Suppli — Privacy Policy

Suppli — Privacy Policy

Suppli

This Privacy Policy explains how Suppli (@SuppliTrackBot), a supplement-intake tracking bot operated by a small independent team, handles your data.

Who we are

Suppli is operated by a small independent team acting as the data controllers. Contact: use the /feedback command in the bot.

What we collect

  • Your Telegram ID, name, and username
  • A referral/source code, if you opened the bot via a referral link
  • Supplements you add — their purpose, dose, and schedule
  • Your intake history
  • Menstrual cycle data — only if you enable cycle tracking
  • Your city — only if you set it; used to determine your local time zone
  • Payment records (Telegram Stars)

Why we use it

To send reminders, track your progress, determine your local time zone, and provide optional AI-generated tips.

Who processes your data

These are service providers, not buyers of your data. OpenAI (USA) — to power import and AI features, it receives the full text of any file you import (which may include other details the file contains, such as your nutritionist's contact information), your supplement names, purposes, and doses, your adherence (which reminders you complete), and your city (to determine your time zone). OpenAI does not receive your cycle-tracking entries (the dates and cycle day you log), your name, or your Telegram ID. If you import a plan that mentions cycle phases, that text is processed as part of the imported file. Telegram delivers all messages. Railway provides hosting. We do NOT sell your data or share it for advertising, and we have no corporate affiliates.

Data security

We use reasonable technical and organizational measures to protect your data and to limit who can access it.

Data retention

We keep your data while your account is active. When you import a file, its raw text is deleted once the import is completed or cancelled. Detailed daily intake history older than 18 months is deleted automatically. You can delete everything at any time.

Before we collect any health data, the bot shows you a consent screen — on your first /start, with a prominent link to this Privacy Policy. We begin collecting and processing your data only after you tap 'I agree to processing my health data.' This is a separate, clear affirmative act; we do not bundle this consent into any general terms of use. The same consent is required before you add a supplement or import a plan.

Cycle tracking requires its own separate consent: when you turn it on, the bot shows a dedicated consent screen, and cycle data is processed only after you tap 'I consent to processing my cycle data.' We record each consent together with the policy version and the date you granted it. You can withdraw consent at any time — see Your rights below.

Your rights

Export your data with /mydata. Delete your data and withdraw consent with /deletedata. You can withdraw consent for cycle tracking at any time by turning cycle tracking off. We will not discriminate against you for exercising your rights. All of this works directly in the bot.

Appeals

Your rights to access, export, and delete your data and to withdraw consent work instantly in the bot (/mydata, /deletedata). If you believe we have not fulfilled your request, you can appeal by messaging us via /feedback; we will review the appeal and respond in writing within 45 days. If we deny your appeal, we explain why and give you a way to submit a complaint to the Washington State Attorney General at atg.wa.gov/file-complaint.

Age

This service is for adults 18+ and is not intended for anyone under 18.

See also our Consumer Health Data Privacy Policy.

Last updated: 20 June 2026.

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org