Privacy Policy

1. Information We Collect

We collect information in the following ways:

Information you provide

When you use GearBuddy, you may provide information such as:

• Account information, including your email address and authentication data
• Profile information, including names or labels you assign to profiles
• Health-related information you choose to enter, such as dosage logs, injection timing, symptom tracking, notes, protocol details, and related content
• Support or feedback messages you send to us

Information collected automatically

When you access or use the Service, we and our service providers may automatically collect certain technical information, such as:

• IP address
• Browser type and version
• Device type, operating system, and general device information
• Referring pages, pages viewed, timestamps, and basic usage data
• Authentication and session information
• Error logs and diagnostic information

Usage analytics (authenticated app)

When you are signed in, we automatically collect information about how you interact with features of the Service, including which sections you visit, which actions you perform (such as logging an entry, opening a tool, or running a simulation), your subscription tier, and a session identifier generated each time you open the app. We do not collect the content of any data you enter — only that an action occurred. This information is linked to your account identifier and stored in our database. This data is used solely for internal product improvement and is not shared with advertising platforms.

Marketing site tracking (public pages, pre-login)

On our public marketing pages (thegearbuddy.fit), we collect information to understand how visitors find us and how they interact with our marketing content. This includes:

• Attribution parameters: URL parameters such as utm_source, utm_medium, utm_campaign, utm_content, and utm_term, and platform-specific click identifiers such as gclid (Google), fbclid (Meta), and rdt_cid (Reddit). These are used to measure which advertising channels drive signups.
• Anonymous visitor identifier: A randomly generated identifier stored in your browser to recognize returning visitors to our marketing site. This identifier is not linked to any health-context data.
• On-site behavior: Pages viewed, time on page, scroll depth, CTA interactions, and other engagement signals on our public pages.
• Third-party ad pixels (with consent): If you consent to the Advertising / Marketing category in our cookie consent banner, third-party pixels from advertising platforms (such as Reddit, Meta, and Google) may collect information about your visit to our marketing pages. This data is subject to those platforms' own privacy policies. See Section 4 for details on how to manage your consent.

Marketing site tracking applies only to our public marketing pages. No third-party ad pixel or marketing tag fires on any page of the authenticated app (pages accessible after you log in).

Conversion events sent to advertising platforms (with consent)

If you consent to advertising cookies and you create a GearBuddy account or start a paid subscription, we may transmit two specific events to advertising platforms via their server-side conversion APIs: account creation ("signup_completed") and the start of a Pro subscription ("subscription_started"). For each event, we transmit your hashed email address (processed using SHA-256, a one-way function) and a platform-specific click identifier if one was captured during your visit to our marketing site. We do not transmit any health-related information, protocol data, dose information, or other app activity to advertising platforms under any circumstances.

Information stored on your device

GearBuddy uses local storage, cookies, and similar technologies to:

• Save your preferences and settings
• Keep you signed in
• Store application data locally in your browser
• Remember consent choices and other app state
• Capture and persist first-touch attribution parameters (UTM parameters and click IDs) to measure which channel drove your signup

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate users and manage accounts
• Save and sync user data across devices
• Display charts, estimates, logs, and other application features
• Improve the Service, develop new features, troubleshoot problems, fix bugs, and generate aggregate usage statistics
• Monitor security, prevent abuse, and detect fraud or unauthorized access
• Comply with legal obligations and enforce our terms and policies
• Analyze feature usage patterns to understand how the Service is used, prioritize development, and improve the user experience — this analysis is internal only and does not involve sharing data with advertising platforms
• Measure the effectiveness of our marketing campaigns by attributing signups and paid subscriptions to the advertising channel or source that drove them, using the attribution parameters and conversion events described in Section 1
• With your consent, serve and optimize advertising on third-party platforms using the limited conversion events described in Section 1

3. How We Share Information

We do not sell your personal information.

We do not share your personal information for cross-context behavioral advertising except as described below for conversion reporting, and only with your consent.

We may share information in the following circumstances:

Service providers

We may share information with vendors and service providers that help us operate the Service, including:

• Firebase / Google Cloud for authentication, hosting, and database services
• Stripe for payment processing (subscription transactions only)
• Other infrastructure providers that support storage, logging, security, or delivery of the Service

These providers may process information on our behalf and are permitted to use it only as necessary to provide their services to us, subject to our instructions, contractual restrictions, and their own applicable privacy terms.

Advertising platforms (conversion reporting, with consent)

If you consent to the Advertising / Marketing category in our cookie consent banner, we transmit limited conversion data to advertising platforms (such as Reddit, Meta, and Google) to measure the effectiveness of our campaigns. This consists solely of:

• Account creation ("signup_completed") — transmitted at the moment of successful account creation, from our public signup page
• Subscription start ("subscription_started") — transmitted when a paid subscription is activated

For each event, only a hashed email address and a platform-specific click identifier are transmitted. No health-related data, protocol data, dose logs, symptom information, or any other app activity is transmitted to advertising platforms. We do not share data from the authenticated app with advertising platforms for any purpose.

You can withdraw consent at any time through the cookie settings in our consent banner or by contacting us. See Section 8 for details on exercising your rights.

Legal and safety reasons

We may disclose information if we believe disclosure is reasonably necessary to:

• Comply with law, regulation, subpoena, court order, or other legal process
• Protect the rights, property, or safety of GearBuddy, our users, or others
• Investigate fraud, abuse, security issues, or violations of our terms

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

At your direction

We may share information when you ask us to do so or otherwise consent to the sharing.

