Privacy Policy

Privacy Policy

Last updated: 19 May 2026

This Privacy Policy explains how OVIO LTD ("we", "us", "our") collects, uses, and protects your personal information when you use the GLP Trackr mobile application ("the App") and related services.

1. Who We Are

GLP Trackr is operated by OVIO LTD, a company registered in England and Wales (Company Number: 16090993), with registered address at 109 Coleman Road, Leicester, LE5 4LE.

For data protection purposes, OVIO LTD is the data controller of personal information you provide through the App.

Contact:
Email: hello@glptrackr.com
Data Protection Lead: Superintendent Pharmacist (GPhC: 2217101)

2. About the App

GLP Trackr is a self-tracking and educational app designed for users of GLP-1 weight management medications such as Mounjaro® (tirzepatide) and Wegovy® (semaglutide). The App helps users log doses, track weight and body measurements, record side effects, scan meals using AI, and view personalised insights.

GLP Trackr is not a medical device, prescribing service, or healthcare provider. It is a personal tracking tool. Always consult a qualified healthcare professional for medical advice.

GLP Trackr is operated separately from EveryDayMeds (also operated by OVIO LTD). Data collected via the App is not automatically shared with EveryDayMeds and vice versa.

3. Information We Collect

3.1 Account Information

  • Name
  • Email address
  • Password (encrypted)
  • Date of birth (optional)
  • Country/region

3.2 Health and Tracking Data

  • Current medication, dose, and dosing schedule
  • Weight, height, BMI
  • Body measurements (waist, hips, chest, arms, thighs)
  • Side effects logged
  • Mood, energy, hunger ratings
  • Injection site rotation history
  • Progress photos (stored on your device and our encrypted servers)
  • Goal weight and target dates

3.3 Meal and Activity Data

  • Meal photos taken or selected from your gallery
  • Estimated nutrition data (calories, macros) derived from AI analysis
  • Step count and activity data (where you grant Activity Recognition permission)
  • Sleep and wellness data (where you grant Apple Health permission, iOS only)

3.4 Subscription and Payment Data

Payments are processed via Apple App Store (iOS) or Google Play (Android). We do not store your payment card details. We receive only:

  • Subscription status (active, expired, cancelled)
  • Subscription tier
  • Anonymised transaction identifier

3.5 Technical Data

  • Device type, operating system, and version
  • App version and crash logs
  • Anonymised usage analytics (screens visited, features used)
  • IP address (used for security and approximate location only)

4. How We Use Your Information

4.1 To Provide the Service

  • Save and display your dose logs, weight records, and tracking history
  • Generate AI-powered meal nutrition estimates
  • Provide reminders, predictive side effect insights, and personalised tips
  • Sync data across your devices

4.2 To Improve the App

  • Identify and fix bugs and crashes
  • Understand which features are most useful
  • Develop new features based on aggregated, anonymised usage patterns

4.3 To Communicate With You

  • Send transactional emails (account verification, password resets, subscription receipts)
  • Send service announcements (if you opt in to marketing)
  • Respond to support enquiries

4.4 For Legal and Safety Reasons

  • Comply with applicable laws and regulatory requirements (UK GDPR, Data Protection Act 2018)
  • Detect and prevent fraud or abuse
  • Respond to lawful requests from authorities

5. AI Processing of Meal Photos

When you use the meal scanning feature, your meal photo is transmitted to a third-party AI provider (currently OpenAI, via secure API) for analysis. The AI returns an estimated nutritional breakdown.

  • Meal photos are transmitted over an encrypted connection
  • Photos are not used to train AI models, per our data processing agreement with the provider
  • Photos may be temporarily cached on the AI provider's infrastructure for up to 30 days for abuse prevention, then deleted
  • We do not share your identity or account details with the AI provider — only the image

You can use the App without the AI meal scanning feature. All other tracking features work without external AI processing.

6. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract — to deliver the App and services you have subscribed to
  • Explicit consent — for special category health data (UK GDPR Article 9(2)(a))
  • Legitimate interest — to improve the App, prevent fraud, and ensure security
  • Legal obligation — to comply with applicable laws

Health and wellness data is considered "special category data" under UK GDPR. We only process this data with your explicit consent, which you provide when creating your account and acknowledging this Privacy Policy.

7. Sharing Your Information

We do not sell your personal data. We share data only with:

  • Cloud infrastructure providers (Supabase, hosted in the EU) — for storing your account and tracking data
  • AI service providers (OpenAI) — for meal photo analysis (image only, no identifying data)
  • Analytics providers (Firebase Crashlytics, Firebase Analytics) — for crash reporting and anonymised usage analytics
  • Push notification providers (Firebase Cloud Messaging, Apple Push Notification Service) — for reminders and notifications
  • Payment processors (Apple, Google) — for subscription management (only subscription status, no card data)
  • Regulators or authorities — only if legally required

All third-party processors are bound by data processing agreements requiring them to handle your data securely and only for the stated purpose.

8. Data Storage and International Transfers

  • Your account and tracking data is stored on encrypted servers in the European Union (Supabase EU region)
  • AI meal analysis is processed in the United States (OpenAI servers). This transfer is protected under Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Crash reports and analytics are processed by Google (Firebase) in the United States, under equivalent safeguards

9. Data Retention

We retain your personal data only as long as necessary:

  • Active accounts: for as long as your account is active
  • Cancelled accounts: anonymised within 90 days of cancellation, except where legally required to retain longer
  • Subscription/payment records: 6 years (UK tax compliance)
  • Crash logs and analytics: 14 months, then automatically deleted

You can request deletion of your account and data at any time via the App's Settings menu or by emailing hello@glptrackr.com.

10. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data ("right to erasure")
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to certain types of processing
  • Withdraw consent at any time

To exercise any of these rights, email hello@glptrackr.com. We will respond within one month.

11. Children's Privacy

GLP Trackr is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.

12. Data Security

We protect your data through:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls — only authorised staff can access user data
  • Regular security audits and penetration testing
  • ISO 27001-certified cloud hosting infrastructure

No system is 100% secure. If we become aware of a data breach affecting you, we will notify you and the Information Commissioner's Office within 72 hours as required by UK GDPR.

13. Cookies and Tracking

The App does not use third-party advertising cookies or tracking pixels. We do not display advertisements within the App.

We do not share data with advertising networks or data brokers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. We will notify you of material changes via in-app notification or email.

15. Complaints

If you have concerns about how we handle your data, please contact us first at hello@glptrackr.com so we can resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

  • Website: https://www.ico.org.uk
  • Phone: 0303 123 1113
  • Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF