Privacy Policy
This Privacy Policy explains how PixelPort LLC(“Myo,” “we,” “us,” or “our”) collects, uses, discloses, and protects your information when you use the Myo mobile application (the “App”).
Myo is a tracking and educational tool for people using GLP-1 medications and peptides. Myo is not a medical device, not a healthcare provider, and not a HIPAA-covered entity (see Section 12). Please also read our Terms of Service.
1. Who We Are (Data Controller / Business)
The data controller (GDPR) and the business responsible for your information (CCPA/CPRA) is:
PixelPort LLC
7901 4th St N, Ste 300, St. Petersburg, FL 33702, United States
Contact: [email protected]
2. Health Data and Other Categories We Collect
Myo is built around sensitive health-tracking data that you enter or authorize. We collect:
Health and wellness data (you provide or authorize)
- Injection / dose logs: medication name (including brand names such as Ozempic, Wegovy, Mounjaro, Zepbound), dose amount and units, injection site, date and time.
- Reconstitution and dose-helper inputs: vial concentration, volumes, and related logging values you enter.
- Side effects and symptoms you log.
- Weight and body-composition data: body weight, body fat, lean/muscle mass, measurements, and related metrics you enter, import from a smart scale, or import from a DEXA/InBody scan.
- Nutrition data: meals, protein, calories, water, and related values you log, including from the optional Smart Photo feature (Section 6).
- Medication-level (PK) estimates: values Myo derives from your logged doses using a population-average pharmacokinetic model. These are estimates, not measurements of your actual drug levels.
- Apple HealthKit imports: with your explicit permission, data you authorize Myo to read from HealthKit (for example, body weight, body composition, nutrition, or workouts). See Section 4 for the special restrictions that apply to this data.
Account and operational data
- Account identifiers: by default Myo uses a stable anonymous identifier and stores your data on your device. If you choose to sign in, we process the Apple or Google sign-in identifier you authorize, solely to keep your access tied to that account.
- Subscription / purchase data: subscription status, transaction identifiers, and entitlement state managed through RevenueCat and Apple (we do not receive your full payment card details).
- Device and technical data: device model, OS version, app version, language, and a device identifier where collected.
- Diagnostics and analytics: crash reports, performance data, and anonymous, health-data-free usage/event data. You can turn usage analytics off at any time in Settings.
We do not intentionally collect data from anyone under 18 (see Section 11).
3. How We Use Your Data and Our Legal Bases
We use your data to: provide and operate the App’s tracking, logging, estimation, body-composition, and nutrition features; sync your data across your devices when you enable iCloud Sync; process and manage subscriptions; provide support; maintain security and prevent fraud and abuse; diagnose crashes and improve reliability; and comply with law.
Where a legal basis is required (e.g., GDPR, UK GDPR, and the Washington My Health My Data Act), we rely on:
- Explicit consent for processing of health and other sensitive data (GDPR Article 9; MHMDA opt-in to collect; separate opt-in to share). You may withdraw consent at any time (Sections 14 / 16).
- Performance of a contract to provide the App and the features you request and to manage your subscription.
- Legitimate interests for limited, non-health purposes such as security, fraud prevention, crash diagnostics, and aggregate, non-identifying product analytics, balanced against your rights, and never applied to your health data for advertising.
- Legal obligation where we must retain or disclose data to comply with law.
We do not sell your health data, and we do not use it for cross-context behavioral advertising.
4. Apple HealthKit, Data-Use Restrictions
- HealthKit data is used only to provide core App features you have requested (for example, importing body weight, body composition, nutrition, or workouts to track your trends).
- HealthKit data is never used for advertising or any use-based data mining, and is never shared with data brokers or advertising networks or platforms.
- HealthKit data is not stored in iCloud or any cloud service outside of HealthKit’s own encrypted sync. (Data you enter directly into Myo that is not HealthKit data may be synced via CloudKit; see Section 5.)
- We do not write false or inaccurate data back to HealthKit.
- You control HealthKit permissions and can revoke Myo’s access at any time in the iOS Settings / Health app.
