PeePal logoPeePal
Get Started
Legal

Privacy Policy

Last updated: November 9, 2025

Privacy Policy

Last Updated: 9 November 2025

Effective Date: 9 November 2025

Introduction

PeePal is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our bladder health tracking application.

Our Privacy-First Approach: PeePal is designed to work entirely on your device without requiring any login or account. Your health data stays on your iPhone by default and is never transmitted to our servers unless you explicitly opt in to share anonymous aggregated insights.

This policy is written in plain English to ensure you understand exactly how your data is handled.

Data Controller

PeePal
Email: admin@peepal.info

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller responsible for your personal information.

1. Information We Collect

1.1 Health Data You Track (Stored Locally Only)

When you use PeePal, you may record:

  • Fluid intake volumes and beverage types
  • Bathroom visit times, volumes, and urine colour
  • Optional symptom information (urgency, flow strength)
  • Optional notes about your health patterns
  • Tracking goals and preferences

Important: This health data is stored exclusively on your device using Apple's secure local storage (Core Data). We do not have access to this data, cannot see it, and cannot retrieve it.

1.2 Optional Aggregated Research Data

If you choose to opt in during onboarding (or later in settings), you may participate in our anonymous research programme by sharing aggregated weekly health metrics:

Weekly averages (calculated automatically from your local data):

  • Average daily fluid intake (ml)
  • Average daily bathroom visits (frequency)
  • Average daily output (ml)
  • Number of days with tracking data that week (1-7)

Profile information (if you've provided it):

  • Age range in brackets (e.g., "25-34", "45-54")
  • Medical conditions you've selected in your profile (from our predefined list, e.g., enlarged prostate, diabetes, kidney disease)
  • Medications you've selected in your profile (from our predefined list, e.g., tamsulosin, finasteride)

Anonymous identifier: A SHA256 cryptographic hash (one-way encryption combining your device's anonymous ID, the week date, and a security salt). This cannot be reversed or linked back to you personally.

Important:

  • This data is submitted automatically once per week in the background when you opt in
  • It's fully anonymised and aggregated — we cannot identify you or access your individual health logs
  • PeePal focuses on male urinary health conditions. The medical conditions and medications we track are specific to male health concerns, but we do not collect or store any information about your gender or gender identity

What we do NOT collect even if you opt in:

  • Your name, email address, or any personally identifiable information
  • Gender or gender identity information
  • Individual log entries, notes, or detailed symptoms
  • Location data or real-time tracking
  • Device identifiers (IDFA, advertising IDs)
  • Medical data that identifies you as an individual

1.3 Technical Information

When you use PeePal, we may automatically collect:

  • Device type and iOS version (for compatibility)
  • App version and crash reports (for bug fixes)
  • Anonymous usage analytics (only if you opt in)

This information is collected anonymously and cannot be used to identify you personally.

2. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your information on the following legal bases:

2.1 Legitimate Interests (Article 6(1)(f))

  • Improving app functionality and user experience
  • Debugging and fixing technical issues
  • Analysing anonymous aggregated data to enhance insights

2.2 Consent (Article 6(1)(a))

  • Sharing anonymous insights data (opt-in only)
  • Receiving optional notifications
  • Participating in anonymous analytics

You can withdraw consent at any time through the app settings.

2.3 Special Category Data

Health data is considered "special category" personal data under UK GDPR (Article 9).

For local health tracking: Because your detailed health data is stored exclusively on your device and never transmitted to our servers, we do not process this data and therefore Article 9's restrictions do not apply to your local tracking.

For optional research data: If you opt in to share anonymous aggregated data, we process:

  • Medical conditions (from a predefined list of male urinary health conditions)
  • Medications (from a predefined list)
  • Aggregated weekly health metrics

We process this special category data under explicit consent (Article 9(2)(a)) and for scientific research purposes (Article 9(2)(j)). The data is fully anonymised upon submission using one-way cryptographic hashing, which means it cannot be traced back to you as an individual. This anonymisation provides additional protection beyond the legal requirements.

Focus on male health: PeePal is designed specifically for male urinary health conditions. Our medical conditions and medication lists focus on conditions predominantly affecting biological males (such as enlarged prostate, prostate cancer). We do not collect information about gender or gender identity — the app's focus is reflected in the clinical conditions it tracks, not through data we collect about you.

