Guide
Private GLP-1 tracking, explained.
Published 2026-06-10.
Why it matters
A dose log is a medical record.
Why keep a GLP-1 record off the cloud?
A GLP-1 log carries more than dates. It documents a prescription medication, a weekly schedule, injection sites, side effects, and a weight curve. Health data held by app vendors is only as safe as their business model, security, and retention practices, and unlike a clinician's chart, a wellness app's database is typically not covered by HIPAA. The simplest way to shrink those risks is for the record never to leave your phone.
The checklist
Five checks before you download.
How do you evaluate a tracker's privacy?
You can answer four of these five from the App Store listing alone, before the app ever runs.
Where records live
Local-first apps store your log in on-device storage. If the app needs an account to function, your protocol history lives on someone's server.
What the privacy label says
Every App Store listing carries a privacy label. Look for what is collected, what is linked to your identity, and what is used for tracking.
Which Health permissions it wants
Read-only Apple Health access can chart trends without the app writing to your health record. If an app wants write access, it should say why.
Whether you can leave
A private record is also a portable one. Local CSV or JSON export means the history is yours to keep, move, or hand to a clinician.
What the business sells
If the product is free and cloud-based, ask what funds it. An app that sells compounds, ads, or coaching has reasons to want your data richer and stickier.
How PepTrak measures up
Built to pass its own checklist.
How does PepTrak implement private tracking?
PepTrak's current iOS app stores protocol records in on-device SQLite with no public account system and no cloud sync for protocol records. Apple Health access is optional and read-only, limited to body mass, resting heart rate, and blood glucose. Exports are local CSV and JSON files through the iPhone share sheet, and the Privacy Policy and Health Data Policy put the posture on the public record. The same model covers peptide protocols as well as GLP-1.
Guide FAQ
Privacy questions, short answers.
What do privacy-minded users ask?
What is a local-first health app?
A local-first app treats your device as the primary home of your data: records are created, stored, and read on the phone itself, rather than living on a server behind an account. PepTrak's current iOS app stores protocol records in on-device SQLite with no public account system.
Why does privacy matter for a GLP-1 shot log?
A dose log is a medication record: it can reveal a diagnosis, a treatment choice, and a weight history. Keeping it on-device limits who can ever see, sell, breach, or subpoena it.
Can a tracking app work without an account?
Yes. Schedules, dose logs, reminders, side-effect notes, and exports can all run on the device. An account becomes necessary only when data leaves it, for sync, community, coaching, or analytics.
How does PepTrak handle GLP-1 privacy?
Protocol records stay in on-device storage; Apple Health access is optional and read-only for body mass, resting heart rate, and blood glucose; exports are local CSV or JSON files; and PepTrak does not sell HealthKit data or use it for advertising.