Joust
Log in Sign up
Legal

Privacy Policy

· Effective June 2, 2026

Prepdex Holdings LLC (“Joust,” “we,” “us,” or “our”) operates the Joust application and website at getjoust.app (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

For a plain-English explanation of how the encryption and key custody actually work, see our Privacy & Security page. This document is the formal version.

Our Approach to Privacy

Joust is designed around a principle that we think matters: the company that builds your health tracking tool should not be able to read your health data.

To achieve this, Joust uses client-side encryption for your tracked health information. Compounds, doses, schedules, bloodwork values, vials, goals, notes, and progress photos are encrypted on your device before they leave it. Our servers receive and store this information as ciphertext that we cannot decrypt.

We can see metadata about your account (your email address, when you signed up, your subscription status) and operational data needed to run the Service. We cannot see the substance of your protocols.

This architecture is deliberate. It means we cannot recover your encrypted data if you lose access to both your synced encryption key (described below) and your recovery phrase. It also means we cannot use your health data for any purpose, including improving the Service. The tradeoff is worth it.

Information We Collect

1.1 Account and Identity Information

Joust is passwordless. You sign in with Sign in with Apple or Sign in with Google. We do not create or store a password for you, and your Apple or Google credentials never reach our servers.

From your social sign-in we receive:

  • The email address associated with your Apple ID or Google account (which may be an Apple “Hide My Email” relay address if you choose that option at sign-in)
  • A provider-issued user identifier that Joust uses to recognize you on return visits
  • The date and time you created your Joust account

This identity information is held in our authentication system. It is not encrypted with your client-side master key because we need to use it to authenticate you, send you account emails, and provide the Service.

1.2 Subscription and Billing Information

When you start a trial or subscribe to Joust, we record:

  • Subscription plan, status, trial dates, and renewal/expiration dates
  • The platform your subscription is billed through (Apple in-app purchase on iOS)
  • A platform-specific customer or subscription identifier provided by the billing platform

Joust does not see, store, or process your payment card details. Payment is handled entirely by Apple through the App Store. We only see the subscription status Apple reports back to us.

We use RevenueCat as our subscription-state intermediary for iOS in-app purchases. RevenueCat receives the App Store purchase event from Apple and notifies our servers of changes to your subscription state.

1.3 Your Tracked Health Data (Encrypted)

When you use Joust to track your protocols, we receive and store the following categories of information as ciphertext only that we cannot decrypt:

  • Compounds you track (names, classes, doses, schedules, and titration steps)
  • Vials, inventory, concentrations, and reconstitution details
  • Logged doses, dose history, and skip reasons
  • Bloodwork values, reference ranges, and trends
  • Goals, side-effect observations, and personal notes
  • Progress photos

Encryption keys are derived from material available only to your devices. We do not have access to your master key. See section 4 (“Data Security”) below for the details.

1.4 Apple Health Data (Encrypted)

If you grant Joust permission, the iOS app reads selected metrics from Apple Health (such as body weight, body composition, sleep, and other vitals you opt in to). This data is read into the app on your device and encrypted under your master key before it is written to our servers. We do not cache an unencrypted copy of your Apple Health data on our servers. You can revoke Apple Health access at any time in iOS Settings.

1.5 Bloodwork PDFs (Parsed Locally, Not Stored)

When you import a Quest or LabCorp lab PDF, the PDF is parsed entirely on your device by a local parser. Extracted values are encrypted with your master key before being saved to our servers. The PDF itself is never uploaded, stored, or sent to any third party or AI service.

1.6 Anonymized Diagnostics and Product Analytics

To keep the Service working well, Joust collects two narrow, anonymous telemetry streams:

  • Crash reports via Sentry, so we can fix bugs we would otherwise never see.
  • Product analytics via PostHog — a short list of lifecycle events (such as app opened, signed up, started a trial, completed a purchase, imported bloodwork) so we can tell whether the app is working for people.

Both streams are designed to never tie back to you or your protocol:

  • They are keyed to a random device-generated identifier created at install, not to your account, email address, or any other identifier of you.
  • The PostHog SDK is configured with autocapture, session replay, automatic pageview/pageleave capture, and identified-user tracking all disabled. Only the specific lifecycle events listed above are sent.
  • Before any event is sent, a scrubber strips any property whose key looks like it could be health data (matching patterns for dose, schedule, vial, bloodwork, compound, goal, email, or name). The Sentry SDK also runs through this scrubber, and we never set a Sentry user context. The intent is that protocol-shaped fields cannot leave your device by accident — only the event name and non-identifying metadata survive.

