Privacy Policy

1. Introduction and Data Controller

Bridger Apps LLC ("Bridger Apps," "we," "our," or "us") operates the Jabbit mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Data Controller:
Bridger Apps LLC
A Delaware Limited Liability Company
United States
Email: privacy@bridgerapps.com

We are committed to protecting your privacy. Jabbit was designed from the ground up with a privacy-first architecture, meaning your personal health data never touches our servers. We believe you should have complete control over your sensitive health information.

2. Health Data Classification

3. Information We Do NOT Collect

Jabbit does not collect, transmit, or store any of the following on our servers:

• Injection logs, history, or schedules
• Peptide information, selections, or dosing data
• Vial inventory, reconstitution details, or expiration dates
• Progress photos, weight, body measurements, or other biometric data
• Health-related notes, observations, or symptoms
• Serum level calculations or pharmacokinetic estimates
• Apple HealthKit data
• Personal identification information (name, address, date of birth)
• Location data
• Contacts or calendar information

4. How Your Data Is Stored

All data you enter into Jabbit is stored in two places, both under your exclusive control:

4.1 Local Device Storage

Your data is stored locally on your iPhone or iPad using Apple's secure on-device storage mechanisms. This data is protected by your device's security features, including:

• Device-level encryption
• Your passcode, Face ID, or Touch ID
• Apple's Secure Enclave technology

4.2 Your Personal iCloud Account

If you have iCloud enabled for Jabbit, your data syncs to your personal iCloud account using Apple's CloudKit framework. This enables you to access your data across multiple Apple devices. Important points about iCloud sync:

• Data is stored in your private CloudKit container, accessible only through your Apple ID
• All data is encrypted end-to-end by Apple
• We do not have access to your iCloud data
• Only you can access your data through your Apple ID credentials
• Apple's iCloud is subject to Apple's Privacy Policy

You can disable iCloud sync at any time in your device's Settings, in which case your data will remain only on the local device.

5. Information We May Collect

While we do not collect your health data, we may receive limited technical information for app functionality and improvement:

5.1 Crash Reports and Diagnostics

If you opt in to share crash data with developers through your iOS Settings (Settings → Privacy & Security → Analytics & Improvements), we may receive anonymized crash reports to help improve app stability. These reports do not contain your health data.

5.2 App Store Analytics

Apple may provide us with aggregated, anonymized analytics about app usage through App Store Connect. This includes information such as download numbers, general geographic regions, and device types—never individual user data.

5.3 Purchase Information

If you make in-app purchases or subscribe to premium features, the transaction is processed entirely by Apple. We receive confirmation of the purchase (including a transaction ID and subscription status) but never your payment details, credit card information, or billing address.

5.4 Support Communications

If you contact us for support, we may collect information you voluntarily provide, such as your email address and the content of your communication. We will only use this information to respond to your inquiry.

6. Third-Party Services

Jabbit uses the following third-party services:

6.1 Apple iCloud (CloudKit)

Used for syncing your data across your devices. Your data is stored in your private CloudKit container and is subject to Apple's Privacy Policy.

6.2 RevenueCat

Used for managing subscriptions and in-app purchases. RevenueCat receives:

• An anonymized user identifier
• Purchase and subscription status
• Device type and OS version

RevenueCat does not receive any of your health data. See RevenueCat's Privacy Policy.

6.3 No Advertising or Analytics SDKs

Jabbit does not include any advertising SDKs, tracking pixels, or third-party analytics tools that access your personal data. We do not share, sell, or rent your data to advertisers or data brokers.

7. Apple HealthKit Integration

Jabbit may optionally integrate with Apple HealthKit to read or write weight and body measurement data. If you enable this integration:

• It requires your explicit permission through Apple's HealthKit authorization dialog
• We only access the specific data types you authorize (e.g., weight)
• HealthKit data is never transmitted to our servers or any third party
• HealthKit data is used solely to display or sync information within the App
• You can revoke HealthKit permissions at any time in Settings → Health → Data Access & Devices → Jabbit

In accordance with Apple's requirements, we confirm that we do not use HealthKit data for advertising, marketing, or data mining purposes.

8. Data Security

Your data is protected by multiple layers of security:

• Apple's device-level encryption — All data on your device is encrypted
• iCloud's end-to-end encryption — Synced data is encrypted in transit and at rest
• Your device security — Protected by your passcode, Face ID, or Touch ID
• No central database — Since we don't store your health data on our servers, there is no central database that could be breached

While no method of transmission or storage is 100% secure, our privacy-first architecture significantly reduces risk by keeping your sensitive data under your exclusive control.

