Last updated: 20 March 2026 (rev. 3)
titra is a GLP-1 medication tracking app. Using it means sharing some information with us — and depending on the features you enable, with a small number of service providers that help us run the app. We take that responsibility seriously.
This policy explains what we collect, how we use it, who we share it with, and your rights. We've kept it as plain as possible.
Questions? Email info@titrapp.com.
Health data (optional) — If you choose to track your health in titra, we process the information you enter: medication doses, injection sites, side effects and notes, weight entries, and any wellness data you add. This is used solely to provide the app's tracking and insight features. If you enable Cloud Sync, this data is encrypted and stored on our servers (Supabase, hosted on AWS). Without Cloud Sync, everything stays on your device.
Account information (Cloud Sync only) — If you create a Cloud Sync account, we collect an email address and generate an account ID. Without Cloud Sync there is no account and no identifier stored on our servers.
Apple Health / Health Connect (optional) — With your explicit permission, titra can import the following data from Apple Health or Android Health Connect: steps, active and total calories, resting heart rate and heart rate variability, sleep, body weight, body fat percentage, hydration, nutrition (protein and dietary energy), and workout activity. This data is displayed locally in the app. If you opt in to Community Insights, anonymised averages (rounded to broad buckets) of steps, sleep, heart rate, and active calories may be included in your weekly community snapshot — other types are not shared. Raw health data from these integrations is not transmitted to our servers beyond what Community Insights shares.
Community Insights data (opt-in only) — If you choose to participate, titra submits a weekly anonymous snapshot to support aggregated benchmarks across GLP-1 users. See the Community Insights section below for full detail on what is and isn't included.
Analytics — We use PostHog (EU Cloud) to understand how features are used and improve the app. Analytics events include things like "dose logged" or "export used" — they do not include health entries, medication details, or free-text notes. If you are signed in with Cloud Sync, events are associated with your Supabase account ID. You can opt out of analytics at any time in Settings.
Crash and error reporting — We use Sentry to capture crashes and errors so we can fix them. Sentry may automatically collect device type, OS version, app version, IP address, and a session identifier as part of standard crash context. We apply scrubbing rules to reduce unnecessary data capture, but standard crash reporting metadata — including IP address — may be processed by Sentry. No health data or free-text content is included in crash reports. See Sentry's privacy policy for their data handling practices.
Subscription information — Subscriptions are processed by Google Play or the Apple App Store. We do not receive your payment card details. Subscription status is managed through RevenueCat, which receives only an anonymous app user ID and subscription metadata.
Device and technical information — We and our service providers may automatically collect limited technical information such as device type, OS version, app version, and network metadata. This is used to keep the app reliable and secure.
Community Insights is entirely opt-in and can be toggled on or off at any time in Settings.
What is shared (all anonymous): Medication type and dose, weight change since starting (not your actual weight), BMI category (not exact BMI), side effect types and severity, gender and age range, adherence percentage, weekly goal, and if Health Sync is enabled: rounded averages of steps, sleep, heart rate, and active calories.
What is never shared: Your name, email, device ID, exact weight, height, date of birth, free-text notes, location, or Supabase account ID. Community data uses a random anonymous cohort ID generated per app install — it is not linked to your account in any way.
Community data is stored in a separate Supabase table with no connection to user accounts. Aggregated benchmark results are only shown when at least 10 anonymous users exist for a given medication and dose combination.
Because this data is designed to be anonymous and is not maintained in a way intended to be linked back to a specific person, we may not be able to locate or delete specific historical community records for an individual. You can always opt out to stop future collection.
We use your data to provide titra's features, keep the app reliable and secure, understand how features are used so we can improve them, manage your subscription, and comply with legal obligations.
We do not use your health data for targeted advertising. We do not share your health entries with advertising networks or data brokers.
We may in the future use aggregated, anonymised data — such as anonymised community insights — for purposes including research partnerships or product development. If we do this, it will be based on data that is designed not to be linkable back to you, and we will update this policy accordingly.
