dependency security updates, and monitoring for anomalies. No system is perfectly secure. If we discover a breach affecting you, we will notify you as required by law.

10. International users

The Service is hosted in the United States. If you use it from outside the US, your information will be transferred to and processed in the US. By using the Service, you consent to this transfer.

11. Changes to this policy

We may update this policy. Material changes will be communicated by email or a banner on the Site and take effect no sooner than 30 days after notice. Continued use after the effective date means you accept the change.

12. Contact

Gromby LLC, dba My Pep Calc
Irvine, California, USA
Email: hello@mypepcalc.com