Privacy Policy

Last updated: 17 February 2026

Introduction

Needled ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Needled mobile application ("the App").

By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

When you create an account and use Needled, we collect the following information:

  • Account information: Your name, email address, and securely hashed password. If you sign in with Google or Apple, we receive your name and email from the sign-in provider.
  • Pen configuration: The number of doses in your pen and your current dose count. You may optionally add a pen name and strength label (e.g., "My Pen", "5mg") for your own reference — these are entirely optional free-text fields.
  • Injection logs: Dates of logged injections, associated pen and dose number, and any optional notes you add.
  • Weight entries: Weight values, dates, optional labels (e.g., "Week 3", "5mg"), and optional notes.
  • App preferences: Your injection schedule, weight reminder schedule, reminder times, weight unit preference, and display settings.
  • Photos (Pro feature): If you use the Photo Journal, body progress photos you choose to upload. EXIF metadata (including GPS location, device information, and timestamps) is automatically stripped before upload.
  • Custom metrics (Pro feature): Any custom measurements you define and track (e.g., body measurements), stored with the same privacy protections as weight data.
  • Device information: Your device platform (Android or iOS), push notification token, and timezone (auto-detected for reminder scheduling).

Information We Do NOT Collect

Needled is a personal logging tool, not a medical device. While you may optionally label your pens with a name or strength for your own reference, the App never requires, interprets, validates, or acts on this information. Beyond this:

  • We do not collect medical diagnoses, conditions, or treatment plans.
  • We do not collect information about your healthcare providers.
  • We do not infer health outcomes or provide medical recommendations based on your data.
  • We do not collect precise location data. Photo EXIF metadata (including GPS) is stripped before upload.
  • We do not sell, share, or trade your personal data with third parties for marketing purposes.

Third-Party Services

The App uses the following third-party services that may process some of your data:

  • Firebase Cloud Messaging: We use Firebase Cloud Messaging to deliver push notification reminders. Firebase processes device tokens and notification metadata. See Google's Firebase privacy policy for details.
  • Firebase Crashlytics: We use Firebase Crashlytics to collect crash reports and diagnostic data to improve app stability. This may include device type, operating system version, and crash stack traces. No personal health data is included in crash reports. See Google's Firebase privacy policy for details.
  • RevenueCat: If you subscribe to Needled Pro, your purchase is processed through RevenueCat, which manages subscription status. Payment details are handled by the Apple App Store or Google Play Store — we never receive or store your payment card information. See RevenueCat's privacy policy for details.
  • Authentication providers: If you choose to sign in with Google or Apple, your authentication is handled by the respective provider via industry-standard OAuth. We receive only your name and email address.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the App's core functionality (injection logging, weight tracking, pen management, photo journal, and custom metrics).
  • Display your progress data back to you via charts and statistics.
  • Send you injection and weight reminders at your requested times.
  • Process and manage your Pro subscription, if applicable.
  • Authenticate your account and keep your data secure.
  • Diagnose and fix app crashes and technical issues.
  • Improve the App based on aggregated, anonymised usage patterns.

Data Storage and Security

Your data is stored securely using industry-standard encryption both in transit and at rest. We use secure cloud infrastructure to host your account data. Passwords are hashed and never stored in plain text.

Photos are stored in encrypted cloud storage with access controlled by short-lived signed URLs. EXIF metadata is stripped before upload to protect your location and device privacy.

While we implement robust security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data from our active systems within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently deleted.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Withdraw consent for optional data processing at any time.

To exercise any of these rights, please contact us at hello@needled.app.

Children's Privacy

Needled is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App and updating the "Last updated" date above.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@needled.app