Privacy
Your health data is yours. Full stop.
This isn't a marketing page. It's a technical explanation of how Doseline handles your data — what we store, where we store it, and what we deliberately chose not to collect.
Local-first architecture.
Doseline uses Drift (SQLite) as its local database. Every feature works entirely on your device with zero network dependency. Your data is encrypted at rest using platform-level encryption (iOS Data Protection, Android Encrypted File System). The app never phones home, never syncs in the background, and never sends health data to any server — unless you explicitly enable cloud sync.
Cloud sync, when enabled, uses Supabase with end-to-end encryption. Your data is encrypted on your device before transmission — our servers store ciphertext that we cannot decrypt. If our database were compromised, attackers would get encrypted blobs, not health records.
What's stored where.
On your device (always)
- Injection history & dose logs
- Medication schedules & reminders
- PK curve calculations
- Bloodwork results
- Weight & body measurements
- Progress photos
- Side effect logs
- Injection site history
- App preferences & settings
Encrypted SQLite database (Drift) — never leaves your device unless you opt into sync
On our servers (only if you choose sync)
- End-to-end encrypted copy of your data
- Account email (for login only)
- Subscription status (via RevenueCat)
Supabase (PostgreSQL) — encrypted at rest and in transit. We cannot decrypt your health data.
Analytics (privacy-first)
- Page views (website only, not in-app)
- Crash reports (anonymous, no health data)
Plausible Analytics (no cookies, no tracking pixels, GDPR compliant). Firebase Crashlytics for crash reports only.
What we don't collect.
These are deliberate architectural decisions, not policy promises that can be changed with a terms update.
Your health data
No analytics on your health data — we never see your doses, levels, or bloodwork
No "anonymous" aggregated health data collection
No server-side processing of health data (AI features use edge functions with no data retention)
Tracking & ads
No tracking pixels or third-party analytics in the app
No advertising SDKs — zero ad networks, ever
No fingerprinting or cross-app tracking
Data ownership
No data selling or sharing — your data has one customer: you
How we compare.
| Most health apps | Doseline | |
|---|---|---|
| Account required? | Yes, for basic features | No. Every feature works without an account. |
| Where is health data stored? | Their cloud servers | Your device. Cloud sync is optional. |
| Can they read your data? | Yes — server-side access | No. End-to-end encrypted if synced. |
| Analytics on health data? | Often — for "product improvement" | Never. We don't see your health data. |
| Data shared with third parties? | Common — partners, researchers | No. Not now, not ever. |
| What happens if you delete? | "Anonymized" data may persist | Delete the app, delete the data. Gone. |
Analytics approach.
Our website uses Plausible Analytics — privacy-first, no cookies, no tracking pixels, fully GDPR compliant, and hosted in the EU. We see aggregate page views, not individual user behavior. The app itself uses Firebase Crashlytics for crash reports only — these contain device type and crash stack traces, never health data.