Legal

Privacy Policy

Last updated: 9 April 2026

This Privacy Policy explains how Milligram ("we", "us", or "our") handles your information when you use the Milligram iOS application ("the App"). By using the App, you agree to the practices described in this policy.

1. Data That Stays on Your Device

The vast majority of your data never leaves your device. The following is stored locally using Apple's SwiftData framework and is never transmitted to us or any third party:

• Compound protocols (compound names, doses, routes, frequencies, schedules)
• Dose logs (timestamps, amounts, routes)
• Health markers (subjective ratings such as energy, mood, sleep, and soreness)
• Progress photos taken with the camera
• Body profile data (weight, height, age, sex) — stored locally, though age and sex are shared with third-party services as described in Section 2
• Custom compounds
• Check-in history

This data is stored on your device and is not synced to any Milligram-operated servers. We cannot access, view, or retrieve it. Some data points are shared with third-party services to power specific features, as described in Section 2.

2. Data That Leaves Your Device

A small amount of data is transmitted to third-party services in order to operate the App:

a) Subscription Management (RevenueCat)
We use RevenueCat to manage subscriptions. When you subscribe, RevenueCat receives:

• An anonymous user identifier (not tied to your name or email)
• Subscription purchase and status information
• Basic app interaction data (such as subscription lifecycle events)
• A referral code, if you entered one

RevenueCat does not receive any of your health data, dose logs, protocols, or photos. You can review RevenueCat's privacy policy at revenuecat.com/privacy.

b) Payments (Apple)
All payment processing is handled by Apple through the App Store. We never collect or have access to your payment card details, bank account, or billing address.

c) Protocol Sharing (User-Initiated)
If you choose to share a protocol, the App encodes your protocol details (compound names, doses, routes, frequencies) into a URL. This URL is shared via your device's native share sheet to the recipient of your choice. No health markers, dose logs, or personal data are included in shared protocols.

d) CSV Export (User-Initiated)
If you choose to export your data, the App generates a CSV file stored temporarily on your device. You control where this file is sent via the native share sheet.

e) AI Facial & Body Scans (Google Gemini)

What data we collect: When you use the Face Scan or Body Scan feature, the App captures a photo using your device camera. For face scans, on-device face landmark detection (via MediaPipe) processes facial geometry locally on your device for alignment purposes — this data never leaves your device.

What is sent to a third party: With your explicit permission (prompted before the first scan), your photo is sent to Google's Gemini AI service to generate a personalised analysis. Along with the photo, the following context is sent to improve the analysis: your age, sex, active compound names, stated goals, protocol day count, and progress percentage. No other personal data — including your name, email, dose logs, or account information — is sent.

Who receives the data: The photo and context are sent to Google LLC via the Gemini API. Google processes the data to generate the analysis response and returns it to the App.

How Google handles the data: Google does not use data sent via the Gemini API to train AI models. Google may retain the data for up to 55 days for safety and abuse monitoring purposes, after which it is deleted. You can review Google's AI privacy terms at ai.google.dev/gemini-api/terms.

User consent: Before any data is sent to Google Gemini, the App presents an in-app disclosure screen that lists exactly what data will be shared and with whom. You must explicitly tap "Allow" before any data leaves your device. You can decline, and your photo will still be saved locally without AI analysis. This consent is requested once and remembered for future scans.

Withdrawing consent: You can revoke AI data consent at any time by turning off "AI Analysis & Chat" in the Profile tab of the App. When consent is revoked, no further data is sent to Google Gemini. You will be prompted to re-consent before any AI feature can be used again. Previously transmitted data is subject to Google's retention policy (up to 55 days).

Data retention: Photos are stored locally on your device in the App's private storage. They are never uploaded to our servers. Deleting the App permanently removes all locally stored photos. Google's retention of transmitted data is governed by their privacy terms (up to 55 days as noted above).

Third-party sharing: We do not share your scan data with any party other than Google Gemini for the purpose described above. Google does not share your data with other third parties.

f) AI Chat Advisor — Milligram AI (Google Gemini)
When you use Milligram AI (the in-app chat), your messages are sent to Google's Gemini AI to generate responses. Before any data is sent, the App presents an in-app disclosure screen identifying Google Gemini as the recipient and listing exactly what data will be shared. You must explicitly consent before any data leaves your device. To provide personalised advice, the following context is included with each message: your age, sex, stated goals, experience level, active compound details (names, doses, routes, frequencies, day counts), and relevant compound reference data. The app may also extract and locally store certain facts you mention in conversation (such as injection time, vial size, or injection site preferences) to provide continuity across sessions — these stored facts are included in subsequent chat requests. Google processes this data securely and does not use it to train AI models. Google may retain the data for up to 55 days for safety monitoring. Your full chat history is stored locally on your device. You can delete all conversations from the chat interface at any time. Milligram AI provides informational content only and is not a substitute for professional medical advice.

g) Usage Analytics (PostHog)
We use PostHog to understand how the app is used and improve the experience. PostHog collects: an anonymous device identifier, app interaction events (such as screens viewed, features used, and button taps), and basic profile attributes (age, sex, subscription status). PostHog session replay is enabled with all text inputs and images masked. No health data, dose logs, compound protocols, photos, or chat messages are sent to PostHog. You can review PostHog's privacy policy at posthog.com/privacy.

3. Data We Do Not Collect

We do not collect:

• Your name, email address, or phone number
• Your location
• Crash reports or performance diagnostics (anonymous usage analytics are collected via PostHog as described in Section 2g)
• Advertising identifiers
• Browsing or search history
• Any data from Apple HealthKit or other health APIs

4. Camera Usage

The App uses your device's camera to take progress photos. Photos are stored locally in the App's private storage and are never accessible to us. When you use the facial scan feature, your photo is sent to Google's Gemini AI for analysis (see section 2e above). Face landmark data is processed on-device using on-device machine learning for alignment purposes.

5. Push Notifications

The App may request permission to send local push notifications for dose reminders, check-in reminders, and milestones. These notifications are generated and delivered entirely on your device. No personal data is transmitted to send these notifications. You can disable notifications at any time through your device's Settings.

6. Data Retention

Since all personal data is stored locally on your device, it persists until you delete the App. Uninstalling Milligram permanently removes all locally stored data. Subscription records held by RevenueCat and Apple are retained according to their respective privacy policies.

7. Your Rights

You have the right to:

• Delete all your data by uninstalling the App
• Export your dose logs and health markers via the CSV export feature
• Disable notifications at any time through iOS Settings
• Request information about any data we hold (though we hold none beyond what RevenueCat processes for subscriptions)

To exercise any of these rights or ask questions, contact us at the email address below.

8. Children's Privacy

Milligram is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18.

9. Third-Party Links

The App may contain links to external websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

10. Security

Data stored on your device benefits from iOS's built-in encryption and security protections. All network communication with RevenueCat, Apple, Google Gemini, and PostHog uses HTTPS encryption. We do not operate our own servers or store your personal data remotely. The primary security boundary is your device itself.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by the laws of Victoria, Australia, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

13. Contact Us

If you have questions about this Privacy Policy, please contact us at:
enzoanderson2010@icloud.com