Is the calculator really free?

Yes. The reconstitution calculator is free forever, no purchase required. You can save one vial and one active protocol on the free tier. Premium unlocks unlimited protocols, full history, body metrics, bloodwork, progress photos, and Vial AI.

All protocol data, logs, and metrics are stored on your device. Nothing is uploaded. No account is required. Vial does not track you across other apps or websites.

What peptides are supported?

BPC-157, TB-500, CJC-1295 (with and without DAC), Ipamorelin, GHK-Cu, Semaglutide, Tirzepatide, Retatrutide, Epitalon, NAD+, MOTS-c, Tesamorelin, Sermorelin, PT-141, plus testosterone and HCG for TRT users. Custom peptide entry is supported for anything not in the preset list.

Vial Monthly is $14.99. Vial Yearly is $49.99 ($29.99 first year for new subscribers). Vial Lifetime is $99.99 one-time. AI coach is included with all paid tiers. The reconstitution calculator stays free.

Does Vial AI replace my doctor?

No. Vial AI is educational only. It cannot diagnose, prescribe, or recommend a specific dose. It is configured to refuse personalized clinical questions and redirect to your prescriber.

Does it work offline?

Yes. The calculator and tracker are fully local. Vial AI requires an internet connection because it streams responses from a hosted model.

Vial: Peptide Tracker / Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes how Vial (operated by Fabio Jonathan Arifin via EchoForge, the "Operator") handles information when you use the Vial iOS application. We built Vial to be local-first: your protocol data lives on your device and never reaches our servers.

Contact

Operator: Fabio Jonathan Arifin (EchoForge)
Email: support@echoforge.to

Your Protocol Data Stays on Your Device

All protocol data, injection logs, vial configurations, body metrics, bloodwork values, progress photos, and chat history are stored exclusively on your device using on-device SQLite. This data is never uploaded to any server, never synced to the cloud, and never accessible by us. No account is required to use Vial.

Apple Privacy Nutrition Label Summary

Data Used to Track You: None by default. If we run paid advertising campaigns, the Singular attribution SDK may collect IDFA and link Purchase History to it solely to measure which ad campaign drove your install or purchase. This requires your explicit consent through the iOS App Tracking Transparency prompt. If you decline, no IDFA-based tracking occurs.
Data Linked to You (App Functionality): a stable per-device identifier (iOS Vendor ID, IDFV — not the advertising identifier), Purchase History (RevenueCat keyed to the IDFV), Health (peptide protocol context sent to Vial AI keyed to the IDFV), and User Content (Vial AI chat messages keyed to the IDFV). We do not collect names, emails, account IDs, or any cross-app advertising identifier in this configuration.
Data Not Linked to You (Analytics): Product Interaction, Crash Data, and Performance Data via PostHog. PostHog uses its own anonymous identifier separate from the rest of the stack.
Data Not Collected: Apple Health imports (read-only on device, never uploaded), location, contacts, financial info, your free-text notes, your peptide protocol history (stays on device), and your name / email / phone (no auth or contact form).

Information We Collect

Anonymous usage analytics. Pseudonymized events (e.g. which features are used, session duration, in-app errors) collected via PostHog. PostHog is configured without IDFA access. Events are not linked to your real-world identity. Used to fix bugs and prioritize features.
Crash and diagnostic data. Anonymous crash and performance data via PostHog error tracking. Not linked to your identity.
Purchase and entitlement status. Whether you have purchased a subscription or the lifetime in-app purchase, managed via RevenueCat. We do not receive, store, or process your payment card information. Apple processes the purchase.

Information We Do Not Collect

Your name, email address, or any account credentials
Your peptide protocols, injection logs, body metrics, bloodwork values, progress photos, or dose history
Your real-time location
Apple Health data (read-only, only with explicit grant, never uploaded)
Any IDFA, advertising identifier, or cross-app tracking signal

We Do Not Sell or Share Your Data

We do not sell your personal information. We do not share your data with advertisers, data brokers, or analytics aggregators. We do not engage in cross-app tracking. We have not built and do not maintain any advertising profile of you.

