Skip to content
Privacy

Your data is yours.

Short version: we collect the minimum required to run the product, we never sell your data, and we make export and deletion easy.

What we store today (Phase 1)

The Phase 1 surfaces — peptide library, calculator, reconstitution guide, flashcards — work without an account. The only data stored is on your own device:

  • Your last-used calculator inputs and chosen syringe type (localStorage).
  • Your flashcard review history and spaced-repetition state (localStorage).
  • That you've acknowledged the disclaimer modal (localStorage).

Clearing your browser storage clears this. We have no copy on our servers.

What we will store when accounts ship (Phase 2+)

When auth, stack tracking, and dose logging launch, we will store:

  • Your email address (for magic-link sign-in).
  • Profile information you choose to provide — goals, age range, sex, weight range, allergies, current medications, conditions, experience level, clinician involvement.
  • Your stack: peptides, doses, schedules, vials on hand, reconstitution details.
  • Your dose log, side-effect log, and reminder preferences.
  • Phase 3+: your biomarker entries, lab PDFs you've uploaded, and AI insights generated from this data.

Sensitive fields (lab values, dose logs, biomarker data) are encrypted at rest. We log access to these tables for audit.

Medical info and community research (Slice 2.4 onward)

Free-text medical info — current medications, active conditions, allergies — is collected on its own page (/account/medical) with a separate opt-in distinct from your general profile. Six concrete commitments:

  1. Encrypted at rest with AES-256-GCM and keys Juno controls (not the database). A backup leak or unauthorized DB read returns ciphertext, not your info. AAD is bound to your user ID so a row-swap attack also fails.
  2. Never shared, sold, or sent to third parties — no advertisers, data brokers, model trainers, or commercial partners. The only consumers are Juno's own AI features (contraindication scan, regimen designer, stack chat).
  3. Audit-logged. Every time an AI feature decrypts your medical info, the timestamp is recorded and shown to you on the medical info page. You can see when Juno last accessed your data.
  4. Anonymous community research is opt-in separately. Off by default. You can use the safety features without contributing to research. If you opt in, your medications, conditions, regimens, and reported outcomes are aggregated with other contributors' through k-anonymity (≥ 10) and differential privacy on sensitive aggregations. Research findings are published publicly — free, never gated behind a paid tier.
  5. Deletable any time, granularly. A delete button on the medical info page clears all three fields, revokes both consents, and writes an audit record. Past anonymized research contributions can't be individually pulled (the anonymization is irreversible — that's the point), but no new contributions are made.
  6. Identity is separate from research. Juno knows who you are (encrypted email/name) so it can send reminders, community findings, and eventually connect lab results to your stack history. That identity is never linked to your aggregated research contributions — the research store sees an irreversible HMAC of your user ID, not the ID itself.

Why we do community research at all: peptide science is underserved by mainstream medicine, most published evidence is animal-only, and users are flying blind. The most ethical use of aggregated user data in this domain is to build a publicly available outcomes evidence base. The harm-reduction value of that — for users we'll never meet — is real. We do this with your explicit opt-in and we publish the findings free, not hoarded as a competitive moat.

What we will never do

  • Sell, rent, or license your data to third parties.
  • Use your data to train external AI models without your explicit opt-in.
  • Share clinician-relevant data with a clinician or third party without your consent — your doctor-ready summary, when it ships, is something you generate and share, not us.

Cookies and analytics

We use a privacy-respecting product analytics tool (PostHog) and error tracking (Sentry). Both are configured with cookieless tracking where possible. EU users are presented with a consent prompt before any analytics events fire.

Export and deletion

When accounts ship, every account will have a one-click data export (JSON) and a one-click account deletion endpoint. Deletion removes your data from production within 30 days and from encrypted backups within 90 days.

Children

Juno is intended for adults (18+). We do not knowingly accept accounts from anyone under 18. AI features will refuse to advise on pediatric peptide use.

Contact

Privacy questions, data requests, or complaints: privacy@juno.coach.

Last updated: 2026-05-10. Added the Medical info and community research section covering Slice 2.4 (encrypted medical fields, opt-in anonymous research with k-anonymity ≥ 10 and differential privacy, audit logging, granular deletion). We update this page when our practices change and date the changes here.