Privacy Policy
Last updated: 19 February 2026
1. Who we are
OnDose ("we", "us", "our") is operated by Sidney Ottelohe, a sole proprietor based in Belgium. OnDose is a supplement stack manager and educational wellness tool available at ondose.app and via mobile applications on iOS and Android.
For privacy-related enquiries, contact privacy@ondose.app.
2. What data we collect
Account data
- Email address
- Display name (optional)
- Profile avatar (optional)
- Account creation date
Health data
Under GDPR Article 9, the following qualifies as special category data (health data). We process it only with your explicit consent, collected during account creation.
- Supplement stacks: supplement names, doses, timing, frequency, brands
- Daily check-ins: which supplements you marked as taken and when
- Barcode scan history and label photographs
- Blood work and biomarker data (when available in a future release)
Technical data
- Anonymous, aggregate page-view analytics (cookie-free, no personal identifiers) on the marketing site only
- Device type and OS version (for crash-free rate monitoring)
- IP address (processed transiently by infrastructure providers, not stored by us)
Data we do not collect
- We do not use cookies or tracking pixels on any page displaying health data
- We do not collect location data
- We do not sell, rent, or share personal data with data brokers
- We do not include health data in analytics events, error logs, or crash reports
3. Legal basis for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Processing supplement stacks, check-ins, and health data | Explicit consent (Art. 9(2)(a)) |
| Parsing supplement labels via AI (photograph upload) | Explicit consent (Art. 9(2)(a)) |
| Sending push notifications for timing reminders | Consent (Art. 6(1)(a)) |
| Processing subscription payments | Contract performance (Art. 6(1)(b)) |
| Anonymous analytics on marketing site | Legitimate interest (Art. 6(1)(f)) |
4. Sub-processors
We use the following third-party services to operate OnDose. Each has a Data Processing Agreement (DPA) in place.
| Processor | Purpose | Location |
|---|---|---|
| Supabase (Frankfurt) | Database, authentication, file storage | EU (Germany) |
| Vercel | Marketing site hosting, edge functions | Global CDN (EU primary) |
| OpenAI | Label photograph parsing (Vision API). Images are processed and discarded; not used for model training. | US |
| RevenueCat | Subscription and in-app purchase management | US |
| Apple / Google | App distribution and payment processing | US / Global |
| Expo (EAS) | Over-the-air updates, push notification delivery | US |
5. Health data consent
During account creation you are asked to give explicit consent for the processing of your health data. This consent is:
- Granular — you consent specifically to health data processing, separate from general account terms
- Recorded — we store the consent timestamp, version, and method in a dedicated consent record
- Withdrawable — you can withdraw consent at any time by deleting your account from Profile > Settings > Delete account, or by emailing privacy@ondose.app
Withdrawing consent triggers deletion of all your health data. Account data (email) is retained for 30 days to allow recovery, then permanently deleted.
6. Data storage and security
- All health data is stored in Supabase's EU (Frankfurt) region, encrypted at rest (AES-256) and in transit (TLS 1.2+)
- Row Level Security (RLS) policies ensure each user can only access their own data
- Authentication uses industry-standard bcrypt password hashing and short-lived JWT session tokens
- Avatar images are stored in a dedicated storage bucket with per-user access policies
- We do not store health data in browser local storage, cookies, or client-side caches beyond the authenticated session
7. Your rights
Under the GDPR and other applicable data protection laws, you have the following rights:
| Right | How to exercise it |
|---|---|
| Access (Art. 15) | Profile > Settings > Export data (JSON or CSV download of all your data) |
| Rectification (Art. 16) | Edit your supplements, doses, and profile directly in the app |
| Erasure (Art. 17) | Profile > Settings > Delete account. All data is soft-deleted immediately with a 30-day grace period, then permanently erased. |
| Data portability (Art. 20) | Export your full dataset as JSON or CSV at any time. No lock-in. |
| Withdraw consent (Art. 7(3)) | Delete your account or email privacy@ondose.app |
| Lodge a complaint | You may file a complaint with your local data protection authority. In Belgium, this is the Gegevensbeschermingsautoriteit (GBA). |
8. Data retention
- Active accounts: data is retained for as long as your account exists
- Deleted accounts: soft-deleted immediately, hard deleted after 30 days. Backup systems are purged within 90 days.
- Consent records: retained for the duration of your account plus 3 years after deletion (legal obligation to demonstrate consent was obtained)
- Subscription records: retained as required by tax and accounting law (typically 7 years)
9. Consumer health data (Washington state residents)
If you are a resident of Washington state, the My Health My Data Act provides additional protections for your consumer health data.
- We collect consumer health data (supplement intake, check-in history) only with your consent
- We do not sell consumer health data and have no plans to do so
- You may request deletion of your consumer health data at any time via the in-app account deletion flow or by emailing privacy@ondose.app
- Deletion requests are processed within 30 days
10. Breach notification
In the event of a data breach affecting your personal data, we will:
- Notify affected users within 72 hours of becoming aware of the breach (GDPR Art. 33/34)
- Notify the FTC within 10 business days if the breach involves health data of US residents (FTC Health Breach Notification Rule)
- Report to the relevant supervisory authority (Gegevensbeschermingsautoriteit) within 72 hours
11. Children
OnDose is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If we become aware that a user is under 16, we will delete their account and all associated data.
12. International data transfers
Your health data is stored in the EU (Frankfurt). Some sub-processors (OpenAI, RevenueCat, Apple, Google) are based in the United States. These transfers are protected by:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) included in our DPAs
- Supplementary measures: encryption in transit and at rest, minimal data exposure (e.g., OpenAI receives only label images, not user identity)
13. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email and/or an in-app notice. Continued use of OnDose after changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.
14. Contact
For any privacy-related questions, requests, or complaints:
- Email: privacy@ondose.app
- Data controller: Sidney Ottelohe, Belgium