Shotsy Privacy Policy
Effective Date: May 31, 2024
Last Updated: March 6, 2026
Introduction
We built Shotsy to help people taking GLP-1 medications feel more supported, organized, and in control of their health.
Using Shotsy means sharing some information with us (and, depending on the platform, with a small number of service providers that help us run the app). We take that responsibility seriously.
This Privacy Policy explains:
- What we collect
- How we use it
- Who we share it with
- Your rights and choices
- How to contact us
We’ve also created a separate Health Data Privacy Policy with extra details about sensitive health information.
Where This Policy Applies
| Platform | How it works |
|---|---|
| iOS App | No user account required. Your individual health entries are stored in your private iCloud database associated with your Apple ID. If you’re an iOS user in the United States, we also collect anonymous experience data used for aggregated trend analysis (you can opt out anytime in Privacy Settings). |
| Android App | Requires Google Sign-In. Your app data is stored in Google Firebase so you can sync across devices and recover your account. |
| Website | Static marketing site that uses limited analytics (Google Analytics) to understand traffic and improve the site. We do not design the website to collect health data. If you submit health information through a form, we will use it only to respond to you and handle it as sensitive. Please do not submit health information through website forms or support requests unless it is necessary. |
Key Terms (Plain English)
- Health data: Information about your health that you enter or import into the app (for example, injections, side effects, weight, nutrition).
- Anonymous experience data: Analytics data we design to ensure anonymity so it is not intended to be reasonably linkable back to you. We use it only to create aggregated summaries and trends.
- Aggregated trend analysis: Looking at patterns across groups of users (for example, counts, averages, distributions), not individual records.
What We Collect (and Why)
Account Information (Android only)
- Google Sign-In email address
- A platform-generated user ID associated with your account
Why? To let you log in, sync your data, and recover your account on Android devices.
Health Data (Optional)
If you choose to track your health in Shotsy, we process the information you enter, such as:
- GLP-1 injection records (date, site, dose, time)
- Side effects and wellness notes
- Weight, protein intake, calories, and water intake
Why? To provide Shotsy’s core features and help you stay organized.
Apple Health / Health Connect (Optional)
With your permission, we can import certain data (like weight or nutrition) from:
- Apple Health (iOS)
- Health Connect (Android)
Why? To make it easier to track your progress from other apps.
Anonymous Experience Data Used for Aggregated Trend Analysis (iOS users in the United States)
If you’re using the iOS app in the United States, we collect anonymous experience data to help us understand broader trends and improve Shotsy. We use this data in aggregated form for trend analysis (for example, summary statistics across groups of users). We do not collect: name, email, phone, Apple ID, advertising identifiers (IDFA), IP address, precise location, or free-text fields.
How we determine “iOS users in the United States”: We use high-level signals (device and storefront region settings). We do not use precise location to provide this feature.
We currently limit this feature to iOS users in the United States as part of a staged rollout and region-specific compliance approach.
What it may include (examples)
Examples of anonymous experience data may include counts and distributions such as:
- Counts of injections logged (analyzed in aggregate)
- Distribution of injection sites (analyzed in aggregate)
- Side effect frequency (analyzed in aggregate)
- Feature usage related to tracking tools (analyzed in aggregate)
- App performance and reliability signals (for example, crash frequency)
- General app context like app version and OS version
Anonymization commitment
This analytics data is designed to be anonymous. We remove direct identifiers and take steps intended to prevent the data from being reasonably linked back to you. We purposefully exclude all free-text fields, including notes and any custom side effect names, because free text may include identifying information.
We do not use anonymous experience data to identify you, and we do not attempt to reidentify it.
Where it’s stored
- Supabase (as anonymous experience data)
How we use it
We use it primarily by generating aggregated summaries to:
- Understand broader trends
- Improve features
- Prioritize product improvements
- Monitor reliability and performance
Opt-out
- This feature is on by default because it is designed to be anonymous.
- You can opt out anytime from Privacy Settings in the app.
- If you opt out, we stop collecting these analytics going forward.
Deletion note
Because this analytics data is anonymous and not maintained in a way that is intended to be linked back to a specific person, we may not be able to locate or delete specific historical analytics records for an individual. You can always opt out to stop future collection.
Legal Bases (EEA/UK and similar regions)
If you are in the European Economic Area (EEA), the United Kingdom, or another region that requires a legal basis for processing, we process your information under the following bases:
- Contract (performance of a contract): To provide Shotsy’s core features (for example, saving and syncing your data, enabling exports, and delivering subscription features where applicable).
- Legitimate interests: To keep Shotsy reliable and secure, prevent fraud and abuse, debug issues, improve performance, and understand how the app is used (including anonymous experience data used for aggregated trend analysis) so we can improve it.
- Consent (where required): For optional features or uses that require consent under applicable law (for example, Apple Health / Health Connect imports, and certain cookies or similar technologies on our website). You can withdraw your consent at any time in the app or through your device/browser settings.