If you are in the European Economic Area or the United Kingdom, we process your information under the following legal bases:
| Data | Where | Notes |
|---|---|---|
| Health entries (no sync) | On your device only | Nothing leaves your phone |
| Health entries (Cloud Sync) | Supabase (AWS us-east-1) | Encrypted in transit and at rest |
| Community Insights data | Supabase (AWS us-east-1) | Separate table, no link to accounts |
| Analytics | PostHog (EU Cloud) | No health data included |
| Crash reports | Sentry (US) | May include device metadata and IP address |
| Subscription status | RevenueCat | Anonymous ID and subscription metadata only |
Your data may be stored or processed in the United States or other locations where our service providers operate. Where required — for example under GDPR — we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by regulators to protect data transferred internationally.
| Data type | Retention |
|---|---|
| On-device health data | Until you delete it or uninstall the app |
| Cloud Sync health data | Until you delete your account or request deletion |
| Community Insights data | Kept as long as reasonably necessary for product improvement and benchmarking |
| Analytics | Retained per PostHog's standard retention settings |
| Crash logs | Retained for a limited period for debugging, then deleted or aggregated |
| Subscription records | Retained as required to manage subscriptions and resolve disputes |
titra uses the following third-party services. This list is provided in full to comply with applicable privacy laws including the Washington My Health My Data Act and similar statutes requiring explicit disclosure of all processors.
| Service | Purpose | Data received | Health data? | Policy |
|---|---|---|---|---|
| Supabase (AWS us-east-1) | Cloud sync & community data storage | Encrypted health data (if sync enabled); anonymous community snapshots (if opted in) | Yes — encrypted at rest and in transit | supabase.com/privacy |
| RevenueCat | Subscription management | Anonymous app user ID and subscription status only | No | revenuecat.com/privacy |
| PostHog (EU Cloud) | Product analytics | Feature usage events (e.g. "dose logged") and account ID if signed in. No health data or free-text content. | No | posthog.com/privacy |
| Sentry | Crash and error reporting | Stack traces, device OS/version, app version, session identifier, and standard crash metadata which may include IP address. No health data or free-text content. | No | sentry.io/privacy |
| AppsFlyer | Install attribution and ad campaign measurement | Install source, device type, OS version, app version, and in-app conversion events (e.g. onboarding completed, subscription started). No health data or free-text content. | No | appsflyer.com/legal/privacy-policy |
We do not use advertising networks or data brokers to serve ads within the app or to share user data for targeting purposes. If we add a new third-party service, this list will be updated and an in-app notice will be shown.
We share data only with the service providers listed above, who are permitted to use it only to provide their services to us. We do not sell your personal data or health data. We do not share your health entries with advertisers or ad networks.
We may share aggregated, anonymised data (such as anonymised community benchmarks) with partners for research or product development purposes in the future. This would involve data that is not intended to be linkable back to you as an individual.
We may also disclose information if required by law, legal process, or to protect rights, safety, and security.
Corporate transactions: If titra is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice where required by law.
titra+ includes features such as the Medication Level Tracker, Side Effect Patterns, and Dose Journey Planner. These run entirely on your device using pharmacokinetic models — your data is not sent to external services for processing.
App lock uses a PIN hashed with SHA-256 — your PIN is never stored in plain text. Biometric authentication is handled by your device's secure enclave. Cloud Sync data is transmitted over TLS and stored encrypted at rest. No method of transmission or storage is 100% secure, but we work hard to protect your information.
You can manage many choices directly in the app's Settings, including exporting or deleting your data, opting out of Community Insights, and opting out of product analytics. You can also email us to make a data request.
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, restrict or object to certain uses, and withdraw consent at any time. If you are in the EU/EEA, you also have rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority. If you are in California, you have rights under the CCPA. If you are in Washington state or Nevada, you have rights under health data privacy laws specific to those states.
To exercise any of these rights, use the Settings screen in the app or contact us at info@titrapp.com. We may need to verify your request before fulfilling it. If we deny a request you can appeal by replying to our response, and if you are still unsatisfied you may contact your relevant regulator.
titra is not intended for children under 13 (or the applicable minimum age in your region). We do not knowingly collect data from children.
titra is the data controller responsible for your information under this Privacy Policy. For any privacy questions or requests, contact us at info@titrapp.com.
We may update this policy from time to time. The latest version will always be available at this URL. We will notify users of material changes through an in-app notice.
Questions about your data or this policy? Email us at info@titrapp.com