How we handle your log

A supplement log is intimate. It can include peptides, hormones, and prescription medications, alongside how you actually feel. This page is the plain-English version of how we treat that data. The full legal version lives in our Privacy Policy and Terms of Use.

You own the log

Your log belongs to you. You can export it as a file at any time and you can delete your account from inside the app. When you delete, we remove your data from production within 30 days and from routine backups within 90.

We do not sell your data. We do not share your log with supplement manufacturers, pharmacies, employers, insurers, or advertising networks. We do not use Apple Health or Health Connect data for marketing, and we do not run cross-context behavioral advertising. Those are commitments we make in the Privacy Policy too, so they hold legally, not just culturally.

The math is deterministic. The AI only narrates.

Every pattern SuppleSense surfaces is the output of a deterministic statistical method applied to your own log — the same input produces the same finding, every time. A large-language model is used only to phrase those findings in readable language, after the math has already decided what is associated with what.

We send the language model the minimum it needs to write the sentence — the finding, the sample size, the direction — and not your raw log. Our agreements with the model providers we use (currently Anthropic, OpenAI, and Google) contractually prohibit them from training their general-purpose models on your inputs or the outputs they generate for you.

Designed for HIPAA, not pretending to be HIPAA

SuppleSense is a consumer wellness tool. It is not a covered entity or business associate under the U.S. Health Insurance Portability and Accountability Act (HIPAA). Records held by your doctor's office are protected by HIPAA; a supplement log you keep here is not — the legal regime is simply different. We think it's more honest to say that plainly than to imply otherwise.

What we do instead: build the system so that, when we are ready to support clinicians and regulated workloads, the controls — encryption in transit and at rest, access logging, data-minimisation defaults, signed service-to-service communication, audit trails — are already in the right places. We are not yet a HIPAA-compliant service, and we will tell you clearly when that changes.

Not medical advice

Statistical observations from your log are observations, not prescriptions. Talk with a qualified clinician before starting, stopping, or changing supplements, peptides, hormones, or prescription medications. If you think you may have a medical emergency, call 911 or your local emergency number immediately.

Reach us

For privacy questions, write to privacy@supplesense.app. For security concerns, security@supplesense.app. For anything else, hello@supplesense.app.

SuppleSense is a service of ELMMLY LLC.