- Legal obligations: To comply with applicable laws and respond to lawful requests from regulators, courts, or law enforcement.
If you have questions about our legal bases or want to object to processing based on legitimate interests, contact us at support@shotsyapp.com.
Device & Technical Information
We (and our service providers) may automatically collect limited technical information such as:
- Device type and OS version
- App version and basic diagnostics
- Crash reports and performance logs (to fix bugs and improve reliability)
- Network and request metadata that may be processed by service providers as part of providing the service (for example, IP address may be processed and temporarily logged for security, abuse prevention, and routing; we do not store IP address as part of the anonymous experience data described above)
- For website visits: usage data collected via cookies and similar technologies (see Cookies)
Why? To keep the app reliable, secure, and working properly.
Payment and Subscription Information
Subscriptions are processed by the Apple App Store (iOS) or Google Play Store (Android). We do not receive your full payment card details.
We use RevenueCat to manage subscriptions. This typically includes subscription status and related purchase metadata (for example, whether a subscription is active), so the app can unlock premium features and support troubleshooting.
Non-Health Usage Analytics & Attribution
We use analytics to understand how the app is used and how people discover Shotsy.
| Service | Purpose | What we send (high level) |
|---|---|---|
| Mixpanel | Product analytics | Non-health app interactions (for example, navigation, settings interactions, onboarding flow completion) and basic app context (for example, app version) |
| AppsFlyer | Attribution | Install/source attribution data (how someone found Shotsy) and limited device/app context used for attribution |
| Google Analytics | Website analytics | Website usage data (pages visited, approximate location/region, browser/device info). We use analytics to measure traffic, not to target ads. |
Important: We take steps to minimize data sharing and avoid sending your health entries (injection logs, dosage, side effects, weight entries, or wellness notes) through these tools.
All analytics data is encrypted in transit.
Where & How We Store Your Data
| Platform | Storage | Notes |
|---|---|---|
| iOS | Apple iCloud Private Database | Your individual health entries are stored in your private iCloud database associated with your Apple ID. Shotsy does not have access to your Apple ID credentials. |
| iOS (US only) | Supabase | Stores anonymous experience data used for aggregated trend analysis (unless you opt out in Privacy Settings). |
| Android | Google Firebase | Stores app data securely so you can sync and recover your account. |
| Reliability | Crashlytics | Used for crash reporting and performance monitoring. |
| Subscriptions | RevenueCat | Stores subscription status and related purchase metadata. |
| Support | Zendesk | Stores support conversations/tickets and any information you choose to include when contacting support. |
| Website | Google Analytics | Stores website analytics data. |
Some data may be processed by trusted service providers (listed below) to help us operate and improve Shotsy.
How Long We Keep Your Data
| Data Type | Retention |
|---|---|
| iOS health entries in iCloud | Until you delete them from iCloud (see Exporting or Deleting Your Data). |
| Android app data in Firebase | Until you delete your account (or specific data) in the app. |
| Anonymous iOS (US) experience data | Kept only as long as reasonably necessary for product improvement, security, and trend analysis. |
| Support tickets (Zendesk) | Kept as long as reasonably necessary to provide support, maintain records of requests, and comply with legal obligations. |
| Crash/performance logs | Retained for a limited period for debugging and reliability, then deleted or aggregated as appropriate. |
| Website analytics | Retained according to Google’s analytics settings and standard policies. |
Your Privacy Rights
Depending on where you live, you may have rights to:
- Access your data
- Export your data
- Correct inaccurate data
- Delete your data
- Restrict or object to certain uses
- Withdraw consent at any time
You can manage many choices directly in the app’s Settings, including:
- Exporting or deleting your data
- Opting out of iOS (US) anonymous experience data in Privacy Settings
You can also email us: support@shotsyapp.com
Requests, verification, and appeals
To protect your privacy, we may need to verify your request before fulfilling it (for example, by confirming access to the relevant account on Android or confirming details about your request).
If we deny a request, you can appeal by replying to our response email or contacting support@shotsyapp.com. We will review and respond as required by applicable law.
Who We Share Data With (and Why)
We share data with service providers that help us run Shotsy. These providers are permitted to use data only to provide services to us (and not for their own independent purposes), subject to applicable contracts and safeguards.
| Vendor | Purpose |
|---|---|
| Apple iCloud | iOS data storage (private iCloud database) |
| Supabase | Storage for anonymous iOS (US) experience data used for aggregated trend analysis |
| Google Firebase | Android data storage and authentication |
| RevenueCat | Subscription management |
| Crashlytics | Crash reporting and app reliability |
| Mixpanel | Non-health product analytics |
| AppsFlyer | Attribution analytics |
| Google Analytics | Website analytics |
| Zendesk | Customer support ticketing and communications |
We do not sell your data.
