Trimly: AI GLP-1 Dose TrackerPrivacy Policy & Health Data Privacy Notice
Trimly · Last updated June 14, 2026
This Privacy Policy and Health Data Privacy Notice explains how Trimly ("Trimly," "we," "us," or "our"), operated by Univerlist, collects, uses, stores, discloses, transfers, and protects information when you use the Trimly mobile application, our website, and related services (the "App"). Trimly is a wellness tracking and AI coaching companion for people who have been prescribed a GLP-1 medication. By using the App, you agree to this Privacy Policy, which is incorporated into our Terms of Use. Univerlist is the data controller responsible for the personal information processed under this policy.
Trimly is not a medical device. It does not diagnose, treat, or prescribe, and it is not a substitute for professional medical care. Always talk to your doctor about treatment decisions. See our Terms of Use.
Not HIPAA-covered. We are not a healthcare provider, health plan, or healthcare clearinghouse. The information you provide is not "protected health information" and is not subject to HIPAA. We still protect it as described below.
1. Key terms
- Personal information means information that identifies, relates to, describes, or could reasonably be linked to a person or household.
- Health data means information about your health, body, medication use, dose logs, side effects, weight, nutrition, hydration, sleep, progress photos, notes, and similar information you enter, upload, import, or generate in Trimly.
- Sensitive personal information means information treated as sensitive under applicable law, including health data, consumer health data, account credentials, and body-related photos.
- Consumer health data means health-related information protected under laws such as the Washington My Health My Data Act, Nevada consumer health data laws, and similar state laws.
- De-identified data means data processed so it is not reasonably linked to a specific person. Aggregated data means data combined from multiple users into summary statistics or trends.
2. Where this policy applies
This policy applies to the Trimly iOS app (where you may create an anonymous session or sign in with Apple, track information, manage subscriptions, use AI features, and optionally connect Apple Health), our website (which provides marketing information, legal pages, and support contact), and support communications (where we process the information you choose to send).
3. Information we collect
Account information
When you sign in with Apple, we receive a stable Apple user identifier and, if you choose to share it, your name and email. You may also use the App with an anonymous session that is not linked to your identity. We use this to create and manage your account, authenticate you, sync your data, provide support, and secure the App.
Onboarding and profile information
Information you provide during onboarding and in your profile, such as medication type, goals, biological sex, year of birth, height, starting weight, and unit preferences. We use this to personalize your experience and provide relevant tools.
Health and wellness logs
Health-related data you choose to enter, including medication and dose history, weight, side effects, hydration, food entries, workouts, mood, daily check-ins, reminders, and free-text notes. This provides the App's core tracking, organization, reminder, history, and personalization features.
Food photos and progress photos
If you use food-photo estimation, photos may be processed by AI providers to generate nutritional estimates and are used only to return the requested result. If you save progress photos or meal photos, those images are stored with your account and treated as sensitive information where required by law. You should not upload images containing unnecessary personal, medical, or identifying information.
AI messages and inputs
When you use AI features, the relevant data you entered and limited session context may be sent to our AI providers to generate a response. AI output is for educational and informational purposes only and is not medical advice. We do not use your messages or personal health data to train our own or our providers' AI models.
Apple Health (HealthKit) data
With your explicit permission, the App reads health metrics from Apple Health to personalize coaching, including body weight, heart rate, heart rate variability, sleep, steps, active energy, and dietary protein and calories. With your permission the App may also write data you log (such as weight, water, and workouts) back to Apple Health. Apple Health data is read on your device and is not stored on our servers. See Section 9.
Subscription information
Subscriptions and in-app purchases are processed by Apple and RevenueCat. We may receive subscription status, entitlement status, product identifier, renewal status, and purchase metadata. We never receive your full payment card details.
Analytics and attribution data
We use analytics and attribution tools to understand performance, onboarding, feature usage, and how users discover Trimly, using providers such as PostHog, Firebase, AppsFlyer, and Meta. We never intentionally send the contents of your notes, your dose amounts, your weights, your side effects, or your photos to analytics or attribution platforms. We collect device model, OS version, app version, and advertising/install identifiers (including IDFA only after you grant App Tracking Transparency permission).
Device, technical, and support information
Device type, operating system, app version, crash reports, performance logs, and network metadata such as IP address where processed by providers for routing, security, and abuse prevention. If you contact support, we process the information you choose to include and treat any health-related details as sensitive, using them only to respond, troubleshoot, prevent fraud, and comply with the law.
4. Health Data Privacy Notice
This section explains how we handle health data and consumer health data. We may collect health data you choose to enter, upload, import, or generate, including medication and dose logs, side effects, weight, nutrition, hydration, sleep, progress photos, and notes. We use it to provide the App's core tracking features, organize your logs and history, sync your data across devices, provide AI features you request, personalize your experience, improve reliability, maintain security, respond to support, and comply with the law.
We do not sell consumer health data. We do not share consumer health data for targeted advertising. We do not use your personal health data to train AI models. We do not use geofencing to identify or target you near healthcare facilities. If we ever materially expand how we use, disclose, or process consumer health data, we will update this policy and provide any notices, consents, written authorizations, or opt-outs required by law. The Washington My Health My Data Act requires valid authorization before any sale of consumer health data, retained by both parties for six years.
