This Privacy Policy explains how 2 Man Limited (“MyStack,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the MyStack mobile application, the mystacktracker.app website, and related services (the “Service”). By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
1. Who We Are
The data controller for the Service is 2 Man Limited, a Delaware corporation. We operate exclusively online and do not maintain a public mailing address. All privacy inquiries should be sent to privacy@mystacktracker.app, which is monitored by the team.
2. Information We Collect
2.1 Information you provide directly.
- Account information: your name, email address, and authentication credentials when you sign up.
- Tracked content: the records you create in the app, which may include: the items you track (name, category, dose, schedule); vials (name, contents, volume, dates); dose logs (what you logged, when, optional notes and injection-site notes); daily check-ins (numeric scales for energy, sleep, appetite, mood, nausea, soreness, headache, constipation, injection-site reactions); and progress entries (weight, waist, body fat, notes).
- Support and feedback: messages you send to us, including the email address you use to contact us.
2.2 Information we receive about you.
- Subscription and billing status: we receive information from Apple about whether your subscription is active or inactive (managed through our paywall provider). Apple processes the payment itself; we do not receive or store your payment card or financial details.
- Device and diagnostic information: when you use the app, our infrastructure may automatically receive device-level data such as device type, operating-system version, app version, and approximate non-precise timestamps. This is used for crash reporting, debugging, abuse prevention, and service operation.
- Notification permission state: a record of whether you have granted notification permission on a device (so we can show the correct UI). The actual reminders are scheduled locally on your device by the operating system; the content of those reminders is not transmitted to our servers when they fire.
2.3 Information we do not collect.
- Precise location. We do not request or use GPS location.
- Contacts, photos, microphone, camera. We do not access these.
- Advertising identifiers. We do not use them.
- Payment card details. All payments are handled by Apple.
2.4 Sensitivity of the data.
Some of the information you record in the Service — including data about substances you self-administer, symptoms, body composition, and mood — is sensitive and, depending on jurisdiction, may qualify as “sensitive personal information,” “consumer health data,” or “special category data.” We treat it with corresponding care (see Section 6).
3. How We Use Your Information
We use the information described above to:
- provide, maintain, secure, and improve the Service;
- create and manage your account, authenticate you, and synchronize your data across your devices;
- determine your subscription status and provide the features it includes;
- send you transactional emails (e.g. account, security, billing);
- respond to your inquiries, support requests, and feedback;
- detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity;
- comply with our legal, regulatory, and accounting obligations and enforce our Terms of Service.
We do not use your tracked content to train machine-learning models, do not sell it, do not share it for advertising or marketing, and do not disclose it to insurers or employers.
4. Legal Bases for Processing (EEA / UK)
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, our legal bases under the GDPR (or its local equivalent) are:
- Performance of a contract — to provide the Service you signed up for.
- Your explicit consent — for processing health-related data you choose to record.
- Legitimate interests — for security, fraud prevention, and improving the Service, where those interests are not overridden by your rights.
- Legal obligation — to comply with applicable law.
You may withdraw consent at any time by deleting your account or the specific entries. Withdrawal does not affect lawfulness of processing before withdrawal.
5. Sharing of Information
We share information only as described below. We do not sell your personal information.
5.1 Service providers (processors).
We share the minimum information necessary with vendors that operate components of the Service on our behalf, under contracts that require confidentiality and use of the data only to provide their service:
- Convex — cloud database that stores your account and tracked content.
- Authentication provider — used to verify your identity and manage sessions.
- Superwall — manages the paywall, the subscription-status check, and the restore-purchases flow.
- Apple Inc. — distributes the app and processes subscription payments through the App Store.
- Infrastructure and analytics — for crash reporting, error tracing, and operational monitoring.
5.2 Legal disclosures.
We may disclose information if we believe in good faith that doing so is required by law, legal process, or government request, or is necessary to enforce our Terms, protect our rights or property, or protect the safety of any person.
5.3 Business transfers.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale, or transfer of assets, your information may be transferred as part of that transaction, subject to standard confidentiality terms. We will notify you of any such change in ownership or control of your personal information.
5.4 With your direction.
We may share information with third parties when you direct us to (for example, if you export your data and forward it).
6. How We Protect Your Information
We use technical and organizational measures designed to protect your information, including encryption in transit (TLS), encryption at rest at our database provider, access controls on our infrastructure, and principle-of-least-privilege practices among personnel. No system is perfectly secure; we cannot guarantee absolute security, and you use the Service at your own risk.
7. Data Retention
We retain your account information and tracked content for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or anonymize the associated personal information within a commercially reasonable time, except where we are required to retain certain records for legal, accounting, security, or fraud-prevention purposes. Backup copies may persist for a limited period before being overwritten in the ordinary course.
8. Your Rights and Choices
8.1 Access and deletion.
You can view and edit the data you have entered at any time within the app. You can delete your account from inside the app or by emailing privacy@mystacktracker.app. Account deletion removes your account and tracked content from active systems.
8.2 California (CCPA / CPRA).
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request deletion of personal information; to correct inaccurate personal information; to limit our use of sensitive personal information; and to be free from retaliation for exercising these rights. We do not sell or share personal information as those terms are defined under the CPRA. To make a request, email privacy@mystacktracker.app. We will verify your request by reference to your account credentials.
8.3 Washington (My Health My Data Act), Nevada, Connecticut.
If you are a resident of Washington (under the My Health My Data Act), Nevada, Connecticut, or another state with a consumer health data law, additional rights apply to your consumer health data, including the right to confirm what consumer health data we collect, the right to delete it, the right to withdraw consent to its collection or sharing, and the right to appeal a denied request. To exercise these rights, email privacy@mystacktracker.app with “Health Data Request” in the subject line.
8.4 EEA, UK, and similar jurisdictions.
If you are located in the EEA, the UK, or a jurisdiction with similar rights, you have the rights of access, rectification, erasure, restriction of processing, objection to processing, and data portability, and the right to lodge a complaint with your local data protection authority. To exercise these rights, contact privacy@mystacktracker.app.
8.5 Notifications.
Dose reminders are local notifications managed by iOS on your device. You can disable them at any time from the iOS Settings app or from inside MyStack’s Profile screen. We do not send marketing push notifications.
9. Children
The Service is not directed to and not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact privacy@mystacktracker.app and we will take steps to delete it.
10. International Data Transfers
We are based in the United States, and our service providers may process information in the United States or other countries. If you use the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in countries that may have data protection laws different from your own. Where required, we rely on appropriate safeguards (such as the European Commission’s standard contractual clauses) for such transfers.
11. Cookies and Similar Technologies (Website Only)
Our website at mystacktracker.app uses only the cookies necessary to operate the site. We do not use advertising or tracking cookies on the website. The mobile application does not use cookies; it stores session data and small caches on your device using standard iOS mechanisms (Keychain, secure storage, application caches).
12. Do Not Track
Our Service does not respond to Do Not Track signals because there is no industry-standard interpretation of those signals. We do not track you across third-party sites or services.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you (for example, by email or by an in-app notice) before the changes take effect. The “Effective date” above reflects when the current version took effect.
14. Contact Us
Questions, concerns, or requests about this Privacy Policy or your personal information? Email privacy@mystacktracker.app. We aim to respond within thirty (30) days, or sooner where required by applicable law.