Shotz Privacy Policy

Last updated: May 17, 2026

This Privacy Policy explains how Shotz App LLC, doing business as Shotz ("Shotz," "we," "us," or "our"), collects, uses, shares, and protects personal information when you use the Shotz mobile application, website, and related services.

Shotz is a mobile app that helps users track medication injections and related health information. Depending on how you use the app, this may include injection logs, medication details, reminders, weight entries, symptom tracking, subscription status, account management, and AI-powered insights.

If you do not agree with this Privacy Policy, do not use the Service. If you have questions, contact us at simon@shotzapp.app.

We collect information you provide directly to us, information collected automatically when you use the Service, and limited information from third parties.

Depending on the features you use, we may collect:

• Account information, such as your email address, password, and authentication details.
• Profile and settings information, such as your preferred units, medication details, reminder settings, goals, and similar account preferences.
• Health-related information you choose to enter, such as injection history, medication names, dosage details, weight entries, symptom entries, notes, and related tracking data.
• Support and communication information you provide when you contact us.
• Social login information if you choose to sign in with Apple or Google.

Some of this information, especially health-related information and account login information, may be considered sensitive personal information under applicable law.

If you purchase a subscription, payment processing is handled by Apple through the App Store. We do not store your full payment card number or security code. We may receive subscription-related information such as product identifiers, subscription status, trial status, transaction identifiers, renewal or expiration data, and purchase or restore events.

Apple's privacy policy is available at https://www.apple.com/legal/privacy/en-ww/.

If you use the app, we may collect information needed to operate, secure, and improve it, including:

• Device, app, and network information.
• Log, diagnostic, crash, and performance information.
• App activity related to account access, feature usage, paywall presentation, purchase attempts, restore attempts, and error handling.
• App activity related to registration, trial starts, subscription status, subscription purchases, and other subscription conversion events.
• Reminder and notification settings you choose in the app, and whether notification permission has been granted or denied on your device.

We may also request permission to send push notifications. You can manage that permission in your device settings.

When you use the Service, we may automatically collect technical information such as:

• IP address
• Device type and operating system
• App version
• Language and region settings
• Usage timestamps
• Error reports and related diagnostics

We use this information primarily to operate the Service, maintain security, troubleshoot problems, and understand product usage.

When you visit our website or interact with our app, we may collect and share limited event information for advertising, analytics, and conversion measurement. This may include:

• Website activity, such as page views, content views, and App Store outbound-link clicks.
• App and subscription activity, such as app installs or opens, registration events, paywall interactions, checkout attempts, restore attempts, trial starts, subscription starts, and purchase events.
• Technical information associated with those events, such as IP address, browser or device information, user agent, event timestamps, source URL, and event identifiers.
• Subscription conversion details, such as product identifier, subscription event type, plan, discount status, transaction or order identifier, currency, and purchase value.
• A hashed account identifier, app user identifier, or similar pseudonymous identifier used to help measure whether an event is associated with a Shotz account.

We use Meta Business Tools, which may include the Meta Pixel on our website, Meta App Events through the Meta SDK in the app, and Meta Conversions API from our server. These tools help us measure ad performance, understand whether marketing campaigns lead to app installs, trials, or subscriptions, and improve advertising effectiveness.

We do not send your medication names, injection logs, dosage details, weight entries, symptom entries, notes, reminders, chat content, or other health-tracking content to Meta for advertising or conversion measurement.

We may receive limited information from third parties, including:

• Apple and Google when you use their sign-in services
• Apple when it provides subscription, billing, and account-related events
• Service providers that help us operate our infrastructure, authentication, analytics, or AI features

If you sign in through a third-party account, the information we receive depends on the permissions and settings associated with that provider.

We use personal information to:

• Create and manage your account
• Authenticate you and support sign-in flows
• Store and sync your app data across sessions and devices
• Provide reminders, tracking features, and account functionality
• Process subscriptions, entitlement checks, purchase restores, trials, and billing-related workflows
• Respond to support requests and service inquiries
• Send service-related notices, updates, and policy changes
• Protect the Service, detect abuse, prevent fraud, and troubleshoot issues
• Analyze usage trends and improve product performance
• Measure trial conversion, subscription performance, onboarding effectiveness, pricing flow performance, and retention trends
• Measure advertising campaign performance and improve ad attribution, including through Meta Business Tools
• Provide AI-powered features and insights where available
• Comply with law and enforce our legal terms

We do not sell your personal information.

If you are in the EEA, UK, or Switzerland, we process personal information only where we have a valid legal basis, including:

• Your consent
• Performance of a contract with you
• Our legitimate interests, such as operating, securing, and improving the Service
• Compliance with legal obligations
• Protection of vital interests where applicable

If you are in Canada, we may process information with your express or implied consent, or where otherwise permitted by law.

We may share personal information in the following circumstances:

• With service providers that help us operate the Service
• With Apple or Google when needed for login, subscription processing, purchase validation, restore flows, or platform compliance
• With AI service providers when you use AI-powered features
• With Meta for advertising, analytics, and conversion measurement through Meta Business Tools, as described above
• If required by law, subpoena, court order, or similar legal process
• To protect the rights, safety, security, or integrity of Shotz, our users, or others
• In connection with a merger, financing, acquisition, reorganization, or sale of assets

We require service providers to process personal information only for authorized purposes and to protect it appropriately.