5. How we use your information
- To provide, operate, and maintain the App's core features: logging, insights, reminders, and AI coaching.
- To create and authenticate accounts and sync data across devices.
- To generate AI responses based on the data you enter and the health metrics you connect, and to process food photos you submit.
- To manage subscriptions and entitlements and send notifications you enable.
- To operate, secure, debug, and improve the App, prevent fraud and abuse, and enforce our Terms.
- To respond to support requests and comply with legal obligations.
- To measure marketing campaign performance, only with your tracking consent.
We never use your Apple Health data for advertising or marketing, never sell it, and never use it to train AI models. Health data is used only to provide and improve health-management features within the App.
6. Future uses we may consider
We may consider additional uses in the future, including product improvement using de-identified or aggregated data, de-identified trend analysis, or business or acquisition-related transfers. We do not currently sell personal information or consumer health data. Before beginning any future practice that requires notice, consent, written authorization, or opt-out rights, we will update this policy and implement the mechanisms required by law. Nothing in this section changes our Apple HealthKit commitments (Section 9): Apple Health data is excluded from any sale, advertising use, unrelated disclosure, or AI-training use that would violate Apple's rules or the law.
7. How we share information
We share limited information only as described here.
Service providers
We share data with vendors who process it on our behalf, under contract, only to provide services to us:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, database, storage | Account data, tracking data, photos |
| OpenAI / Anthropic | AI coaching, summaries, food-photo estimation | Relevant inputs, photos, limited session context |
| RevenueCat | Subscription management | Subscription status, purchase metadata |
| Apple | Sign in with Apple, App Attest, push, billing | Account identifier, subscription and purchase data |
| Apple HealthKit | Optional health-metric sync | Authorized HealthKit data, read on device |
| Firebase (Google) | Analytics, crash reporting, push delivery | Non-health usage and technical data |
| PostHog | Product analytics | Non-health usage data |
| AppsFlyer | Install attribution and marketing measurement | Install source, device/app context |
| Meta | Advertising attribution and campaign measurement | Install/event signals (with tracking consent) |
Legal and safety disclosures
We may disclose information if required by law, subpoena, court order, or government request, or if we believe it necessary to protect the rights, safety, property, or security of Trimly, our users, our company, or others.
With your consent, and business transfers
We may share information when you direct us to or give explicit consent. If Univerlist or substantially all of our assets are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring or successor entity, subject to applicable law and this policy. If that entity intends to materially change how personal information, sensitive personal information, or consumer health data is processed, it will provide notice and obtain any consent, written authorization, or opt-out required by law before those practices begin. Apple Health data is excluded from any business-transfer use that would violate Apple's HealthKit rules or the law.
We do not sell your personal information, and we do not share your data with these providers for their own independent purposes.
8. What we do not do
Trimly does not currently: sell personal information; sell consumer health data; share personal information for cross-context behavioral advertising; share or use health data for advertising; use Apple Health data for advertising, marketing, data mining, or sale; use your personal health data to train AI models; provide medical advice, diagnosis, or dosing instructions; store Apple Health data on our servers; intentionally send health entries to analytics or attribution platforms; or use geofencing to target users near health-service locations. If any of these change, we will update this policy and provide notice, consent, written authorization, or opt-out rights where required by law.
9. Apple HealthKit commitments
If you connect Apple Health, we comply with Apple's HealthKit rules. Apple Health data: will not be sold; will not be used for advertising or marketing; will not be used for use-based data mining; will not be shared with third parties except as permitted by Apple and applicable law; will only be accessed with your permission; will only be requested for data types relevant to App functionality; and will not be stored on our servers unless a future feature clearly states otherwise and receives required permissions. These commitments override any broader future-use or business-transfer language in this policy.
10. Where and how we store data
| Data type | Storage | Notes |
|---|---|---|
| Account data | Supabase | Login, account management, and syncing |
| Tracking data | Supabase | App features and account syncing |
| Saved photos | Supabase storage, or AI provider during processing | Stored only if saved by you or needed for the feature |
| Food-photo processing | AI provider during processing | Used to return the requested result |
| Apple Health data | Local device only | Read on device, not stored on our servers |
| Subscription status | RevenueCat, Apple | No full payment card data |
| Analytics | PostHog, Firebase, AppsFlyer | Non-health usage and attribution data |
| Support messages | Email/support tools | Only information you choose to send |
Data is encrypted in transit and at rest where supported by our providers. Credentials are stored in the iOS Keychain, AI requests are gated by Apple's App Attest, and access to your records is restricted by per-user authorization rules. No system can guarantee absolute security, but we work to protect your information. If a data breach requires notification under applicable law, we will notify affected users as required.
