Privacy Policy

The controller responsible for data processing on glp-journal.click is:

glp-journal.click (sponsored by pathways digital SL), C/ Gremi de Sabaters 21, 07009 Palma, Spain.

Contact: support@glp-journal.click

This Privacy Policy explains how we collect, use, store, and protect personal data when you use glp-journal.click, a personal GLP-1 progress journal.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Account data: email address and authentication credentials managed through our authentication provider.

Profile and journal data you voluntarily provide: date of birth, sex, height, activity level, medication type, injection dates and dosages, body measurements, weight, progress photos, notes, and computed health metrics (such as BMI, BMR, and TDEE).

Technical data: information necessary to operate and secure the service, such as session identifiers, request metadata, and error logs from our hosting infrastructure.

We do not require you to enter health-related data, but the service is designed to store such data if you choose to provide it.

Providing the journal service, including account management, data storage, and displaying your progress: performance of a contract (Art. 6(1)(b) GDPR).

Securing the platform, preventing abuse, and maintaining service reliability: legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights.

Processing health-related journal data you enter: performance of a contract and, where required, your explicit consent through account registration and continued use of the service.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Some information you enter may qualify as health-related or otherwise sensitive personal data.

You are responsible for deciding what information to share and for ensuring it is accurate and appropriate for your personal tracking purposes.

We process this data solely to provide the journal features you use. We do not use your journal content for advertising or unrelated profiling.

We use Supabase as our infrastructure provider for authentication, database storage, and file storage (including progress photos).

Supabase processes data on our behalf under a data processing agreement and applicable contractual safeguards.

Data may be stored in cloud infrastructure operated by Supabase and its sub-processors. We select providers that support appropriate technical and organizational security measures.

We retain your account and journal data for as long as your account is active.

If you delete your account or request erasure, we delete or anonymize associated personal data unless retention is required by law or for legitimate security purposes (for example, short-lived backup retention).

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, authenticated sessions, and database row-level security.

No method of transmission or storage is completely secure. We continuously work to maintain a level of security appropriate to the risk of the data we process.

Under the GDPR, you may have the right to access, rectify, erase, restrict processing, object to certain processing, and receive a copy of your data in a portable format.

You may also lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

To exercise your rights, contact us at support@glp-journal.click. We will respond within the timeframes required by applicable law.

We may later introduce Plausible Analytics to understand aggregated website usage, such as page views and referral sources.

Plausible is designed to be privacy-friendly: it does not use advertising cookies, does not track users across websites, and anonymizes IP addresses.

If enabled, analytics would apply only to general site usage statistics and would not include your personal journal content, health measurements, or uploaded photos.

We will update this Privacy Policy before activating analytics and, where required, provide any additional notice or consent mechanism.

We may update this Privacy Policy to reflect legal, technical, or operational changes.

Material changes will be published on this page with an updated version date.