Privacy Policy
JabWell · GLP-1 Tracker & AI Coach
Effective date: June 3, 2026
Summary
JabWell is an educational companion for people on GLP-1 medication. We follow a strict on-device architecture:
- Your health data stays on your device. Injection logs, weight, symptoms, photos, and chat history live in iOS storage protected by your device passcode and Apple's Data Protection.
- We never sell your data.
- We never share your data with advertising networks or marketing partners.
- AI features require your in-app permission before data is sent. AI Nurse chat, source retrieval, and AI Scan use third-party AI providers only after you agree in JabWell.
- AI Nurse chat queries do leave your device (sent through our Cloudflare Worker to DeepSeek — see §4) and may include your message text plus brief app context such as medication brand, dose, weeks of treatment, recent summaries, and safety mode. They do not include your name or Apple HealthKit records.
- Source search and AI Scan use OpenAI. Source search sends your typed query for embedding. AI Scan sends a captured photo only when you choose to scan.
1. What we collect locally on your device
The following are stored only on your device in encrypted iOS storage. They never reach our servers.
- Injection log entries (medication brand, dose, site, timestamp, optional notes)
- Weight readings (from Apple Health or manual entry)
- Symptom entries (severity ratings, optional free-text note, optional 1–10 daily-feel slider)
- Custom symptom labels you create
- Photo journal images (hair / skin / site references)
- AI Nurse chat history (your messages and Nora's responses, including cited sources)
- App preferences (Safe Mode, palette override, push notification opt-ins)
You can delete this data via Settings → Account & Data → Delete Account & Data, or by uninstalling the app, at any time.
2. Apple HealthKit
JabWell reads body-mass (weight) samples from Apple HealthKit, and only with your explicit permission. This permission is requested when you tap "Connect Apple Health" on the Body tab.
- What we read: body-mass samples (kilograms or pounds, your unit), and the timestamp of each sample.
- What we do NOT read: any other HealthKit category. We do not request workout, heart rate, sleep, nutrition, or any other Health data.
- What we do NOT write: JabWell does not write any data back to HealthKit in v1.
- Storage: weight samples imported from HealthKit are stored only on your device, alongside your other JabWell data. They are never uploaded to our servers, never shared with third parties, and never used for advertising or marketing.
- Revoking access: you can revoke HealthKit permission at any time in iOS Settings → Privacy & Security → Health → JabWell. After revocation, JabWell will no longer auto-sync new readings, but previously imported readings remain in JabWell's local database until you delete them.
3. What we collect on our servers
The only data that leaves your device is:
- Anonymous app analytics events (e.g. "log injection saved", "milestone-5 shown") with no personally identifying or health-specific values. We use this only to understand which features are working — never to profile individual users.
- Crash reports via Apple's standard crash reporting (anonymized, opt-in via iOS Settings).
- Subscription receipts verified by Apple via RevenueCat for entitlement management. These contain only the subscription identifier and an anonymous user ID — no health data.
- Third-party AI requests after your permission for AI Nurse chat, source search, or AI Scan as described below.
We do not collect IP addresses for tracking. We do not use cookies. We do not run advertising SDKs.
4. AI Nurse (Nora) chat and source retrieval
Before your first AI request, JabWell shows an in-app disclosure and asks for your permission to share limited data with third-party AI providers. If you cancel, the AI request is not sent.
- When you send a message to Nora in the Coach tab, the message text and brief app context may be sent through a JabWell/Loveiko Labs Cloudflare Worker to DeepSeek (
deepseek-chat) to generate Nora's reply.
- Brief app context may include medication brand, current dose, weeks on treatment, safety mode, topic tag, and short summaries such as recent symptoms or weight trend when a feature needs that context. We do not send your name or raw Apple HealthKit records.
- To retrieve educational sources, your typed query is sent through the same Cloudflare Worker to OpenAI (
text-embedding-3-small) to create an embedding. The app compares that embedding against the bundled source library and uses the top passages to ground Nora's answer.
- DeepSeek and OpenAI receive AI requests only for these app functions. They do not receive RevenueCat subscription records from JabWell.
- Every Nora response is checked for compliance phrases before display, and includes an "Educational, not medical advice. Consult your prescriber." footer.
If you turn on Safe Mode in Settings, the profile context sent to DeepSeek omits weight numbers and replaces directional weight references with non-numeric phrasing.
5. AI Scan photos
If you choose AI Scan, JabWell sends the photo you capture through our Cloudflare Worker to OpenAI (gpt-4o) for one-time classification of a pen, syringe, or injection-site image.
- Photos are sent only after you choose to scan and after you have accepted AI data sharing in the app.
- JabWell does not store the scan photo on our servers.
- The OpenAI Vision request uses
store:false where supported.
- The classification result is used only to help you log or review the scan inside JabWell.
You can delete any photo from JabWell at any time. Photos are never sent to advertising networks, never linked to your name, and never used for ad targeting.
6. Photo journal
Photos you capture in the Hair / Skin photo journal are stored on your device. Photo journal images are not uploaded for advertising or marketing.
You can delete any photo from the journal at any time. Photos never go to advertising networks.
7. Subscriptions and payments
JabWell is a paid app. Subscriptions are managed by Apple's App Store. We use RevenueCat to verify subscription receipts and manage entitlement state. RevenueCat receives only an anonymous user identifier and the subscription receipt — no health data, no name, no email. See RevenueCat's privacy policy at revenuecat.com/privacy.
8. What we do NOT do
- We do not sell your data.
- We do not share your data with advertising networks.
- We do not use HealthKit data outside the JabWell app (per Apple HealthKit guidelines § 5.1.3).
- We do not derive insights for clinical decision-making, diagnosis, or prescription. JabWell is an educational companion. It does not replace your healthcare team.
- We do not provide JabWell to anyone under 18.
9. Children's privacy
JabWell is for adults on GLP-1 medication. We do not knowingly collect data from anyone under 18. If you believe we have, contact us at the email below and we will delete the account.
10. Data retention and deletion
All on-device data persists until you delete it (Settings → Account & Data → Delete Account & Data, or by uninstalling the app). Server-side analytics events are retained for up to 24 months and then aggregated. Crash reports are retained per Apple's standard policy.
11. Your rights
Depending on where you live (EU/UK GDPR, California CCPA, etc.), you may have rights to access, correct, or delete your data. Because we hold no personally identifying data on our servers, most rights apply only to your local app data — which you can fully control via Settings → Account & Data → Delete Account & Data.
For requests about server-side analytics that may be associated with your anonymous device identifier, contact us:
12. Changes to this policy
If we materially change how data is handled, we will update this page and bump the date at the top. For significant changes (e.g. adding a new third-party provider), we will surface an in-app notice before the change takes effect.
13. Contact
JabWell is an independent educational companion app. It is not affiliated with, endorsed by, or sponsored by Novo Nordisk, Eli Lilly, the FDA, the American Academy of Family Physicians (AAFP), Mayo Clinic, Cleveland Clinic, or any other organisation referenced in the app.