If you choose to export your health data (e.g., PDF reports), this is done locally on your device without our involvement.

3. How We Use Your Information

3.1 Local Device Use (No Data Sharing)

Your health tracking data is used entirely on your device to:

  • Display your daily intake and output summaries
  • Calculate hydration wellness scores
  • Detect patterns in your tracking behaviour
  • Generate insights and link to relevant health guides
  • Create PDF reports for medical appointments

All processing happens locally. We never see this data.

3.2 Anonymous Research Data (Opt-In Only)

If you opt in to share anonymous aggregated data, we use it for research purposes to:

  • Calculate population averages for comparison within similar cohorts
  • Identify common health patterns across age groups and medical profiles
  • Improve our pattern detection algorithms
  • Create evidence-based educational content for our website and health guides
  • Provide aggregated community insights when we reach sufficient participants (500+)

For example, you might see insights like: "Your average daily intake is similar to 68% of users in your age range" or "Users managing similar conditions typically visit the bathroom X times per day."

Important: We cannot identify individual users from this aggregated data. All analysis is performed on anonymised weekly averages, not individual tracking logs. The minimum cohort size for displaying any comparative insights is 50 users to ensure anonymity.

4. Data Storage and Security

4.1 Local Storage

Your health data is stored securely on your iPhone using:

  • Core Data: Apple's encrypted local database
  • Keychain: For sensitive preferences (if applicable)
  • Encryption: All data encrypted at rest by iOS

4.2 iCloud Backup (Automatic)

PeePal uses iCloud to back up your bladder health data automatically
when you're signed into iCloud on your device.

  • What's backed up: All tracking data (visits, intake logs, patterns
  • Encryption: End-to-end encrypted by Apple (we cannot access it)
  • Storage location: Apple's iCloud servers (varies by region)
  • Control: You can disable iCloud for PeePal in iOS Settings →
    [Your Name] → iCloud → PeePal (toggle off)

If you're not signed into iCloud, all data stays on your device only.

4.3 Anonymous Research Data Storage

If you opt in, anonymous aggregated data is stored using:

  • Firebase Cloud Firestore: Secure database for anonymised research aggregates
  • Storage period: Retained for ongoing research analysis to improve the app for all users
  • Anonymisation: Data is stored using one-way cryptographic hashing and cannot be linked back to you or your device
  • No personal identifiers: Your weekly aggregates are stored separately from any identifying information

Firebase complies with UK GDPR. See Google's Privacy Policy for details.

Note about medical information: The medical conditions and medications in our research dataset are limited to a predefined list specific to male urinary health concerns. This aggregated data helps us understand patterns across users with similar health profiles, but cannot be used to identify any individual.

5. Data Sharing and Third Parties

5.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We use the following third-party services:

Firebase (Google Cloud):

  • Purpose: Anonymous insights processing (opt-in only)
  • Data shared: Anonymous UUID, age range, aggregated patterns
  • Location: EU data centres
  • GDPR compliance: Yes
  • Privacy policy: https://firebase.google.com/support/privacy

Apple CloudKit (Optional):

  • Purpose: iCloud sync (if you enable it)
  • Data shared: Your tracking data (encrypted)
  • Controlled by: You (via your Apple ID)
  • Privacy policy: https://www.apple.com/uk/legal/privacy/

5.3 Legal Obligations

We may disclose information if required by law, such as:

  • Responding to valid legal requests (court orders, warrants)
  • Protecting our legal rights
  • Preventing fraud or security threats

However, because we don't collect personal health data, we have nothing meaningful to disclose in most scenarios.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal information:

6.1 Right of Access (Article 15)

You can request a copy of any personal data we hold about you. However, since health data is stored locally on your device, you already have complete access to it.

6.2 Right to Rectification (Article 16)

You can edit or correct your tracking data directly in the app at any time.

6.3 Right to Erasure (Article 17)

You can delete all your data:

  • Local data: Delete the app from your iPhone
  • iCloud data: Disable iCloud sync and delete from Settings
  • Anonymous insights: Contact us to request deletion of your anonymous UUID

6.4 Right to Restrict Processing (Article 18)

You can opt out of anonymous insights sharing at any time in app settings.

