Protein Diary

Privacy Policy

Last updated: June 12, 2026

The short version: everything you log in Protein Diary — food, weight, medication shots, side effects — is stored only on your device. There is no account, no cloud sync, and no advertising. We do not operate servers that receive your diary, so we cannot read, sell, or lose it. The rest of this page spells that out precisely, including the few narrow exceptions (your own exports, your device's own backups, optional crash reporting if we add it, and store-processed subscriptions).

1. Who we are

Protein Diary ("we," "our," or "us") is a personal food, weight, and medication diary for iOS and Android. This policy explains what data the app handles, where it lives, and what — if anything — ever leaves your device. Questions are welcome at hello@proteindiary.com.

2. What the app stores — on your device only

When you use Protein Diary, the app stores the following in a local database on your device:

  • Food and nutrition entries: what you log, including protein in grams and hydration
  • Weight entries: weights and dates you record
  • Medication shot logs: medication name, dose (recorded as the text you typed), injection site, and date — exactly as you enter them
  • Side-effect tags: the day-level tags you choose
  • An optional onboarding answer about whether you use a GLP-1 medication (you can answer "prefer not to say"), used only to personalize defaults
  • Goals, preferences, and settings

This is health-related data, and the app is built so that we never receive it. It is not transmitted to us or to anyone else by the app. All features work offline.

The onboarding GLP-1 answer is treated with extra care: it is never included in your JSON exports, by design, so a backup file you share cannot disclose your medication status.

3. What is transmitted: nothing, with these narrow exceptions

The app sends no analytics, runs no advertising SDKs, and has no servers of ours to talk to. Data only ever leaves your device in these cases, each under your control or your device's:

  • Your exports. You can export your diary as a JSON backup file or generate a PDF report. You choose when to create these and who receives them. (We recommend sharing PDF reports only with people you trust, such as your healthcare provider.)
  • Your device's own backups. If you have iCloud Backup (iOS) or Google Backup (Android) enabled, your device may include the app's data in its backups. That is controlled by your device settings, not by the app, and the data goes to Apple or Google under their policies — never to us.
  • Email you send us. If you email hello@proteindiary.com (including joining the waitlist), we receive what you send. We use it only to reply or to send the launch note, and we never connect it to anything in your diary — we couldn't, because we don't have your diary.

4. Crash reporting (planned, not yet active)

The current version of the app transmits nothing — including crash data.

We plan to add crash reporting using Firebase Crashlytics (a Google service) in a future version, so we can find and fix bugs. If and when it is active, a crash report may include device model, operating system version, app version, the time of the crash, and a technical stack trace of what the code was doing.

Crash reports contain no food, weight, or medication data — nothing you have logged and nothing that identifies you personally. Crash data would be used solely to diagnose and fix bugs. When crash reporting ships, we will update this policy with the effective version. See the Firebase privacy documentation for how Google handles Crashlytics data.

5. Subscriptions and payments

The core diary is free. If you choose an optional Premium subscription:

  • Payments are processed entirely by Apple (App Store) or Google (Google Play). We never see your payment card, billing address, or other payment details.
  • To recognize your subscription across reinstalls, the app will use RevenueCat, a subscription-management service that receives an anonymous purchase token from the store — not your name, email, or anything from your diary. This applies only if and when subscriptions are active in the version you use; the policy will note the effective version when they launch.
  • Manage or cancel subscriptions in your App Store or Google Play account settings.

6. We do not sell data

We do not sell, rent, trade, or share your personal information. There is no advertising in the app, no ad network SDKs, no data brokers, and no analytics on your health data. Because your diary never reaches us, we have nothing to sell even in principle.

7. Data security and retention

Because your data is stored locally, its security depends primarily on your device. We recommend using a device passcode or biometric lock, keeping your operating system updated, and being thoughtful about where you send exported files.

Your data stays on your device until you delete it. You can delete individual entries or all data in the app at any time; uninstalling the app removes its locally stored data from your device. We retain nothing, because we hold nothing.

8. Your privacy rights (GDPR, CCPA, and similar laws)

Privacy laws such as the EU/UK GDPR and the California Consumer Privacy Act give you rights over personal data that organizations hold about you. Protein Diary's design satisfies most of these rights trivially, because we do not hold your data — you do:

  • Access: all your data is visible in the app, on your device
  • Portability: export your complete diary as JSON at any time, free, from inside the app
  • Deletion: delete entries or everything from inside the app, or uninstall it
  • Rectification: edit any entry directly
  • Sale opt-out (CCPA): we do not sell personal information, so there is nothing to opt out of
  • Non-discrimination: nothing in the app changes based on exercising these rights

Because your diary is never transferred to us, there are also no international data transfers of your health data. If you contact us by email, that correspondence may be processed in the United States, and you can ask us to delete it at any time.

9. Children

Protein Diary is not intended for children under 13, and we do not knowingly collect personal information from children under 13. (We do not knowingly collect personal information from anyone, but the age line matters legally.) If you believe a child has sent us personal information by email, contact us and we will delete it.

10. Third-party services, summarized

  • Apple App Store / Google Play: distribute the app and process any subscription payments under their own privacy policies
  • Firebase Crashlytics (planned): crash reports only, with no food, weight, or medication data — see Section 4
  • RevenueCat (if/when subscriptions launch): anonymous purchase tokens only — see Section 5

That is the complete list. This website itself uses no cookies, no analytics, and no third-party scripts.

11. Changes to this policy

If we change this policy — for example, when crash reporting or subscriptions go live — we will update this page and the "Last updated" date, and note the app version a change applies to. Material changes will also be noted in the app's release notes.

12. Contact

Questions, concerns, or requests: hello@proteindiary.com. We will respond within a reasonable timeframe.