Privacy Policy for Shot

Effective date: July 5, 2026

1. Who we are

Shot ("the app", "we", "us", "our") is an iOS application designed to help people who take GLP-1 medications keep track of their own doses, weight, protein intake, side effects, and daily notes.

Shot is built and maintained by Jakub Zitko, an independent solo developer. Shot is not operated by a company and does not maintain a physical office.

If you have any questions about this policy or how your data is handled, please contact us at jakub.zitko@icloud.com.

2. The short version

Shot was built with a simple privacy principle: your data stays on your device.

The rest of this policy explains that in more detail so you can verify it for yourself.

3. What data Shot processes

3.1 Data you enter into the app

When you use Shot, you may choose to enter the following types of information:

All of this information is stored in a local SwiftData database on your device. It is never uploaded to a server operated by us. It is not synchronized to iCloud by Shot (Shot does not currently integrate CloudKit sync).

3.2 Apple HealthKit

If you grant Shot permission to use Apple HealthKit, Shot will interact with the following HealthKit data types on your device:

Read (with your permission):

Write (with your permission):

HealthKit data lives inside Apple's secure HealthKit store on your device. Shot reads it only to display it inside the app and writes to it only when you log a matching entry (for example, adding a weight in Shot can also write to HealthKit if you have enabled that).

Shot never transmits HealthKit data off of your device. In line with Apple's HealthKit terms, Shot does not use HealthKit data for advertising, marketing, or data mining, and does not disclose HealthKit data to any third party.

You may revoke HealthKit permissions at any time via the iOS Settings app under Privacy & Security > Health > Shot.

3.3 Local notifications

Shot can schedule local notifications on your device to remind you about upcoming shots or protein goals. These notifications are generated entirely on your device using Apple's UNUserNotificationCenter API. No push notification server is involved and no notification content is transmitted off your device.

3.4 In-app purchases (StoreKit 2)

Shot offers optional premium features via in-app purchase. All billing is handled directly by Apple through StoreKit 2. Shot receives an entitlement receipt on your device to know whether your subscription is active, but does not receive your name, email, billing address, or payment method. Refunds and subscription management are handled through your Apple ID.

3.5 App Groups (widget support)

Shot uses an App Group container (group.com.shothealth.shot) to share a small snapshot of your most recent shot with the Shot Home Screen widget on the same device. This data never leaves your device.

3.6 What Shot does NOT collect

To be explicit, Shot does not:

If Apple's own operating system offers to send anonymized crash reports to developers and you have opted in system-wide, Apple may share aggregated crash traces with us via App Store Connect. These reports do not contain your health data.

4. How we use the data

Shot uses the data on your device only to power the features you have activated:

We do not use your data for advertising, profiling, or model training.

5. Storage and retention

Because your data lives on your device, you control retention.

6. Third parties

The only third party involved in operating Shot is Apple. Apple is responsible for:

Apple's handling of your information is governed by Apple's own privacy policy, which is available at apple.com/legal/privacy.

Shot does not integrate any other third-party service.

7. Your rights

Depending on where you live, you may have rights under laws like the GDPR (EU/UK), the CCPA/CPRA (California), or similar frameworks. Because Shot does not store your data on a server, most of these rights are exercised directly by you on your device:

If you would like additional help exercising any right, please email jakub.zitko@icloud.com.

8. Children

Shot is intended for adults who have been prescribed a GLP-1 medication by a licensed healthcare provider. Shot is not directed at children under 13. Shot is available on the App Store to users aged 12 and older when downloaded through a parent or guardian's App Store account with their supervision. If you believe a child under 13 has provided personal information via Shot, please contact jakub.zitko@icloud.com and we will help you erase that data.

9. Security

We rely on the security features built into iOS: sandboxing, keychain, HealthKit encryption at rest, and (when you enable it) device-level passcode / Face ID / Touch ID. Because no data leaves your device, there is no server for us to breach.

We recommend that you protect your device with a passcode and keep iOS up to date.

10. International users

Shot is available worldwide on the App Store. Because data is stored on your device, no cross-border transfer of personal data takes place through Shot itself. Any transfer that occurs is between you, Apple, and the country in which you use your device, and is governed by Apple's privacy policy.

11. Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect new iOS capabilities or new features in Shot. When we do, we will:

Continued use of Shot after an update means you accept the revised policy. If you disagree, you can uninstall Shot at any time.

12. Contact

For any question, concern, or request related to your privacy, please contact:

Jakub Zitko Email: jakub.zitko@icloud.com

We will do our best to respond within a reasonable time.