Privacy Policy

Effective date: April 12, 2026

The short version: Terpeal stores all your data locally on your device. We don't have accounts, we don't collect analytics, and we never see your health data. The only network feature — COA scanning — processes images through a secure proxy and never stores them.

1. Who We Are

Terpeal is a mobile application developed by Terpeal ("we," "us," or "our") that helps medical cannabis patients track sessions, symptoms, and terpene profiles. This policy explains how the app handles your information.

2. Information We Collect

We do not collect personal information. Terpeal has no user accounts, no sign-up process, and no cloud database. All data you enter — sessions, symptom scores, products, and notes — is stored in a local SQLite database on your device and never transmitted to us.

The only identifier we store server-side is a randomly generated device ID used to track your included COA scan count. This ID is not linked to your name, health data, or any other personal information. It exists solely to manage your scan allowance.

Specifically, Terpeal does not collect:

Names, email addresses, or contact information
Location or GPS data
Advertising IDs or hardware identifiers
Usage analytics or behavioral data

3. Local Data Storage

All information you enter into Terpeal is stored exclusively on your device using a local SQLite database. This includes:

Session logs (before/after symptom scores, timestamps, notes)
Product details (strain names, terpene profiles, ratings)
CBD product tracking and journal notes
Dispensary information
Photos you attach to products or notes

This data never leaves your device unless you explicitly choose to export it (see Section 6).

4. COA Scanning Feature

The COA (Certificate of Analysis) scanner is the only feature that contacts an external server. When you use it:

Your photo is sent through a secure, encrypted proxy for text extraction
The image is processed in real time and never stored on any server
A randomly generated device identifier is sent with the request to track your included scan count — this ID is not linked to your identity, health data, or any other personal information
Extracted data is returned to your device and stored only in your local database

Your purchase includes 50 COA scans. Additional scan packs and an unlimited scanning subscription are available if you need more. You can always enter terpene data manually at no cost. You can use Terpeal fully without ever using the COA scanner.

5. Third-Party Services

Terpeal does not include:

Third-party analytics SDKs (no Google Analytics, Firebase Analytics, Mixpanel, etc.)
Advertising SDKs or ad networks
Social media trackers
Crash reporting services that transmit personal data

The app is distributed through the Google Play Store, which may collect its own data as described in Google's Privacy Policy. This is outside our control and is not part of Terpeal's functionality.

6. Your Rights and Data Control

Because your data is stored locally, you have full control over it at all times:

Export: You can export your session data at any time from within the app
Import: You can import previously exported data when switching devices
Delete: You can delete individual sessions, products, or all data from within the app. Uninstalling the app removes all data permanently
Access: All data you've entered is visible and accessible to you directly within the app

We cannot access, retrieve, or restore your data because we never have it in the first place.

7. Health Information

Terpeal is designed to help you track your personal wellness information. While the app records symptom scores and session data, this information is stored only on your device and is never transmitted to or accessible by us.

In compliance with the FTC Health Breach Notification Rule (16 CFR Part 318): because Terpeal does not maintain health data on servers or in the cloud, the risk of a data breach involving your health information from our systems is effectively zero. In the unlikely event that a security issue affecting locally stored data is discovered (for example, through the COA scanning proxy), we will notify affected users promptly through app updates and our website.

Under the Mississippi Medical Cannabis Act, patient data is treated as confidential. Terpeal's local-only architecture is designed to respect this confidentiality — your medical cannabis usage data stays on your device and is never shared with us or any third party.

Terpeal is not a medical device and does not provide medical advice. Always consult your physician or certifying practitioner regarding your medical cannabis treatment.

8. Children's Privacy

Terpeal is intended for adults who are legal medical cannabis patients. We do not knowingly provide the app to, or collect information from, anyone under the age of 18. If you believe a minor is using the app, please contact us so we can address the situation.

9. Data Security

Your data is protected by your device's built-in security (screen lock, encryption, biometrics). Since data is stored locally and not transmitted to our servers, the primary security boundary is your device itself. We recommend:

Keeping your device's operating system up to date
Using a screen lock (PIN, pattern, fingerprint, or face unlock)
Regularly exporting your data as a backup

10. Changes to This Policy

If we make material changes to this privacy policy, we will update this page and revise the effective date above. If a future version of Terpeal introduces any network features beyond COA scanning, we will update this policy before those features are released and notify users through the app.

11. Contact Us

If you have questions about this privacy policy or how Terpeal handles your data, contact us at:

hello@terpeal.com