4. Cookies, Local Storage, and Consent

GearBuddy uses cookies, local storage, and similar browser technologies in four categories:

Strictly Necessary

Required for the Service to function. These cannot be disabled. They include authentication tokens, session management, security cookies, and fraud-prevention identifiers. No opt-out is available because the Service does not function without them.

Functional

Used to remember your preferences and to capture attribution data (UTM parameters and click IDs) that helps us understand which channel you came from when you signed up. Attribution parameters are stored in your browser and written to your account when you create one. This data stays within GearBuddy's infrastructure and is not transmitted to third parties. We use implied consent for this category — it is active by default, and you may disable it in the consent settings, though doing so may affect certain features.

Analytics

Used to measure how visitors interact with our marketing site — page views, scroll depth, CTA clicks, and similar engagement signals. This data is collected by first-party tools and is not shared with advertising platforms. We use implied consent for this category — it is active by default with notice, and you may disable it in the consent settings.

Advertising / Marketing

Used to serve and measure advertising on third-party platforms. When this category is enabled, third-party ad platform pixels (such as Reddit, Meta, and Google advertising tags) may collect information about your visit to our marketing pages, and we may transmit the conversion events described in Section 3 to those platforms via server-side APIs. This category is off by default and requires your explicit opt-in. You may change your preference at any time through the cookie consent settings, which are accessible from a link in the footer of our marketing site.

Managing your consent

A cookie consent banner appears on your first visit to our marketing site. You can change your preferences at any time by clicking "Cookie Settings" in the footer of our marketing site. Revoking consent for the Advertising / Marketing category stops future data transmission to ad platforms; it does not affect data already transmitted.

You can also control cookies through your browser settings. If you disable all cookies or local storage, some features of the Service may not function properly. Browser storage is accessible to anyone who can access your device and browser profile.

5. Consumer Health Data and Sensitive Information

What we consider consumer health data

GearBuddy is a personal tracking tool for protocols, injections, and symptoms. The data you enter — including dosage logs, compound information, injection schedules, symptom ratings, and body parameters — constitutes consumer health data under applicable state law, including the Washington My Health My Data Act (WA MHMDA) and California Consumer Privacy Act (CCPA/CPRA).

How we protect your health data

Your health-context data is never shared with advertising platforms, data brokers, or third parties for commercial purposes. The authenticated app — every page accessible after you log in — has no third-party advertising pixels, no conversion APIs, and no session replay tools. The two conversion events we may send to advertising platforms (account creation and subscription start) contain only a hashed email address and do not contain any health-related data.

Washington My Health My Data Act

If you are a Washington State resident, the WA MHMDA provides additional rights regarding your consumer health data. We do not share your health data for advertising purposes without your affirmative consent, which you provide (or decline) through the Advertising / Marketing category in our cookie consent banner. You have the right to access, correct, and delete your consumer health data, and to withdraw consent at any time. To exercise these rights, contact us at contact@thegearbuddy.com.

Limit the use of sensitive personal information

Under the California Consumer Privacy Act (CPRA), you have the right to limit our use and disclosure of sensitive personal information. The health-related data you enter into GearBuddy is used only to provide the Service to you — it is not used for advertising, profiling, or shared with third parties for commercial purposes. If you wish to exercise your right to limit the use of your sensitive personal information, you may submit a request at contact@thegearbuddy.com or use the "Limit the Use of My Sensitive Personal Information" link in the footer of our marketing site.

6. Retention

We retain information for as long as reasonably necessary to:

• Provide the Service
• Maintain your account and data
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Retention periods may vary depending on the type of information and the purpose for which it is used. We may retain information for operational, security, legal, and business purposes as needed. You may also remove certain data locally by clearing your browser storage, though that will not necessarily delete cloud-synced data.

7. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect information from unauthorized access, loss, misuse, or alteration, including access controls, encryption in transit, and encryption at rest on supported Firebase/Google Cloud services. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Children's Privacy

GearBuddy is intended for adults aged 18 and older and is not directed to children or minors. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will take reasonable steps to delete it.

9. Your Choices and Rights

Depending on where you live, you may have rights regarding your personal information, including rights to:

• Access the information we hold about you
• Correct inaccurate information
• Request deletion of certain information
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent (including consent to advertising cookies — see Section 4)
• Receive a copy of certain information in a portable format
• Limit the use of your sensitive personal information (California — CPRA)
• Opt out of the sharing of your personal information for cross-context behavioral advertising (California — CCPA/CPRA)
• Opt out of the sharing of your consumer health data for advertising purposes (Washington — MHMDA)

To exercise any applicable rights, contact us at contact@thegearbuddy.com. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law (generally 45 days, with one 45-day extension where permitted).

You may also manage advertising consent directly through the cookie consent settings on our marketing site at any time.

10. International Users

GearBuddy may be operated from the United States or other jurisdictions. If you access the Service from outside the country where our servers or service providers are located, your information may be transferred to, stored in, and processed in jurisdictions that may have different data protection laws than your home jurisdiction.

11. Third-Party Services

The Service uses or integrates with the following categories of third-party services:

• Infrastructure: Firebase / Google Cloud (authentication, hosting, database)
• Payments: Stripe (subscription billing — subject to Stripe's Privacy Policy)
• Advertising platforms (with consent): Reddit, Meta, Google, and other advertising platforms may receive the limited conversion data described in Section 3 when you consent to the Advertising / Marketing cookie category. Each platform's use of that data is governed by their own privacy policies.

This Privacy Policy does not apply to third-party services. We encourage you to review their privacy policies before providing them with information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and may provide additional notice where appropriate. Your continued use of the Service after an update means you accept the revised Privacy Policy.