You can turn both telemetry streams off at any time in the app under Settings → Privacy → “Help improve Joust”, effective immediately and without restarting the app. This is also disclosed on our App Store privacy label, under “Data Not Linked to You.”

1.7 Marketing Website Analytics (getjoust.app)

The marketing website at getjoust.app uses PostHog to record basic pageview metrics so we can tell which pages people read and where they are arriving from. This is separate from the in-app analytics described above and is limited to:

  • Pageviews and page-leave events — which page on getjoust.app was loaded and when the visitor left it.
  • Referrer — the website you came from (for example, a social post or search engine), when your browser provides it.
  • UTM parameters — campaign tags appended to the URL, if any.

The PostHog web SDK on the marketing site is explicitly configured with session replay disabled, autocapture disabled, form and input capture disabled, dead-click and rageclick capture disabled, and exception autocapture disabled. No keystrokes, form contents, copied text, or in-page interactions other than the pageview itself are recorded. We do not identify visitors to the marketing site to their Joust account.

1.8 Communications

If you contact us for support, we keep a record of your message and our response. This helps us resolve issues and improve the Service.

How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your account and protect against unauthorized access
  • Process subscriptions, trials, and renewals
  • Respond to your questions and provide customer support
  • Send service-related emails (account confirmations, subscription notices, security alerts, important changes to the Service)
  • Detect and prevent fraud, abuse, and security threats
  • Analyze aggregate, anonymized usage to improve the Service
  • Comply with legal obligations

We do not:

  • Sell your data to anyone
  • Use your tracked health data to train artificial intelligence or machine learning models
  • Show you ads or share your information with advertisers
  • Run third-party advertising SDKs or cross-app trackers
  • Read or analyze your tracked health information (we cannot — it is encrypted)
  • Build a clinical record on you or share data with insurers, employers, or health systems

How We Share Information

We share information only with the parties described below, and only for the purposes described.

Service Providers

We use third-party providers to operate the Service. Each receives only the information it needs to perform its function:

  • Supabase — backend infrastructure, database, and authentication. Stores your account information and your encrypted health-data ciphertext. Receives encrypted blobs it cannot decrypt for the health-data fields.
  • Apple — Sign in with Apple identity verification; App Store in-app purchase billing for iOS subscribers.
  • Google — Sign in with Google identity verification.
  • RevenueCat — subscription-state intermediary for iOS in-app purchases. Receives App Store purchase events and reports subscription state back to Joust.
  • Stripe — payout processing for creators in the Joust referral program (Stripe Connect). Stripe receives the limited account and tax information required to pay a creator. Stripe is not used to process payments from subscribers.
  • Sentry — crash reporting. Receives technical error data with health-data-shaped fields removed by the on-device scrubber described above.
  • PostHog — product analytics. Receives the limited, anonymized iOS-app lifecycle events described in section 1.6 and the pageview/referrer/UTM data from the marketing site described in section 1.7.
  • Netlify — marketing-website hosting (getjoust.app). Receives standard web request data (IP address, user agent, requested URL) as part of serving the site.

We have contracts or terms with these providers requiring them to handle your information consistent with this Privacy Policy and applicable law.

We may disclose information when required by law, such as in response to a valid subpoena, court order, or government request. We will push back on overbroad requests and notify you when legally permitted.

Because we cannot decrypt your health data, any legal request seeking it would receive only ciphertext.

Business Transfers

If Joust is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

How Long We Keep Information

Account data. We keep your account information for as long as your account is active.

Encrypted health data. We keep your encrypted ciphertext for as long as your account is active. We cannot read this data, but we store it so you can.

Account deletion. When you delete your account, we purge your encrypted health data and personal account information from our active systems. Residual copies may remain in routine backups for a short period before they are cycled out. Account deletion is permanent and cannot be reversed.

Billing records. We retain billing records for as long as required by applicable tax and accounting laws (typically seven years in the United States).

Support communications. We retain support communications for up to two years to help us improve the Service.