Our current providers may include:

• Supabase for authentication, database, backend infrastructure, and cloud services
• Apple for Sign in with Apple, App Store billing, subscription processing, and related account events
• Google for Google account sign-in and Google AI features
• Meta for website pixel, app event, advertising, analytics, and conversion measurement services

We may use analytics and advertising technologies to understand how people find and use Shotz, measure whether our ads result in app installs, trial starts, or subscriptions, and improve our marketing.

On the website, the Meta Pixel may collect events such as page views, content views, and App Store outbound-link clicks. In the app, the Meta SDK may collect app events such as app installs or opens, registrations, paywall views, checkout attempts, restore attempts, trial starts, subscription starts, and purchase events. From our server, Meta Conversions API may send subscription conversion events such as StartTrial, Subscribe, and Purchase, along with event time, event identifier, product identifier, purchase value, currency, and a hashed Shotz account identifier.

Meta may use information it receives through Meta Business Tools according to its own terms and privacy policy, including for ad measurement, attribution, optimization, and related advertising purposes. You can learn more at https://www.facebook.com/privacy/policy/ and https://www.facebook.com/help/331509497253087/.

We do not use Meta Business Tools to send health-tracking content, including medication names, injection logs, dosage details, weight entries, symptom entries, notes, reminders, or chat content.

You may be able to limit certain advertising or analytics collection through your browser settings, device settings, iOS tracking controls, Meta ad settings, or other privacy controls. Where required by law, you may also contact us to opt out of certain advertising-related uses or sharing.

Shotz may offer AI-powered features, such as AI insights or educational chat experiences.

When you use those features, your input and limited related context may be processed by a third-party AI provider, including Google Gemini services, to generate a response. We use that processing to provide the feature, maintain safety controls, and improve reliability.

Do not submit information you do not want processed by an AI provider.

AI outputs may be incomplete or inaccurate. Shotz is not a medical provider, and AI-generated content is not medical advice, diagnosis, or treatment.

If you choose to register or sign in using Apple or Google, we may receive profile or authentication information from that provider, such as your name, email address, and account identifier, depending on the provider and your settings.

We use this information only to authenticate you and manage your Shotz account. Your use of Apple or Google is also subject to those providers' own privacy policies.

We and our service providers may process information in the United States and other countries where we operate or where our vendors operate.

If you are located outside the United States, your information may be transferred to countries that may not provide the same level of legal protection as your home jurisdiction. Where required, we use appropriate safeguards, such as contractual protections.

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and protect the Service.

In general:

• Account and app data may be retained while your account remains active.
• Subscription and transaction-related records may be retained as needed for accounting, fraud prevention, legal compliance, and audit purposes.
• Some operational logs, backups, and de-identified or anonymized records may remain for a longer period where permitted by law.

When we no longer need personal information, we will delete, anonymize, or securely isolate it, unless retention is required by law.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

You should also help protect your information by using a secure device, maintaining control of your login credentials, and enabling available device-level security protections.

Shotz is not intended for children under 18, and we do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take reasonable steps to delete it. If you believe a child has provided us information, contact us at simon@shotzapp.app.

Depending on where you live, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate personal information
• Delete personal information
• Obtain a copy of your personal information
• Restrict or object to certain processing
• Withdraw consent where processing is based on consent
• Appeal certain decisions about privacy requests
• Opt out of certain uses of personal information where required by law
• Opt out of certain sharing or targeted advertising where required by law

We do not sell personal information for money. Some uses of Meta Business Tools may be considered "sharing," "targeted advertising," or "cross-context behavioral advertising" under certain US state privacy laws. Where those laws apply, you may have the right to opt out of that activity.

If you are in the EEA, UK, or Switzerland, you may also have the right to lodge a complaint with your local data protection authority.

If you are a resident of a US state with applicable privacy laws, you may have rights to know, access, correct, delete, or obtain a copy of your personal information, and to exercise other rights provided by state law.

Categories of personal information we may collect include:

• Identifiers, such as email address, account identifiers, and IP address
• Customer record information you provide to us
• Commercial information related to subscriptions and transactions
• Internet or network activity information
• Inferences related to product usage, advertising measurement, or subscription conversion trends
• Sensitive personal information, including account login information and health-related data you choose to enter

We collect and use sensitive personal information only for purposes allowed by law or with your consent, and not for inferring characteristics about you for advertising. We do not send health-tracking content to Meta for advertising or conversion measurement.

To exercise privacy rights, contact us at simon@shotzapp.app.

We may need to verify your identity before completing a request. You may also designate an authorized agent where permitted by law.

Some browsers offer a "Do Not Track" setting. Because there is no universally accepted standard for responding to those signals, we do not currently respond to them.

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by updating the date above, posting a notice in the app, or using other appropriate means.

If you have questions or requests about this Privacy Policy, you can contact us at:

Shotz App LLC 1040 Spring Street Apt D Madison, WI 53715 United States Email: simon@shotzapp.app

You may review or update some account information inside the app. You may also request access, correction, or deletion of your personal information by emailing simon@shotzapp.app.

We may retain certain information where required or permitted by law, including for fraud prevention, legal compliance, accounting, dispute resolution, and enforcement of our agreements.