11. Data retention and deletion
| Data type | Retention |
|---|---|
| Account data | While your account is active |
| Tracking data | While your account is active, unless deleted by you |
| Saved photos | Until deleted by you or your account is deleted |
| Subscription records | As needed for billing, support, fraud prevention, and legal compliance |
| Support records | As long as reasonably necessary for support and legal obligations |
| Crash/performance logs | Limited period for debugging, then deleted or aggregated |
| De-identified or aggregated data | May be retained indefinitely |
You can delete your account and all associated data at any time from within the App: Settings → Delete Account. Upon a deletion request, active system data is deleted or deactivated within a reasonable period, generally within 30 days; backup copies may persist for a limited period before being overwritten; and some information may be retained for legal, security, fraud-prevention, dispute-resolution, tax, or accounting purposes. Apple Health data requires no deletion from our servers because we do not store it there.
12. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or export your information, withdraw consent, opt out of sale, sharing, targeted advertising, or profiling, limit the use of sensitive personal information, appeal a denied request, and request a list of certain third parties to whom we disclosed personal information. You can manage many choices in the App, including editing or deleting tracking data, disabling AI features, revoking Apple Health access, and managing notifications. To exercise rights, use in-app deletion or email [email protected]. We may verify your identity before acting, and an authorized agent may submit a request with proof of authority. We will not discriminate against you for exercising your rights.
13. United States state privacy rights
California. Under the CCPA as amended by the CPRA, you may have the right to know, access, delete, and correct personal information, to opt out of sale or sharing, to limit use of sensitive personal information, and to non-discrimination. In the preceding 12 months we may have collected identifiers, customer records, commercial information, internet/network activity, photos you upload, limited inferences, and sensitive personal information (health data, credentials, body-related photos). We do not sell or share personal information as defined under California law; if that changes, we will provide a "Do Not Sell or Share My Personal Information" link and required opt-out mechanisms. We do not offer financial incentives for personal information.
Washington (My Health My Data Act) and Nevada. Some data you enter is "consumer health data." You may confirm whether we collect, share, or sell it, access or delete it, withdraw consent, and receive information about certain third-party disclosures. We do not sell consumer health data and do not use geofencing around health-service locations. If we ever sell consumer health data, we will obtain any written authorization required by law first. Nevada residents may email us with the subject "Nevada Privacy Request."
Oregon, and other states. Residents of Oregon, Virginia, Colorado, Connecticut, Texas, Utah, Montana, Tennessee, and other states with comprehensive privacy laws may have rights to access, correct, delete, port, obtain information about third-party disclosures, and opt out of sale, targeted advertising, or certain profiling. To exercise any state right, contact [email protected].
14. Appeals
If we decline your privacy request, you may appeal by replying to our decision or emailing [email protected] with "Privacy appeal" in the subject line. We will respond within the time required by your state's law. If your appeal is denied, you may contact your state attorney general or applicable regulator.
15. International users and legal bases (EEA/UK)
Trimly is operated from, and your information may be transferred to and processed in, the United States and other locations where our service providers operate. Where required, we use appropriate safeguards for such transfers, such as contractual protections with providers. Where GDPR or UK law applies, we process your data on these legal bases: contract (to provide the App, account features, and subscriptions), consent (health data, Apple Health access, certain AI features, notifications, and tracking), legitimate interests (security, abuse prevention, debugging, analytics, and improvement), and legal obligations (tax, accounting, legal requests, and regulatory requirements). You may withdraw consent at any time.
16. Cookies and tracking technologies
The App does not use traditional website cookies. Our website may use essential cookies and basic analytics to understand traffic and improve the site; we do not use website cookies for cross-site behavioral advertising. You can control cookies through your browser settings. If we add tracking technologies requiring consent, we will update this policy and provide the required consent mechanisms.
17. App Tracking Transparency and your choices
The App does not track you across other companies' apps or websites for advertising unless you grant permission through Apple's App Tracking Transparency prompt. If you decline, the App remains fully functional and your advertising identifier (IDFA) is not collected. You can change this anytime in iOS Settings → Privacy & Security → Tracking.
18. Global Privacy Control and Do Not Track
There is no uniform standard for "Do Not Track" browser signals, and we do not currently respond to them. Where required by law, we honor legally recognized opt-out preference signals such as the Global Privacy Control for applicable web activity. Because the App does not sell or share personal information for cross-context behavioral advertising and only uses tracking after you grant App Tracking Transparency permission, most opt-out signals have no additional data to act on.
19. Children
The App is intended for adults aged 18 and older who have been prescribed a GLP-1 medication. It is not directed to children, and we do not knowingly collect data from anyone under 18. If we learn we collected information from someone under 18, we will delete it as required by law.
20. Third-party links and services
The App or our website may link to third-party websites, products, or services. This policy does not apply to them, and we are not responsible for the privacy practices, content, or policies of third parties.
21. Changes to this policy
We may update this Privacy Policy from time to time. The current version is posted here, and we will revise the "Last updated" date. If we make material changes, we will provide notice where required by law, such as through email, in-app notice, or website notice. Continued use after the effective date means you accept the updated policy, except where additional consent is required by law.
22. Contact us
Privacy enquiries
[email protected]Univerlist — operator of Trimly · Support: [email protected]