Aggregated, anonymized analytics. Aggregated, non-identifying analytics may be retained indefinitely for product-improvement purposes.

Your Rights and Choices

Access and Export

You can access your data at any time through the Service. Because your health data is encrypted on your device, the app is the most reliable place to view it. We do not currently offer a one-tap “export everything” download; building that export is on our roadmap.

Correction

You can correct any information you have entered into the Service at any time through the app.

Deletion

You can delete individual entries through the app, or you can delete your entire account from the Service. Account deletion is permanent.

Subscription Cancellation

You can cancel your subscription at any time through the App Store: iOS Settings → Apple ID → Subscriptions.

Telemetry Opt-Out

You can disable crash reporting and product analytics at any time in Settings → Privacy → “Help improve Joust” inside the app.

Marketing Emails

If we ever send you marketing emails (we currently do not), you can opt out using the unsubscribe link in any such email. We will still send service-related emails (account confirmations, billing notices, security alerts) because they are necessary for the Service.

Cookies

The Joust app does not rely on third-party cookies. The marketing website at getjoust.app uses minimal first-party storage for site functionality and for the narrow PostHog pageview analytics described in section 1.7. We do not run third-party advertising cookies, cross-site trackers, or session-replay scripts on the marketing site.

Rights for Specific Jurisdictions

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we have collected about you
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share personal information)
  • Right to limit use of sensitive personal information (we do not use sensitive personal information beyond providing the Service)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at support@getjoust.app. We will verify your identity before fulfilling requests.

European Economic Area, United Kingdom, and Similar Jurisdictions

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar data protection laws, you have rights under applicable law including:

  • Access to your personal data
  • Rectification of inaccurate personal data
  • Erasure (right to be forgotten)
  • Restriction of processing
  • Data portability (within the limits described under “Access and Export” above)
  • Objection to processing based on legitimate interests
  • Withdrawal of consent where processing is based on consent
  • Lodging a complaint with your local data protection authority

The legal bases for our processing of your personal data are:

  • Performance of a contract — to provide the Service you’ve signed up for
  • Legitimate interests — limited usage data to improve the Service and ensure its security
  • Consent — for marketing communications (if we ever send them) and for any optional analytics features
  • Legal obligations — to comply with tax, accounting, and other laws

Joust is operated from the United States. By using the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

To exercise your rights, contact us at support@getjoust.app.

Children’s Privacy

The Service is not intended for anyone under 18. We do not knowingly collect information from individuals under 18. If we learn that we have collected information from someone under 18, we will delete it and terminate the account.

If you believe we have collected information from someone under 18, please contact us at support@getjoust.app.

Data Security

We protect your information using:

  • Client-side encryption. Every user-meaningful field is encrypted on your device before it is written to the database, using tweetnacl’s secretbox (XSalsa20-Poly1305 authenticated encryption) with a random 32-byte master key and a fresh per-value nonce. The server stores these columns as opaque ciphertext.
  • Key custody. Your master key never leaves your device in plaintext. On iOS, a separate 32-byte custody key is generated on your device and held in your iOS Keychain as a synchronizable item, so it syncs across your Apple devices through iCloud Keychain (which is itself end-to-end encrypted). Your master key is wrapped under this custody key, and only the wrapped version is stored on our servers.
  • 24-word recovery phrase. Every account has a 24-word BIP39 recovery phrase that acts as an independent backstop for unlocking your data on a device where the custody key isn’t available. You can reveal your phrase at any time in Settings → Recovery phrase; we never see it in plaintext.
  • Encryption in transit (TLS) for all communications with our servers.
  • Encryption at rest for data stored on our infrastructure.
  • Row-Level Security keyed to your authenticated user ID, so even the ciphertext is only ever returned to you.
  • Access controls limiting which contractors can access systems handling your data.
  • Regular security review of our systems and providers.

No security system is perfect. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post the updated policy on our website. The “Last updated” date at the top of this policy will reflect the most recent revision.

For changes that materially expand how we use your information, we will provide notice and, where required by law, obtain your consent.

Contact Us

For questions about this Privacy Policy or our privacy practices, contact:

Prepdex Holdings LLC Attn: Privacy support@getjoust.app

If you are in the European Economic Area or the United Kingdom and your concerns cannot be resolved by contacting us, you have the right to lodge a complaint with your local data protection authority.