Website Protections
- Traffic is encrypted with HTTPS
- We avoid advertising trackers and third-party ad scripts
- Static assets are served through secure CDN infrastructure
- Operational logs are monitored for abuse and reliability
iOS App Protections
- Supplement logs and stack history remain on-device
- HealthKit access is permission-based and user controlled
- Authentication and subscription payments rely on Apple systems
- Optional cloud backups are governed by your Apple iCloud settings
- Experiment sharing is opt-in only, encrypted, and anonymized
API Security
- We use layered API protections to keep core features stable and responsive, even under abusive or unusual traffic patterns
- Request validation and abuse controls are designed to reduce spam and misuse so legitimate users get consistent service quality
- Authentication and access controls help ensure only authorized clients can use protected API capabilities
- Sensitive responses are intentionally limited to avoid exposing internal system details while still providing useful error feedback
- We continuously review and harden API surfaces through end-to-end audits and proactive, agent-assisted security work
For end users, these precautions translate to better uptime, safer handling of account and usage data, and faster remediation when potential risks are identified.
Responsible Disclosure
If you discover a security issue, report it via our contact page with reproduction details. We review reports promptly and coordinate remediation.