Third-Party Service Providers

Vial uses the following third-party providers, each with a defined role and minimal data exposure:

Apple App Store / RevenueCat. Subscription and purchase entitlement management. RevenueCat receives a transaction identifier, your subscription status, and the iOS Vendor ID (IDFV) for your device, which is used as an anonymous identifier. IDFV is not the advertising identifier (IDFA) and is reset when all apps from the same vendor are uninstalled. RevenueCat does not receive your name, email, or payment card data. See RevenueCat's privacy policy.
PostHog. Anonymous product analytics and crash reporting. Events use a randomly generated device fingerprint, not a personal identifier. You can disable analytics from Settings inside the app. See PostHog's privacy policy.
Cloudflare Workers. Used only when you send a message to Vial AI. The Worker receives your message, your active protocol context (peptide, dose, schedule), and a per-device rate limit identifier so we can prevent abuse. The Worker does not store message content. See Cloudflare's privacy policy.
OpenRouter and OpenAI. The Worker forwards your Vial AI message to OpenAI via OpenRouter for processing. Messages are used solely to generate the response and are not used for AI model training. See OpenRouter and OpenAI privacy policies.
Singular (only when paid ads are running). Mobile attribution provider. When enabled, Singular receives a device identifier and, if you grant the iOS App Tracking Transparency prompt, your IDFA. Used solely to measure which paid ad campaign drove your install and which campaigns convert into purchases. Not enabled in builds where the Singular SDK key is not configured. See Singular's privacy policy.

These providers may process data in the United States or other jurisdictions. We do not share your data with any other third parties.

Vial AI (Available with Vial)

When you use Vial AI, your message and a small amount of structured protocol context (active peptide name, dose, schedule, last logged dose, recent injection sites, side effects logged in the last 14 days) are transmitted from your device to Cloudflare Workers, then to OpenRouter, then to OpenAI for processing. The response is streamed back to your device. We do not store messages on our servers. OpenAI and OpenRouter process under their own privacy policies and do not use your messages to train models. You can clear your chat history at any time from within the app.

A consent sheet appears before your first Vial AI message disclosing this data flow. Your consent is recorded with a timestamp on your device. You can decline and continue to use the rest of Vial.

Vial AI is educational only. It is not medical advice, cannot diagnose, cannot prescribe, and cannot recommend a specific dose. Responses can contain inaccuracies. Always consult a licensed clinician for your specific situation.

Apple Health

Vial offers an optional, read-only integration with Apple Health to import your weight history. The integration runs only with your explicit grant and only on your device. Imported values are stored locally and are never uploaded to our servers or any third party.

Purchases and Payments

All purchases are processed through the Apple App Store. We do not handle or store payment card data. Subscription management and cancellation are done through your Apple ID account settings. Refund requests are subject to Apple's refund policies.

Data Retention

Your on-device data persists until you delete the app or use the "Reset all data" option in Settings. Anonymous analytics events are retained by PostHog for up to 12 months. RevenueCat retains purchase records for the duration required to manage your subscription and as required by law.

Your Rights (GDPR, UK GDPR, and Applicable Privacy Laws)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar protections, you have the following rights with respect to personal data we process:

Access. All your protocol and log data is on your device and accessible directly inside the app. To request a copy of any anonymous analytics events tied to your device fingerprint, email us.
Erasure.Delete all on-device data via Settings → "Reset all data". To request deletion of anonymous analytics records or RevenueCat purchase records, email us.
Rectification. Edit your data directly in the app.
Restriction and objection. Disable analytics from Settings. You may also email us to object to any processing.
Portability. Use the in-app CSV export to receive a structured copy of your protocols and logs.
Lodge a complaint. You may complain to your local data protection authority. We hope you contact us first.

California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to non- discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise any right, email support@echoforge.to. We will respond within 45 days.

Do Not Track and Global Privacy Control

Vial does not engage in cross-context behavioral tracking and does not change behavior in response to Do Not Track or Global Privacy Control signals because no such tracking exists in the app to disable.

Security

Your protocol data does not leave your device, so it is protected by your device's own security (passcode, Face ID, Secure Enclave). Communications with third-party services use TLS encryption in transit. The Cloudflare Worker enforces a per-device daily rate limit and validates an app-level shared secret on every request. No system is perfectly secure, but our local-first approach significantly limits exposure.

Children's Privacy

Vial is rated 18+ on iOS 26+ (17+ on earlier iOS) and is not intended for anyone under 18. We do not knowingly collect any data from minors. If you believe we have, email us and we will delete the records.

International Transfers

Our third-party service providers are located primarily in the United States. By using Vial outside the United States, you acknowledge that anonymous analytics, purchase records, and (if you use Vial AI) message content may be processed in the United States.

Medical Disclaimer

Vial is an informational tracking and calculation tool. It does not provide medical advice and is not a substitute for consultation with a licensed healthcare provider. Always follow the guidance of your physician or compounding pharmacist.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app and reflected in the "Last updated" date above.

Contact

Questions or requests: support@echoforge.to