Skip to content
Steady
Join waitlist
Legal

Privacy policy

Last updated April 19, 2026

Last updated: April 19, 2026

Steady ("Steady," "we," "us," or "the app") is an iOS application and website that helps women on GLP-1 medications — Ozempic, Wegovy, Mounjaro, Zepbound, and similar — track their doses, protein, symptoms, cycle, and progress, and chat with an AI coach built for that context.

Steady is operated by the Steady team — a small group with years of operating experience in global weight-loss and GLP-1 programs — based in India and registered on the Apple App Store. We're reachable at privacy@steadyglp1.app. This policy explains what we collect, why we collect it, where it goes, and how to get rid of it. If a line is unclear, email us — we'd rather explain than hide behind legalese. Full legal-entity details are available on request.

1. A short version, first

We only collect the information you give us, and only the amount we need to run the app. We don't sell your data. We don't share it with advertisers. We don't train AI models on it. You can request an export or a full deletion of your data at any time by emailing privacy@steadyglp1.app, and we'll action it within 30 days.

If that's all you wanted to know, you can stop reading.

2. The information we collect

We collect three kinds of information:

Information you give us when you sign up for the waitlist or newsletter

  • Your email address
  • Your country (optional, from your browser)

Information you enter inside the app

  • Your weight (and weight history, if you log it)
  • Cycle information — last period date, typical cycle length, cycle phase status
  • Logged meals and estimated protein
  • Logged symptoms (nausea, fatigue, reflux, and anything else you choose to note)
  • Logged doses, dose dates, and injection site rotation
  • Messages you send to the AI coach, and the coach's replies

Information your device sends us automatically

  • App version, iOS version, device model, language, and rough timezone — for crash reporting and to figure out which bugs to fix first
  • Approximate country (never precise location) — so we can show prices in the right currency and follow the right privacy laws

We do not collect your real name, your address, your phone number, your precise location, your contacts, your photos, or any information you don't deliberately give us.

3. How we use it

We use your information to run Steady and make it useful for you:

  • Show your dose schedule, protein target, cycle phase, and progress
  • Give your AI coach enough context to answer your question meaningfully
  • Send you the emails you signed up for (waitlist updates, newsletter, account notices)
  • Fix bugs, measure what's working, and decide what to build next
  • Keep the app secure and prevent abuse

We do not use your information to advertise to you, to build a profile about you, to sell to data brokers, or to train machine-learning models.

4. Where your data goes (our sub-processors)

Steady is a small product, which means we lean on trusted third parties to run safely. Each of these only sees the slice of data it needs:

  • Apple (App Store, StoreKit, iCloud): handles your purchase, subscription, and — if you opt in — iCloud backup of your logs. Apple's privacy practices are governed by Apple's own privacy policy.
  • Supabase: our backend database and authentication. Stores your logs, your account email, and your AI chat history in encrypted form.
  • OpenAI: powers the AI coach. When you send the coach a message, we send OpenAI the message plus relevant context (recent doses, current cycle phase, recent symptoms, protein trends) so the answer is grounded in your situation. OpenAI processes these messages under its API data-use policy, which at the time of writing does not use API inputs to train its models and retains them for up to 30 days for abuse monitoring before deletion. We do not send your email address to OpenAI.
  • Vercel: hosts steadyglp1.app and collects basic anonymized traffic analytics (page views, referrers, country) so we know what's working on the website. No cookies that identify you personally.
  • Resend: delivers the emails you're subscribed to.
  • RevenueCat (once subscriptions launch): handles subscription state — whether you're on a trial, active, or canceled — so the app shows the right features.

We do not share your data with anyone else, ever, unless we are compelled to by a valid legal order, in which case we will push back where we can and notify you where we're allowed.

5. How long we keep it

  • Waitlist / newsletter email: until you unsubscribe (one click in every email)
  • Account data and logs: for as long as your account is active
  • After you delete your account: removed from our active systems within 30 days, and from encrypted backups within 90 days
  • AI coach messages: stored with your account so you can refer back to them, deleted on the same schedule
  • Crash logs and anonymized analytics: up to 180 days, then deleted

To delete everything, email privacy@steadyglp1.app from the address on your Steady account. We will confirm the request, remove your data from active systems within 30 days, and from encrypted backups within 90 days. A full in-app "Delete my data" control is on our roadmap and this policy will be updated the day it ships.

6. Your rights

Depending on where you live, you have some or all of the following rights:

  • Access — see what we have on you
  • Correction — fix anything that's wrong
  • Deletion — remove your data permanently
  • Portability — receive a copy of your logs in a machine-readable format (JSON or CSV)
  • Objection and restriction — tell us to stop using your data for specific purposes
  • Withdraw consent — at any time, with no penalty

Under the GDPR (if you're in the EU/UK), our legal bases for processing are your consent (for the AI coach, newsletter, and optional tracking) and legitimate interest (for running the app, fixing bugs, and preventing abuse).

Under the CCPA / CPRA (if you're in California), you have the right to know, delete, correct, and to opt out of the "sale" or "sharing" of personal information. Steady does not sell or share your data as those terms are defined, but if you want to make a formal request, email privacy@steadyglp1.app.

To exercise any of these rights, email privacy@steadyglp1.app from the address on your Steady account. We respond within 30 days.

7. Children

Steady is intended for adults — you must be 18 or older to use it. We do not knowingly collect information from anyone under 18. If you believe a minor has given us information, email privacy@steadyglp1.app and we will delete it.

8. Security

Data in transit is encrypted with TLS. Data at rest is encrypted in our database. Authentication uses industry-standard tokens. No internet-connected system is perfectly secure, and we don't pretend otherwise — but we design with the assumption that every piece of data could leak, and we hold as little as we can for as short as we can.

If a breach ever affects your data, we will tell you as soon as the law requires (and sooner, if we can).

9. International transfers

Steady is operated from India, and our sub-processors are based primarily in the United States and the European Union. If you use Steady from outside those regions, your data will be transferred across borders. Where the law requires it (e.g., EU Standard Contractual Clauses), we rely on approved legal mechanisms for those transfers.

10. Changes to this policy

When we change this policy we will update the date at the top, and — if the change is meaningful — send you an email and an in-app notice at least 14 days before it takes effect. Your continued use after that date means you accept the change. If you don't, you can export your data and delete your account.

11. Contact

Questions, requests, complaints — all go to the same place:

privacy@steadyglp1.app

If you're in the EU/UK and you'd prefer to escalate, you also have the right to complain to your local data protection authority.