5. Third Parties and What Each Receives
We share data only with the limited set of service providers (processors) needed to run the App, and only the data each needs for its function. We do not sell your data.
| Service provider | Purpose | Data it receives |
|---|---|---|
| RevenueCat | Subscription management and entitlements | App user ID, subscription/transaction status and identifiers, device/platform metadata. Does not receive your health logs. |
| Apple App Store | Payment processing and subscription billing | Handled by Apple under Apple’s terms; we receive transaction/entitlement status, not full payment details. |
| Apple iCloud / CloudKit | Optional cloud sync and backup of your in-app data across your devices | Your Myo app data (logs, body-composition entries, settings) stored in yourprivate CloudKit database, subject to Apple’s encryption and terms. Only active when you enable iCloud Sync. |
| Google Firebase(Crashlytics & Analytics) | Crash reporting, performance, and anonymous usage analytics | Crash logs, device/OS/app-version data, and non-health event/usage data. Configured to exclude health-data content. Off-able in Settings. |
| Smart Photo server (operated by PixelPort LLC, with a third-party AI model provider) | Optional cloud meal-photo nutrition estimate (Section 6) | Only the meal photo you choose, when Smart Photo (cloud) is turned on. Off by default. No identity or health logs are attached. |
We may also disclose data to comply with law, enforce our Terms, protect rights and safety, or in connection with a corporate transaction (merger, acquisition, or asset sale), in which case we will notify you and honor this policy or provide notice of any change. We require our processors by contract to protect your data, use it only on our instructions, and not use it for their own purposes.
6. Smart Photo (Cloud Meal Estimate)
Smart Photo (cloud) is an optional, off-by-default feature that estimates the nutrition (such as protein and calories) of a food photo. When you turn it on and use it:
- The photo you choose is sent to our server, which uses a third-party AI model, solely to return a nutrition estimate to you.
- The request is not tied to your identity or your health logs, and the photo is processed transiently to generate the estimate.
- You can leave Smart Photo (cloud) off and use on-device estimation or manual entry instead. The estimate is informational only and is not medical or dietary advice; see our Terms of Service.
7. Data Retention, Deletion, and In-App Deletion
- Account and health-tracking data: kept on your device while you use the App. If iCloud Sync is on, it is also in your private iCloud. On account/data deletion, removed from our active systems within 30 days, and from backups within 90 days.
- Subscription / transaction records: retained as required for financial, tax, and legal recordkeeping (typically up to 7 years).
- Crash / analytics data: retained per provider defaults (generally up to 14 months) and held without health-data content.
In-app deletion: You can delete your account and all associated data directly within the App (Settings → Account → Delete account, and “Delete all my data”), satisfying Apple App Store Guideline §5.1.1(v). You can also delete individual logs at any time. To request deletion by email, contact [email protected]. HealthKit-sourced and iCloud-synced data are additionally controlled through iOS and your Apple ID settings.
8. Your Consumer Rights (General)
Depending on where you live, you may have rights to: access the data we hold about you; correct inaccurate data; delete your data; obtain a portable copy; withdraw consent; opt out of any sale or sharing (we do not sell health data); and not be discriminated against for exercising a right. To exercise any right, contact [email protected] or use the in-app controls. We will verify your request and respond within the timeframes required by applicable law (see the regional sections below).
9. Data Security
We use administrative, technical, and organizational safeguards designed to protect your data, including encryption in transit and at rest where applicable, access controls, on-device storage by default, and use of Apple’s CloudKit private database for synced data. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10. FTC Health Breach Notification Rule, Breach Response
Myo may be subject to the U.S. FTC Health Breach Notification Rule (HBNR) because it can draw health data from multiple sources (your inputs plus HealthKit). Under the HBNR:
- A “breach” includes any unauthorized acquisition or disclosure of your identifiable health information, including disclosure beyond what this Privacy Policy permits.
- If a breach affecting your unsecured identifiable health information occurs, we will notify affected individuals without unreasonable delay and no later than 60 calendar days after discovery.
- We will notify the FTC within the timeframe required by the Rule, and where 500 or more individuals are affected we will notify the FTC at the same time as the individual notices.
- Notices will describe what happened, the types of information involved, steps you can take, and what we are doing in response.
11. Children’s Data
Myo is intended only for users aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn we have collected data from a person under 18, we will delete it. If you believe a minor has provided us data, contact [email protected].
