Privacy Policy for Aliquot

Effective Date: April 27, 2026
Last Updated: April 27, 2026

Aliquot is built by Jerry Situ ("we," "our," or "us") as a personal logbook for people who want to track their own notes about substances, protocols, and measurements. This Privacy Policy explains what data Aliquot does and does not collect, and your rights.

The short version, if you only read one paragraph:

Aliquot does not store your health data on any server we control. There is no Aliquot backend. Your doses, vials, protocols, symptoms, photos, and measurements live on your device and, if you enable iCloud, sync through Apple's iCloud with end-to-end encryption. Apple cannot read this data, and neither can we. We do not require an account. We do not ask for your email. We do not know your name.

1. Who we are

Aliquot is published by Jerry Situ, British Columbia, Canada. For any privacy question, you can reach us at privacy@aliquot.app.

For GDPR purposes, Jerry Situ is the data controller for the limited categories of data described below.

2. What Aliquot stores on your device

When you use Aliquot, the app creates and stores the following information on your device only:

• Doses you log (compound, amount, timestamp, site, notes)
• Vials and batches you create (label, volume, concentration, expiry, photo)
• Protocols you configure (schedules, targets, start and end dates)
• Symptoms, side effects, and measurements you enter
• Optional photos you attach (stored as local files, referenced by Core Data)
• Your app preferences and settings

If you enable iCloud sync, the same information is synced to your own iCloud account via Apple's CloudKit. We do not have access to that iCloud account. Apple's CloudKit private database is end-to-end encrypted between your devices when Advanced Data Protection is enabled. See Apple's iCloud privacy statement.

We do not have a server. We cannot read this data.

3. What Aliquot reads from your device (with your permission)

With your explicit permission, Aliquot may read the following from Apple HealthKit, solely to display it alongside your own notes:

• Body weight
• Body fat percentage
• Waist circumference

Aliquot reads these values on your device. Aliquot does not write to HealthKit in this version. If you deny HealthKit access, Aliquot still works — those fields will simply be empty.

4. What Aliquot does not collect

• We do not collect your name.
• We do not collect your email address.
• We do not collect your phone number.
• We do not collect your date of birth.
• We do not collect your location.
• We do not collect your contacts.
• We do not collect your photos other than the ones you explicitly attach to a vial or a dose, which stay on your device.
• We do not collect an advertising identifier (IDFA).
• We do not collect an account ID, because there is no account.
• We do not know what compound you are tracking. We do not know what dose you are taking. We do not know what protocol you are on. We do not know what you logged.

5. What we collect through third parties (only if you opt in)

Aliquot uses the following third parties. All of them are off by default. You must turn them on in Settings → Privacy.

5.1 Anonymous analytics (TelemetryDeck)

If you turn this on, Aliquot sends anonymous event names like "app opened" or "paywall shown" to TelemetryDeck. We do not send:

• Your name, email, or any identifier
• Any number or text you entered into Aliquot
• The name of any compound, protocol, or vial
• Any measurement, symptom, or photo

Events are aggregated by TelemetryDeck and we never see individual sessions. TelemetryDeck is a privacy-focused, EU-based analytics service. TelemetryDeck Privacy Policy.

5.2 Crash reporting (Sentry)

If you turn this on, Aliquot sends crash diagnostics to Sentry when the app crashes. Crash reports contain the stack trace of the crash and the type of device and OS version. Before a crash report is sent, Aliquot runs it through a scrubbing filter that removes:

• Anything that looks like a file path with a user folder name
• Anything that looks like an email address
• Any UUID
• Any number longer than two digits (to avoid accidentally shipping dose amounts or measurements)

We receive no user identifier and no personal health data from Sentry. Sentry Privacy Policy.

5.3 Subscription management (RevenueCat)

If you subscribe to Aliquot Pro, Aliquot uses RevenueCat to manage the subscription and verify receipts with Apple. RevenueCat receives:

• An anonymous RevenueCat app user ID generated on your device (no connection to your Apple ID or any identity)
• The Apple subscription receipt for verification
• The product ID you purchased
• The country of your App Store account

RevenueCat does not receive any health data, any doses, or any personal identifying information about you. If you do not subscribe, Aliquot does not send anything to RevenueCat. RevenueCat Privacy Policy.