9. Data Retention and Deletion

Your data remains on your device and in your iCloud account until you choose to delete it. You have complete control over your data and can delete it at any time by:

• Using the "Delete All Data" option in the App's Settings
• Deleting the App from your device (local data will be removed)
• Removing Jabbit data from iCloud via Settings → [Your Name] → iCloud → Manage Storage → Jabbit

If you contact our support team, we retain your communication for up to two (2) years for reference purposes, after which it is deleted.

10. Children's Privacy

Jabbit is not intended for use by anyone under eighteen (18) years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@bridgerapps.com, and we will take steps to delete such information.

For users in the United Kingdom, we note that the UK GDPR sets the age of consent for online services at 13 years. However, due to the nature of our App (health tracking involving self-administered substances), our minimum age requirement is 18 regardless of jurisdiction.

10.5 Research Compounds and Harm Reduction

11. Your Rights Under GDPR (European Union and EEA Users)

If you are located in the European Union or European Economic Area, you have certain rights under the General Data Protection Regulation (GDPR). Because we do not store your health data on our servers, most of these rights are automatically satisfied—your data remains in your exclusive control.

Your rights include:

• Right of Access (Article 15) — You have the right to know what personal data we process about you. Since your health data is stored on your device/iCloud, you already have direct access.

• Right to Rectification (Article 16) — You can correct any inaccurate data directly in the App.

• Right to Erasure (Article 17) — You can delete your data at any time using the App's settings or by deleting the App.

• Right to Data Portability (Article 20) — You have the right to receive your data in a structured, commonly used format. Your data is already stored in your iCloud account under your control.

• Right to Restriction of Processing (Article 18) — You can disable iCloud sync or delete specific data categories within the App.

• Right to Object (Article 21) — You may object to processing of your data for certain purposes.

• Right to Withdraw Consent — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

• Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority in your EU/EEA member state.

Legal Basis for Processing: For the limited technical data we may receive (crash reports, purchase confirmations), our legal basis is:

• Contract performance (Article 6(1)(b)) — To provide the App and subscription services
• Legitimate interests (Article 6(1)(f)) — To improve app stability and prevent fraud
• Consent (Article 6(1)(a)) — Where you have opted in to share crash data

To exercise any of these rights, contact us at privacy@bridgerapps.com. We will respond within one (1) month as required by GDPR.

12. Your Rights Under UK GDPR (United Kingdom Users)

If you are located in the United Kingdom, you have rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 that are substantially similar to those described in Section 11 above.

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Website: ico.org.uk

To exercise your UK GDPR rights, contact us at privacy@bridgerapps.com.

13. International Data Transfers

Bridger Apps is based in the United States. If you access the App from outside the United States, please be aware:

• Your health data is stored on your local device and in your iCloud account. Apple's iCloud has data centers worldwide and processes data according to Apple's Privacy Policy and applicable data transfer mechanisms.

• Limited technical data (crash reports, purchase confirmations) may be processed in the United States.

Transfer Mechanisms (EU/UK): For any personal data transferred from the EU/EEA or UK to the United States, we rely on:

• The EU-U.S. Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Your explicit consent where required

You may request a copy of the applicable transfer mechanisms by contacting privacy@bridgerapps.com.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know — You can request information about the categories and specific pieces of personal information we have collected.

• Right to Delete — You can request deletion of your personal information.

• Right to Correct — You can request correction of inaccurate personal information.

• Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information for cross-context behavioral advertising, so this right does not apply.

• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information: In the preceding 12 months, we may have collected:

• Identifiers — Email address (only if you contact support)
• Commercial Information — Purchase/subscription records (via Apple)
• Internet Activity — Anonymized crash reports (if opted in)

To exercise your California privacy rights, contact us at privacy@bridgerapps.com. We will verify your identity before processing your request.

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Because Jabbit does not track your activity across third-party websites or services, we do not respond to DNT signals. We do not track you regardless of this setting.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• For significant changes, we will provide notice through the App or via email (if you have provided your email to us)
• Your continued use of the App after changes become effective constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically.

17. Third-Party Links

The App may contain links to third-party websites or services (such as Apple's Privacy Policy or RevenueCat's Privacy Policy). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Bridger Apps LLC
Email: privacy@bridgerapps.com

For GDPR/UK GDPR inquiries:
Email: privacy@bridgerapps.com
Subject line: "GDPR Request" or "UK GDPR Request"

We aim to respond to all privacy inquiries within thirty (30) days, or within the timeframes required by applicable law (e.g., one month for GDPR requests).

Summary: Our Privacy Commitments