12. HIPAA Clarification
Myo is not a HIPAA-covered entity and is not a business associate of one. We do not provide healthcare, and using Myo does not make us subject to HIPAA. Your data is instead protected under this Privacy Policy and applicable consumer and state privacy laws (such as the Washington My Health My Data Act and the California Consumer Privacy Act, as amended). We do not claim to be “HIPAA compliant,” and we do not sell your health data.
13. International Data Transfers
We are based in the United States, and our processors may store or process data in the United States and other countries. Where we transfer data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, as applicable. See Section 18 for EEA/UK-specific rights.
14. Changes to This Policy
We may update this Privacy Policy. If we make material changes, we will update the effective date above and, where required, provide additional notice or seek renewed consent. Your continued use of the App after an update means you accept the revised policy, except where additional consent is required by law.
15. Contact Us
Questions, requests, or complaints: [email protected]
Mailing address: PixelPort LLC, 7901 4th St N, Ste 300, St. Petersburg, FL 33702, United States
16. Washington Residents, Consumer Health Data (My Health My Data Act)
This section is the consumer-health-data notice required by the Washington My Health My Data Act (MHMDA) and applies to Washington State residents and to consumer health data collected about them, regardless of where Myo is located.
Consumer health data we collect. For Myo this includes your medication and injection/dose logs (including GLP-1 medication use), side effects and symptoms, weight and body-composition data, body-measurement and DEXA-import data, nutrition data, derived medication-level estimates, and HealthKit-imported health data.
How we collect it. Directly from you (entries you make), from your authorized smart-scale/DEXA imports, and from Apple HealthKit with your permission.
Why we collect and use it. To provide the tracking, logging, estimation, body-composition, nutrition, and educational features you request; to sync your data across your devices when you enable it; for security and fraud prevention; and to provide support. We do not use consumer health data for advertising and do not sell it.
Who we share it with. Only the processors listed in Section 5, for the purposes stated there.
Consent.We collect your consumer health data only after obtaining your affirmative, opt-in consent; we obtain a separate affirmative opt-in before sharing where MHMDA requires it; we do not use deceptive designs (“dark patterns”); and you may withdraw consent at any time in-app or by contacting us.
Your MHMDA rights. You have the right to confirm whether we collect, share, or sell your consumer health data and access it; know the third parties with whom we share it; withdraw consent; and delete your consumer health data. We will respond to a verified request within 45 days (extendable by an additional 45 days with notice).
How to exercise. Use the in-app controls or contact [email protected]. We will not discriminate against you. If we deny a request, you may appeal by contacting [email protected]. Washington residents may also contact the Washington State Attorney General.
17. California Residents (CPRA)
This section applies to California residents under the CCPA, as amended by the CPRA.
Sensitive personal information.The health data described in Section 2 is sensitive personal information (“SPI”). We use SPI only to provide the features you request and for the purposes in Section 3, not to infer characteristics about you for advertising.
Your CPRA rights: know/access, delete, correct, portability, limit the use and disclosure of SPI, opt out of sale/sharing (we do not sell or share your personal information for cross-context behavioral advertising; we honor Global Privacy Control signals where applicable), and non-discrimination.
How to exercise. Use the in-app controls or contact [email protected]. We respond within the timeframes required by the CCPA/CPRA (generally 45 days, extendable by 45 with notice). You may use an authorized agent.
18. EEA / UK Residents (GDPR / UK GDPR)
This section applies to individuals in the EEA, the UK, and Switzerland.
Special category data and explicit consent.Your health data is “special category” data under Article 9 GDPR (and the UK GDPR equivalent). We process it on the basis of your explicit consent, requested separately, unbundled, and withdrawable at any time. Withdrawal does not affect processing before withdrawal.
Your rights: access, rectification, erasure, restriction, portability, objection, rights related to automated decision-making (we do not use solely automated decisions producing legal or similarly significant effects), and withdrawal of consent. Contact [email protected].
International transfers out of the EEA/UK/Switzerland are protected by the Standard Contractual Clauses and the UK International Data Transfer Addendum, as applicable (Section 13).
Complaints.You may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office; in the EEA, your national Data Protection Authority).
Terms of Service · [email protected]
© 2026 PixelPort LLC. Myo is not affiliated with, endorsed by, or sponsored by any GLP-1 manufacturer.