6. How long we keep data

• Data on your device: as long as you keep the app installed or until you delete it in Settings → Privacy → Delete All Data.
• Data in your iCloud: governed by Apple's iCloud retention. You can delete it at any time from any device signed in to your Apple ID.
• Anonymous analytics (if opted in): up to 12 months in aggregated form, then deleted.
• Crash diagnostics (if opted in): up to 90 days, then deleted.
• RevenueCat subscription records: retained per RevenueCat's policy for accounting and receipt validation purposes. You may request deletion via privacy@aliquot.app.

7. How to delete everything

At any time you can:

1. Open Aliquot → Settings → Privacy → Delete All Data. This removes every dose, vial, protocol, symptom, and measurement from your device and from your iCloud, and resets the app to first-launch state.
2. Delete the app from your device. This removes all local data. iCloud data will be garbage-collected by Apple per their schedule.
3. Email privacy@aliquot.app and ask us to delete any record RevenueCat, Sentry, or TelemetryDeck has associated with your device. We will do this within 30 days.

8. Your rights

Regardless of where you live, you can:

• Access: request a copy of any data we might have about you. The answer is almost always "nothing" — but if you subscribed and we opted you in to analytics or crash reporting, we will gather whatever exists and send it to you.
• Delete: request we delete anything we have (see Section 7).
• Correct: request we correct anything that is wrong.
• Object or withdraw consent: turn off analytics and crash reporting at any time in Settings → Privacy.

Contact us at privacy@aliquot.app. We respond within 30 days.

8.1 European Union residents (GDPR)

You have additional rights under the General Data Protection Regulation (GDPR):

• Data controller: Jerry Situ, privacy@aliquot.app
• Lawful basis: We process subscription data on the basis of contract performance (delivering the Pro features you purchased). We process analytics and crash diagnostics on the basis of your explicit consent (opt-in in Settings). You may withdraw consent at any time.
• Right to lodge a complaint: You may lodge a complaint with your local Data Protection Authority. A list is available at edpb.europa.eu.
• Data transfers: Data shared with third parties (RevenueCat, Sentry, TelemetryDeck) may be processed in the United States or the European Union depending on the provider. We rely on each provider's Standard Contractual Clauses and privacy certifications.
• Automated decision-making: We do not engage in automated decision-making that has legal or similarly significant effects on you.

8.2 California residents (CCPA/CPRA)

You have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to know: the categories and specific pieces of personal information we have collected. For Aliquot, the complete answer is "none, unless you opted into analytics or crash reporting, and even then nothing that identifies you."
• Right to delete: see Section 7.
• Right to correct: see Section 8.
• Right to opt out of sale or sharing: We do not sell or share your personal information in any sense of those terms, and we have never done so. Because we do not sell or share, there is no "Do Not Sell or Share" mechanism to offer beyond the analytics and crash reporting toggles already in Settings → Privacy.
• Right to limit use of sensitive personal information: We do not use sensitive personal information for the purposes defined under CPRA.
• Non-discrimination: We will not discriminate against you for exercising any of these rights.

8.3 Indian residents (DPDP 2023)

• Data fiduciary: Jerry Situ, privacy@aliquot.app
• Grievance officer: Contact privacy@aliquot.app for any grievance. We respond within 30 days per the Digital Personal Data Protection Act, 2023.

9. Children

Aliquot is not intended for children under 16 and is not marketed to children. We do not knowingly collect information from children under 16. If you believe a child has used Aliquot and you have concerns, contact us at privacy@aliquot.app.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above and, for material changes, surface a notice in the app on next launch. Your continued use of Aliquot after the effective date constitutes acceptance of the updated Privacy Policy.

11. Contact

Email: privacy@aliquot.app
Web: https://aliquot.app/privacy