Privacy Policy

Last updated: June 2, 2026

1. Who We Are

DoseCurve is operated by BlackGlass Consulting LLC. This Privacy Policy explains how we collect, use, and protect your information when you use our service at dosecurve.com.

2. Information We Collect

Account Information

Email address, password (hashed), and authentication provider data (if using social login via Google or Apple).

Health Tracking Data

Medication type, injection dates and doses, injection sites, weight entries, and side effect logs. This data is entered voluntarily by you.

Payment Information

Payment processing is handled by a third-party payment processor. We do not store your credit card number. Our payment processor may share your email and subscription status with us. Charges on your statement will appear as "BlackGlass Consulting LLC" or "BLACKGLASS CONSULTING".

Automatically Collected

Basic analytics (page views, device type) via privacy-respecting analytics. We do not use third-party advertising trackers.

3. How We Use Your Data

  • To provide the Service (display your tracking data, send reminders)
  • To generate anonymized, aggregate community benchmarks (no individual data is ever exposed)
  • To process payments and manage subscriptions
  • To send transactional emails (injection reminders, account notifications)
  • To improve the Service

4. Community Benchmarks & Anonymization

DoseCurve offers community benchmark features showing aggregate statistics (e.g., "average weight loss for users on X medication at Y dose"). This data is:

  • Fully anonymized — no individual user can be identified
  • Only displayed when 5+ users share the same protocol (to prevent re-identification)
  • Never sold to third parties

5. Data Sharing

We do NOT sell your personal data. We share data only with trusted third-party service providers who process data on our behalf for the following purposes:

  • Database hosting — secure storage of your data
  • Payment processing — handling subscriptions and billing
  • Email delivery — sending transactional emails and reminders
  • Application hosting — serving the application

These providers process data on our behalf under their respective privacy policies and data processing agreements.

6. Data Security

Your data is stored with row-level security (RLS) enabled — meaning only you can access your own records. Data is encrypted in transit (TLS) and at rest. Passwords are hashed and never stored in plaintext.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Anonymized aggregate data (already contributed to benchmarks) is retained.

8. Your Rights

You have the right to:

  • Access all data we hold about you
  • Export your data (JSON/CSV)
  • Correct inaccurate data
  • Delete your account and all associated data
  • Opt out of non-essential emails

To exercise these rights, contact support@dosecurve.com.

9. Cookies

We use essential cookies only (authentication session). We do not use advertising or third-party tracking cookies.

10. International Data Transfers

Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

11. Automated Decision-Making

DoseCurve may use automated processing to generate insights and suggestions (e.g., Weekly AI Insights for Pro users). These are informational only and do not produce legal or similarly significant effects. You may contact us to request human review of any automated output.

12. European Users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional rights and disclosures apply under the General Data Protection Regulation (GDPR):

Lawful Basis for Processing

  • Consent — for the collection of your self-reported health data (provided at signup)
  • Contract performance — to provide the Service you signed up for
  • Legitimate interest — to improve the Service, prevent fraud, and send transactional communications

Additional Rights

In addition to the rights listed in Section 8, EU/UK users have the right to:

  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Data portability (receive your data in a structured, machine-readable format)
  • Restrict processing in certain circumstances
  • Lodge a complaint with your local data protection supervisory authority

Data Protection Officer

Given the size and nature of our operations, we have not appointed a Data Protection Officer. For privacy inquiries, contact support@dosecurve.com.

13. Children

DoseCurve is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

15. Contact

For privacy-related questions or requests, contact us at support@dosecurve.com.

BlackGlass Consulting LLC
support@dosecurve.com