6.5 Right to Data Portability (Article 20)

You can export your data:

  • PDF reports: Generate medical reports directly in the app
  • CSV export: Export raw data (feature coming soon)

6.6 Right to Object (Article 21)

You can object to processing at any time by opting out of anonymous insights in settings.

6.7 Right to Withdraw Consent (Article 7(3))

You can withdraw consent for anonymous insights sharing at any time without affecting your use of the app.

6.8 Automated Decision-Making (Article 22)

We do not use your data for automated decision-making with legal or similarly significant effects.

How to Exercise Your Rights

Contact us at: admin@peepal.info

We will respond to your request within one month as required by UK GDPR.

7. Data Retention

7.1 Local Health Data

Your health data is retained on your device until you:

  • Delete individual entries
  • Delete the app
  • Disable iCloud sync (if enabled)

7.2 Anonymous Research Data

If you opted in to share anonymous research data:

  • Weekly aggregated data is retained for research purposes to help improve PeePal for all users
  • You can opt out at any time through Settings → Privacy → "Share Anonymous Insights"
  • When you opt out, your device stops sending new weekly aggregates immediately
  • Previously submitted data cannot be deleted individually because it's anonymised using one-way cryptographic hashing and cannot be linked back to your device or identity
  • This anonymised research data helps us create better health insights and educational content for the community

Understanding anonymisation: Once your weekly data is anonymised and submitted, it becomes part of an aggregate dataset. Think of it like dropping a pebble into a pond — while you can stop adding more pebbles, the ones already in the pond have mixed with all the others and cannot be individually retrieved. This design protects your privacy by ensuring that even we cannot connect the data back to you.

8. Children's Privacy

PeePal is not intended for use by children under 13. We do not knowingly collect personal information from children. If you believe a child has used PeePal, please contact us at admin@peepal.info.

9. International Transfers

9.1 Data Location

  • Local data: Stored on your device in the UK (or wherever you are)
  • Anonymous insights: Processed in EU data centres (Firebase EU region)
  • iCloud: Apple may store data in various locations (see Apple's Privacy Policy)

9.2 Transfer Safeguards

When we use Firebase (Google), data transfers comply with UK GDPR through:

  • EU Standard Contractual Clauses
  • Google's UK GDPR Data Processing Terms
  • Data processed in EU data centres where possible

10. Cookies and Tracking

10.1 No Cookies

PeePal is a native iOS app and does not use cookies.

10.2 No Advertising Tracking

We do not use advertising identifiers (IDFA) or track you across other apps and websites.

10.3 Anonymous Analytics (Opt-In)

If you opt in, we may collect anonymous usage analytics to improve the app:

  • Screen views (which features are used)
  • Error rates
  • Performance metrics

You can opt out at any time in settings.

11. Security Measures

We implement industry-standard security measures:

  • Encryption: All local data encrypted by iOS
  • Secure transmission: HTTPS for any network requests
  • Minimal data collection: We don't collect what we don't need
  • Anonymous by default: No personal identifiers used
  • Regular updates: Security patches via App Store

However, no method of electronic storage is 100% secure. Use a strong device passcode and keep iOS updated.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in data protection law
  • New features or services
  • Improvements to our privacy practices

When we make material changes, we will:

  • Update the "Last Updated" date at the top
  • Notify you via the app
  • Request renewed consent if required by law

Continued use of PeePal after changes constitutes acceptance of the updated policy.

13. Your California Privacy Rights (CCPA)

While PeePal is UK-focused, if you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). However, because we don't collect personal information (health data is local-only), most CCPA provisions don't apply. Contact us if you have questions.

14. Complaints and Regulatory Authority

If you have concerns about how we handle your data, please contact us first:

Email: admin@peepal.info

If you're not satisfied with our response, you have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

15. Contact Us

For any privacy-related questions, requests, or concerns:

Email: admin@peepal.info

We aim to respond to all enquiries within 48 hours.

Summary: Your Privacy at a Glance

Your health data never leaves your device by default
No login required — completely anonymous
Optional research data requires explicit opt-in
We cannot identify you from aggregated data
You control your data — delete anytime
Full UK GDPR compliance
No advertising, no tracking, no data selling

PeePal is designed to be the most private bladder health app available. Your health is personal, and your data should be too.