We do not share your health data for targeted advertising.
Support communications
If you contact us (for example, by email or through support), we will use the information you provide to respond and resolve your issue. We use Zendesk to manage support tickets. If your support request includes health details, we treat that information as sensitive and use it only to help you.
Legal requirements
We may disclose information if required by law or legal process (for example, a subpoena), or if we believe disclosure is necessary to protect rights, safety, and security.
Corporate transactions
If Shotsy is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will provide notice when required by law.
Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information, such as access controls and encryption in transit (and, where supported by our providers, encryption at rest).
No method of transmission or storage is 100% secure, but we work hard to protect your information and improve our safeguards over time.
Data Controller
Shotsy Co. is the data controller responsible for your information under this Privacy Policy. Shotsy is based in the United States.
For privacy requests or questions, contact: support@shotsyapp.com
International Data Transfers
Your data may be stored or processed in the United States or other locations where our service providers operate. Where required (such as under GDPR), we use appropriate safeguards like Standard Contractual Clauses (SCCs) approved by regulators.
Children’s Privacy
Shotsy is not intended for children under 13 (or the minimum age in your area). We do not knowingly collect data from children.
Cookies
Our website uses cookies and similar technologies (such as Google Analytics) to understand site traffic and improve the site.
You can control cookies through your browser settings. Some analytics providers may collect information about your online activities over time and across different websites or online services when you use our website.
Exporting or Deleting Your Data
| Platform | How |
|---|---|
| iOS | You can export data from the app. To delete iOS health entries stored in iCloud, remove Shotsy’s data from iCloud storage in your device settings and/or delete entries within the app where available. |
| Android | Export or delete your data anytime from the app’s Settings screen, including deleting your account. |
Need help? Contact support@shotsyapp.com
Changes to This Policy
We may update this policy from time to time. We’ll post the latest version at shotsyapp.com/privacy. If changes are material, we will provide additional notice where required (for example, via in-app notice or email where applicable).
Contact Us
Email us anytime at: support@shotsyapp.com
Shotsy Health Data Privacy Policy
Last Updated: February 21, 2026
This Health Data Privacy Policy supplements our main Privacy Policy and explains how we handle sensitive health information.
What Counts as Health Data in Shotsy
Health data includes information you enter or import about:
- GLP-1 injections (date, site, time, dosage)
- Side effects and well-being notes
- Weight, protein intake, calories, and water intake
- Related wellness and tracking information you choose to store in the app
Health Data Storage
We store health data securely and separately from basic contact information.
- iOS: Your individual health entries are stored in your private iCloud database associated with your Apple ID.
- Android: Your app data is stored in Firebase and tied to your account and a platform-generated user ID.
Sources of Health Data
We collect health data from:
- You (when you enter information in the app)
- Apple Health (if you enable Apple Health import)
- Health Connect (if you enable Health Connect import)
Why We Use Health Data
We use health data to:
- Provide Shotsy’s core functionality
- Help you track your progress and support your experience
- Improve app reliability and security
- Comply with legal obligations
We do not use health data for targeted advertising.
We do not sell health data.
Anonymous iOS (US) Experience Data Used for Aggregated Trend Analysis
If you’re an iOS user in the United States, Shotsy also collects anonymous experience data to understand broader trends and improve the product.
- We design this analytics data to be anonymous and use it only to produce aggregated insights.
- We purposefully exclude all free-text fields, including notes and any custom side effect names, because free text may include identifying information.
- We do not attempt to reidentify this data.
- You can opt out anytime in the app’s Privacy Settings. If you opt out, we stop collecting it going forward.
- Because this analytics data is anonymous and not intended to be linked back to a specific person, we may not be able to locate and delete specific historical analytics records for an individual.
How We Share Health Data
We share health data only in limited circumstances:
- Service providers necessary to operate the app (for secure storage, syncing, authentication, subscription status, and reliability).
- Support (only if you contact us and the information is needed to resolve your issue; we use Zendesk to manage support tickets).
- Legal requirements (if required by law, subpoena, or similar legal process).
- Corporate transactions (if Shotsy is acquired, merged, or reorganized, with notice where required).
We do not share health data for targeted advertising and do not sell health data.
Third-Party Collection
When you use our website, certain third parties (such as analytics providers) may collect information about your online activities over time and across different websites or online services. We do not intend to allow third parties to collect health data from you on the website.
Within the app, we do not send your health entries (injection logs, dosage, side effects, weight entries, or wellness notes) to Mixpanel or AppsFlyer.
Your Rights
You have the right to:
- Access your health data
- Export your health data
- Delete your health data
- Withdraw consent at any time
Most actions can be done directly in the app’s Settings.
If we deny a request, you can appeal by emailing us. If you’re still unsatisfied, you may contact your state Attorney General or other regulator, depending on where you live.
Contact: support@shotsyapp.com