Privacy Policy

Last updated: June 2026

1. Controller

DR Development and Media LLC, Vazha Pshavela Avenue No 20, 0112 Tbilisi, Georgia
Managing Director: Dimitri Roschkowski
Email: [email protected]

2. Core Principle: Zero-Knowledge

myPeptides is built on a zero-knowledge principle. Your content data (e.g. your peptide entries, plans, tracker data, calculator inputs) is stored primarily locally in your browser (IndexedDB) and does not leave your device unless you enable the optional cloud synchronization. We operate no tracking, no analytics tools, no advertising cookies, and we do not share data with third parties for marketing.

3. What Data Is Processed

a) Local data (on your device, IndexedDB). The content you create in the app is stored locally in your browser. As the operator, we have no access to it. You can delete this data yourself at any time by removing it in the app or clearing this site's browser data. Legal basis: Art. 6(1)(b) GDPR.

b) Optional cloud sync (end-to-end encrypted). If you enable synchronization, your data is end-to-end encrypted with a key known only to you before it leaves your device and is transmitted to our sync server (sync.mypep.app) solely as encrypted data blocks (ciphertext). The server can never access the plaintext of your data and stores only encrypted content together with the technical metadata required for synchronization (e.g. an account/device identifier, transfer timestamps). We cannot decrypt your content. Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR.

c) Strictly necessary cookies. We use only strictly necessary cookies, which do not require consent: mp_lang (language choice) and a storage value for the color scheme (light/dark). These contain no personal profiles and are not used for tracking. Legal basis: Art. 6(1)(f) GDPR; Section 25(2) TDDDG.

d) Server logs / hosting. When you access the website, our hosting provider (servers located in the EU) automatically processes technical access data (e.g. IP address, date/time, requested resource, status code, user agent), technically necessary to deliver the website and ensure its stability and security. Legal basis: Art. 6(1)(f) GDPR.

4. No Tracking, No Analytics, No Advertising

We use no analytics or tracking services (no Google Analytics or similar), no advertising cookies, no profiling, and no automated decision-making. There is no sharing of your data with third parties for advertising or marketing purposes.

5. Recipients / Processors

The only transfer is to our hosting/server provider, which supplies the infrastructure within the EU; a data processing agreement under Art. 28 GDPR is in place. Because cloud sync content is end-to-end encrypted, this provider likewise has no access to your plaintext content.

6. Retention Period

Local data remains on your device until you delete it. Encrypted sync data is stored until you delete it via the app or terminate synchronization. Server logs are retained only for the short period required for security.

7. Your Rights

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21). Any consent (e.g. for cloud sync) can be withdrawn at any time with effect for the future (Art. 7(3) GDPR). Because we cannot decrypt your content, you can delete it yourself, fully and at any time. You also have the right to lodge a complaint with a data protection supervisory authority.

8. Contact

For information requests and to exercise your rights: [email protected]