Tiro · Legal

Privacy Policy

Last updated July 6, 2026

Your health data is yours. This policy explains, in plain language, exactly what Tiro collects, what stays on your device, and how to get your data out or delete it entirely.

1. Introduction and scope

This policy explains how Tiro (“we”, “us”) collects, uses, and protects your information when you use the Tiro mobile app and this website. Tiro is a GLP-1 tracking companion — it is not a medical device and does not provide medical advice. By using Tiro you agree to this policy.

2. The data we collect, and why

We collect only what the app needs to work for you:

  • Health tracking you enter — doses, weights, measurements, symptoms, meals, and protein — so the app can show your trends and reminders.
  • Account basics — if you create an account, an email address to sign in and sync across devices.
  • Diagnostics — anonymized crash and performance data to fix bugs. You can opt out in Settings.

We never sell your data, and we do not run third-party advertising.

3. On-device data vs. transmitted data

Wherever possible, your data stays on your device. Tracking data is synced to your private account only if you enable sync. Analytics are anonymized and aggregated. Sensitive inputs are never shared with advertisers or data brokers.

4. Body-scan photos never leave your device

If you use the camera body scan, the photos and the 3D mesh are processed entirely on your device. The images are not uploaded to our servers and are not shared with any third party. Only the numeric measurements you choose to save are stored in your account, and only if sync is on.

5. Third parties and sub-processors

We use a small set of infrastructure providers to run the app (for example, cloud hosting, crash reporting, and — if you subscribe — the App Store for payments). These providers process data only on our instructions. A current list is available on request at the contact below.

6. Legal bases for processing (GDPR)

Where GDPR applies, we process your data on the basis of your consent (which you can withdraw at any time), to perform our contract with you (providing the app), and our legitimate interest in keeping the app secure and functional. Health data is processed only with your explicit consent.

7. Data retention

We keep your data for as long as your account is active. When you delete your account, your personal data is deleted from our systems within 30 days, except where we are legally required to retain limited records.

8. Your rights and how to exercise them

You can access, export, correct, or delete your data at any time — most of this is available directly in the app under Settings. You can also permanently delete your account and data from the account deletion page or by emailing us. Depending on your region you may have additional rights under GDPR or local law.

9. Children's privacy

Tiro is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a minor has used the app, contact us and we will delete the data.

10. International data transfers

If data is transferred outside your region, we use appropriate safeguards (such as standard contractual clauses) to protect it in line with applicable law.

11. Security

We use encryption in transit, access controls, and reputable infrastructure providers to protect your data. No system is perfectly secure, but we work to protect your information and will notify you of a breach where required by law.

12. Changes to this policy

We may update this policy as the app evolves. Material changes will be highlighted in the app or on this page, and the “last updated” date above will change.

13. Contact us

Questions about privacy? Email support@tiro.app and we'll help.