Last updated: 18 July 2026
This policy explains what ivme ("ivme", "we", "us") collects, why, and your choices. Questions: hey@getivme.com. Who operates ivme and where to reach us is in the Contact section at the end.
ivme helps people track a GLP-1 medication journey (weight, doses, nutrition, movement, labs, and how you feel). Some of this is health data, which we treat as sensitive and handle accordingly.
You give us:
From your device, only with your permission:
Automatically:
We do not sell your personal data, and we do not use your health data for advertising.
When you chat with the assistant or send a photo to log, the relevant message and image are processed by our AI provider (Anthropic, via Cloudflare) to produce a response or a structured entry. We instruct the provider not to train their models on this data. The assistant is not a medical service and does not give medical or dosing advice — see our Terms.
This feature is off until you opt in (Settings → anonymous insights). When on, your de-identified data contributes to group statistics shown to others in your cohort, and only groups above a minimum size are ever shown, so no individual can be identified. You can opt out at any time.
We share data with vendors who process it on our behalf, under contract:
| Provider | Purpose | Data |
|---|---|---|
| Clerk | Authentication | Name, email, account id |
| Cloudflare | Hosting, database, storage, AI gateway | All app data (health data, photos, chat) |
| Anthropic | AI assistant / photo analysis | Chat messages and photos you send to it |
| RevenueCat | Subscription management | Subscription status, app-user id |
| Apple / Google | Payments, health import | Purchase records; health data stays on device unless you enter it |
| Sentry | Crash reporting (if enabled) | Diagnostics, device info — no health values |
| PostHog | Product analytics (if enabled) | Usage events — no health values |
We may also disclose data if required by law, or to protect rights and safety.
Your data may be processed in the European Union and the United States, where our providers operate. Where required, we rely on appropriate safeguards for international transfers (such as the European Commission's Standard Contractual Clauses).
We keep your data while your account is active. When you delete your account or an entry, we remove it from our production systems promptly (typically immediately), and it ages out of encrypted backups within 30 days. Some records (such as transaction records) may be retained where law requires.
Depending on where you live (for example, KVKK in Türkiye, GDPR in the EU, or CCPA in California), you may have the right to access, correct, delete, export, or restrict processing of your data, and to withdraw consent. To exercise these, contact hey@getivme.com or use the in-app controls. You can:
ivme is not intended for anyone under 18, and we do not knowingly collect data from them.
We'll post changes here and update the date above; significant changes will be notified in-app.
ivme is operated by Muhammed Musa Kahya, a sole proprietorship (şahıs şirketi) registered in Türkiye, who is the data controller for your information.