Privacy Policy

Last updated: May 1, 2026

Short version: Bo stores your peptide library, doses, injection sites, and streak data locally on your device. We do not sell your data. We use a privacy-respecting analytics provider (PostHog, EU region) to understand how the app is used in aggregate.

1. Data we collect

1.1 On-device data

Your peptide library (names, vial size, BAC water, default units, color, notes)
Dose logs (date, units, mg, tablet count, injection site, notes)
Streak count and earned freezes
App preferences (reminder time, sex pick for body map)

This data is stored on your device using Apple's SwiftData and never leaves it.

1.2 Subscription data

If you subscribe to Bo Premium, our payments partner RevenueCat and Apple process the transaction. We receive entitlement status (active / not active) but never your payment details.

1.3 Analytics

We use PostHog (EU Cloud, GDPR-compliant) to capture anonymous, aggregated product analytics — onboarding completion, paywall views, dose logged counts, feature usage. Each install is identified by a randomly-generated UUID. We do not capture any personally identifiable information, and we do not link analytics to advertising networks.

2. How we use the data

To run the app — your library and logs power every screen
To deliver subscription benefits (RevenueCat / Apple)
To improve the app — anonymous usage analytics tell us which features need work

We never sell your data. We never use it for advertising.

3. Notifications

If you grant notification permission, Bo schedules local notifications for daily dose reminders, streak protection, and re-engagement. These are scheduled and delivered entirely on your device — no server is involved.

4. Data sharing

We share data only with these processors, strictly to deliver the service:

Apple — App Store, payments, push delivery
RevenueCat — subscription management
PostHog (EU) — anonymous product analytics

5. Your rights

Under GDPR/CCPA you have the right to access, correct, export, or delete your data. Because all your peptide data lives on your device, deleting the app removes it instantly. To request deletion of your analytics record (UUID-keyed), email melv.m@gmx.at.

6. Children

Bo is not directed at children under 13. We do not knowingly collect data from children.

7. Security

App data sits inside Apple's app sandbox and is encrypted by iOS at rest. Network traffic to RevenueCat and PostHog is over TLS 1.2+.

8. International transfers

Analytics are stored in PostHog's EU region (Frankfurt). Subscription data may transit through US data centers via Apple and RevenueCat under their published safeguards.

9. Changes

We will update this page when our practices change and revise the "Last updated" date above.

10. Contact

Melvin Morina · melv.m@gmx.at