GLP JourneySign in

Privacy Notice

Last updated May 11, 2026

This Privacy Notice explains how GLP Z INC ("GLP Z", "we", "us", or "our") collects, uses, shares, and protects personal data when you use the GLP Journey application and website (the "Service"). GLP Z INC is the data controller of the personal data we process about you.

1. Personal data we collect

  • Account data: name, email address, hashed password (or third-party sign-in identifier such as Google ID).
  • Profile and health-tracking data: age, height, weight, weight goals, medication name, dose, injection schedule, calorie/protein/water goals, activity level.
  • Logged content: meals, shots, side effects, and progress photos you choose to record.
  • Support and communications: messages you send us, including email contents.
  • Usage and device data: IP address, browser/device identifiers, pages visited, and timestamps, collected automatically for security and analytics.

2. How we use your data and legal basis

  • To provide the Service (account creation, logging features, syncing, showing your progress) — necessary to perform our contract with you.
  • To process payments and manage subscriptions via Paddle — necessary to perform our contract with you.
  • To secure the Service and prevent fraud — legitimate interest in protecting users and our platform.
  • To improve the product through aggregate analytics and bug reports — legitimate interest in operating and developing the Service.
  • To provide customer support — necessary to perform our contract.
  • To send service-related and marketing emails — service emails are necessary to perform our contract; marketing emails are sent on the basis of consent or legitimate interest, and you can opt out at any time.
  • To comply with legal obligations (tax, accounting, lawful requests).

3. Sharing your data

We share personal data only with:

  • Paddle, our Merchant of Record, for the sale of subscriptions, subscription management, payment processing, tax compliance, and invoicing. Paddle's handling of payment data is governed by Paddle's Privacy Notice.
  • Service providers / sub-processors that host our infrastructure, authenticate users, store files, send emails, and provide analytics, all under written confidentiality and data protection terms.
  • Professional advisers (legal, accounting, auditors) where necessary.
  • Authorities when required by law, court order, or to protect rights, safety, or property.

We do not sell your personal data.

4. International transfers

Some of our service providers operate outside your country. Where personal data is transferred outside the UK or EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to provide an appropriate level of protection.

5. Data retention

We retain your personal data for as long as your account is active and as needed to provide the Service. After you delete your account, we delete or anonymise your data within a reasonable period, except where we are required to retain it to comply with legal, accounting, or tax obligations, or to resolve disputes and enforce our agreements.

6. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data ("right to erasure");
  • restrict or object to processing;
  • request portability of your data;
  • withdraw consent for any processing based on consent;
  • lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@glpjourney.app. We respond within one month.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, hashed passwords, and least-privilege database policies. No system is perfectly secure, but we work to keep your data safe.

8. Cookies

We use cookies and similar technologies that are strictly necessary to keep you signed in and remember your preferences. We may also use limited analytics cookies to understand product usage in aggregate. You can manage cookies through your browser settings; disabling essential cookies may break parts of the Service.

9. Children

The Service is not intended for children under 18, and we do not knowingly collect personal data from them.

10. Changes to this Notice

We may update this Privacy Notice from time to time. Material changes will be communicated in-app or by email.

11. Contact

Privacy questions? Email privacy@glpjourney.app or write to GLP Z INC.