English
Download

Who can see your GLP-1 data? A privacy guide to health tracking apps

The ShotLock team ·

Your GLP-1 log is not like your step count. It reveals a medical condition, a treatment, its dosage and its schedule — information you might not have shared with your employer, your insurer, or some of your family. Before that data goes into any app, it’s worth asking a question most app stores won’t answer for you: where does it actually live?

The three architectures

Health tracking apps cluster into three privacy models, and the differences are structural — no privacy-policy paragraph can undo an architecture.

  1. Account + cloud. Your data lives on the company’s servers, keyed to your identity. This enables web access and sync, but it means your medication history exists somewhere that can be breached, sold with the company, or compelled by legal process. You’re trusting both present and future owners.
  2. Account + cloud, “anonymized”. Better, but anonymization of longitudinal health data is notoriously weak — a weekly injection schedule plus a weight curve is close to a fingerprint.
  3. On-device, no account. Your data is stored in the app’s local storage on your phone, protected by your device’s encryption. There is no server copy to breach, sell or subpoena. The trade-off is honest: no web dashboard, and backup rides on your normal phone backup.

Questions that cut through marketing

  • Can I use the app without creating an account? (If no, there’s a server profile.)
  • Does the privacy policy reserve the right to share data with “partners” or use it for “research”? Vague nouns do heavy lifting.
  • Are there third-party trackers or ad SDKs in the app? App-store privacy labels give a first signal.
  • What happens when I delete the app — is deletion of the server copy documented?
  • Is the website equally restrained, or does it greet you with a fifty-toggle cookie wall?

Why we built ShotLock on-device

We chose the third architecture for ShotLock: no account, no cloud profile, health data on your device only. Purchases go through Apple; crash diagnostics are aggregate; that’s the complete list of what leaves the phone. Even the app-blocking protection runs on Apple’s Screen Time framework, which enforces blocks at the system level without ShotLock seeing your app activity.

The website follows the same philosophy — no analytics cookies, no trackers; the only cookies (set with consent) remember dark mode and language.

None of this is heroism. It’s just the recognition that the easiest data to protect is the data you never collect. When you evaluate any health app — including ours — judge the architecture, not the adjectives.

Your next shot is the one that matters.

Download ShotLock free, log your first shot in under a minute, and let your phone work for your routine instead of against it.

Download on the App Store Android coming soon