Peakdose Logo Peakdose

Privacy Policy

Effective date: 2026-06-20

Introduction

This Privacy Policy explains how Peakdose Ltd ("we," "us," or "our") handles your personal information collected through the Peakdose app ("the App"). Peakdose Ltd is the data controller for your personal data.

Eligibility (18+)

The App is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover we have collected personal information from someone under 18, we will delete it.

Information We Collect

  • Email address: Collected for account creation, login, and essential service communications.
  • Health and lifestyle data: For example, resting heart rate, blood pressure, body weight, sleep duration and quality, stress level, and step count. You choose what to enter.
  • Marketing preferences: If you opt in, we record your consent to send you marketing emails and product updates. This is optional and is off by default.

Legal Bases for Processing

  • Performance of a contract: To provide and maintain your account and the App's core features.
  • Consent: For processing health ("special category") data and for marketing communications. You can withdraw consent at any time in the App or by contacting us.
  • Legitimate interests: For occasional, non-promotional product and user research with people who already use the App, as described under User Research below. You can object at any time.
  • Legal obligations: Where we must retain limited information to meet legal or regulatory requirements.

How We Use Your Information

We use your information to provide the App's features, maintain your account, and respond to your requests. If you opt in to marketing, we may send you marketing emails and product updates. Separately, and only if you have not objected, we may occasionally invite you to take part in user research, as described under User Research below. We do not sell your data or use it for third‑party advertising or analytics.

User Research

From time to time we may invite existing users to take part in product research, such as short surveys, feedback questions, or interviews about how you use the App and how it could be improved. These are genuine research communications. They are not advertising and do not promote or upsell any product; marketing messages are sent only to people who have opted in to marketing.

  • What we use: your account contact details (your email address) and basic information about how you use the App. We do not use your health or bloodwork data to invite you to research.
  • Why: to understand what works, what does not, and what to build next, so the App serves you better.
  • Lawful basis: legitimate interests (UK GDPR/EU GDPR Article 6(1)(f)). We have weighed this interest against your rights and freedoms and limited it to occasional, non-promotional research with people who already use the App, which is within your reasonable expectations as a user.
  • Your right to object: you can object at any time, for any reason, using the unsubscribe link in any research email or by emailing contact@peakdoseapp.com. If you object, we will not contact you for research again.

Special Category (Health) Data

Health information is "special category" data under UK GDPR/EU GDPR. We process this data only with your explicit consent, which you provide when you enter the information into the App. You can withdraw consent at any time; doing so may limit certain features.

Bloodwork Data

If you choose to use the bloodwork parsing feature, additional special-category data is processed alongside the categories above. The rules in this section are specific to that feature; the rest of this Privacy Policy continues to apply.

  • What we collect: the bloodwork files you upload (PDFs and images) and the structured measurements extracted from them, including marker name, value, unit, lab reference range (where present), lab name, and date.
  • Why we collect it: to display your historical bloodwork trends in the App.
  • Lawful basis: UK GDPR Article 9(2)(a), explicit consent. You grant consent in the App before any bloodwork file is uploaded, and you can revoke it at any time under Settings → Bloodwork parsing.
  • Storage: uploaded files and extracted measurements are stored by Supabase in London under row-level access control. Only your account can read your files.
  • Sub-processor used in parsing: uploaded files are passed to a parsing service that runs Anthropic Claude Sonnet 4.6 on AWS Bedrock. AWS (Amazon Web Services EMEA SARL) is the named sub-processor; Anthropic does not receive your data when the model runs on Bedrock. Inference uses AWS Bedrock's EU cross-region inference profile (model identifier eu.anthropic.claude-sonnet-4-6:0), which routes requests across Bedrock endpoints in Ireland, the United Kingdom, Germany, and France. Your data does not leave the European Economic Area. The relationship is bound by a signed Data Processing Agreement that contractually excludes your data from model training and limits retention to the duration of the parse call.
  • Retention: bloodwork files and measurements are kept until you delete the individual entry or your account. There is no automatic retention period.
  • Your rights: the rights listed under Your Rights below apply equally to bloodwork data, including consent revocation under Settings → Bloodwork parsing and account deletion under Settings → Delete account.

For a plain-language walkthrough of what happens when you upload a report, see How bloodwork parsing works.

Data Storage and Security

Your data is stored and encrypted (at rest and in transit) by Supabase, our cloud service provider. Supabase acts as our data processor and hosts data on servers located in the European Union. We apply technical and organisational measures to protect your data.

International Transfers

We do not transfer your personal data outside the UK/EU. If this changes, we will implement appropriate safeguards (e.g., adequacy decisions or standard contractual clauses) and update this policy.

Sharing of Your Information

We do not share your personal information with third parties, except with service providers acting under our instructions (such as Supabase) or where required by law.

Your Rights

Under UK GDPR/EU GDPR you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time (for health data and marketing)

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). For details, see ico.org.uk.

Data Retention

We retain your personal information only while your account is active. When you delete your account, associated data is permanently deleted. For detailed instructions on how to delete your account, please see our account deletion page. If you have opted in to marketing, we keep your contact details for that purpose until you withdraw consent. If we contact you for user research under our legitimate interests, we keep your contact details for that purpose until you object or delete your account.

Cookies and Tracking

The App does not use cookies or other tracking technologies.

Compliance and Jurisdiction

We process personal data in accordance with UK GDPR, the Data Protection Act 2018, and, where applicable, EU GDPR. This Privacy Policy is governed by the laws of England and Wales.

Changes to this Privacy Policy

We may update this policy from time to time. If we make material changes, we will notify you via the App or email. The latest version will always be available in the App.

Contact Information

If you have questions or wish to exercise your rights, contact us at contact@peakdoseapp.com.

Peakdose Ltd

Features

  • PED Tracking
  • Health Monitoring

Company

  • Privacy Policy
  • Terms of Service
  • Health Data Policy

© 2026 Peakdose. All rights reserved. Privacy Policy