Privacy Policy
01 Introduction and Scope
1.1 About This Policy
BioStackIQ ("the Platform," "we," "us," or "our") is operated as a health information and protocol planning service. This Privacy Policy governs the collection, processing, storage, and disclosure of personal data submitted by users ("you," "your") through the Platform located at biostackiq.com and any associated subdomains or services.
1.2 Scope of Application
This policy applies to all users of BioStackIQ, including registered account holders, visitors who access the Platform without creating an account, and any individuals whose personal data is processed in connection with use of the Platform. This policy does not apply to third-party websites or services that may be linked from the Platform.
1.3 Legal Basis
We are committed to processing personal data in accordance with applicable privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) as applicable to users in the European Economic Area, and other applicable state and federal privacy regulations in the United States.
02 Information We Collect
2.1 Information You Provide Directly
We collect personal information that you voluntarily provide when using the Platform, including:
- Account registration data: full name, email address, username, and password (stored in encrypted form)
- Profile information: age, biological sex, height, weight, dietary preferences, and health goals
- Protocol data: compounds, dosages, timing, and health objectives entered into the protocol builder
- Community content: posts, comments, replies, and any media you upload to the community feed
- Contact form submissions: name, email address, and message content submitted through our contact page
- Communications: any correspondence you send to our support team
2.2 Information Collected Automatically
When you access or use the Platform, we automatically collect certain technical information, including:
- Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
- Device information: device type, screen resolution, and browser version
- Usage data: features accessed, time spent on pages, and interaction patterns within the Platform
- Session data: authentication tokens and session identifiers used to maintain your logged-in state
2.3 Health and Wellness Data
BioStackIQ collects health-related information including body metrics, health goals, and supplement or compound protocols. This information is used solely to generate personalized protocol recommendations and improve the accuracy of AI-generated outputs. We treat health-related data with heightened sensitivity and do not sell or share this data with third parties for advertising or marketing purposes.
2.4 Information from Third-Party Services
We use Supabase as our database and authentication provider. When you create an account or sign in, authentication data is processed through Supabase's infrastructure. We do not receive or store your raw password. Please refer to Supabase's privacy policy for information about their data handling practices.
03 How We Use Your Information
3.1 Provision of Services
We use your personal information to:
- Create and maintain your account
- Generate personalized protocol recommendations using artificial intelligence
- Deliver AI-generated stack analyses and plan outputs
- Enable participation in the community feed including posting, commenting, and liking
- Process and respond to contact form submissions and support requests
- Send transactional emails including account confirmation, password resets, and account status notifications
3.2 Platform Improvement
We use aggregated and anonymized usage data to:
- Analyze Platform performance and identify areas for improvement
- Understand how users interact with features and content
- Improve the accuracy and relevance of AI-generated recommendations
- Monitor and address technical issues and security vulnerabilities
3.3 Safety and Moderation
We use content data and account information to:
- Enforce our Terms of Service and Community Guidelines
- Detect and prevent spam, abuse, harassment, and fraudulent activity
- Review flagged content and take moderation actions including suspension or removal
- Maintain the integrity and safety of the community
3.4 Legal Compliance
We may use or disclose your information as required to:
- Comply with applicable laws, regulations, or legal processes
- Respond to lawful requests from government authorities or law enforcement
- Protect the rights, property, or safety of BioStackIQ, its users, or the public
- Enforce our legal agreements and policies
04 How We Share Your Information
4.1 We Do Not Sell Your Data
BioStackIQ does not sell, rent, or trade your personal information to third parties for commercial or advertising purposes. This includes your health and wellness data, which is never shared with advertisers, data brokers, or marketing platforms.
4.2 Service Providers
We share limited personal data with trusted third-party service providers who assist in operating the Platform, subject to contractual confidentiality and data protection obligations. These providers include:
- Supabase: database infrastructure, authentication, and file storage
- Resend: transactional email delivery
- Anthropic: AI language model processing for protocol generation and community moderation (note: queries sent to the Anthropic API may include de-identified protocol data but do not include your name or contact information)
4.3 Affiliate Partners
BioStackIQ participates in affiliate marketing programs with supplement and compound suppliers. If you click an affiliate link on the Platform, the destination vendor may receive referral information indicating you arrived from BioStackIQ. We do not transmit your name, email address, health data, or any personal identifier to affiliate partners through these links.
4.4 Business Transfers
In the event of a merger, acquisition, sale of assets, or reorganization of the company, your personal data may be transferred as part of that transaction. We will notify you by email or prominent Platform notice before your data is transferred and becomes subject to a different privacy policy.
4.5 Legal Disclosures
We may disclose your personal information if required to do so by law or in good-faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of BioStackIQ, prevent or investigate possible wrongdoing in connection with the Platform, or protect the safety of users or the public.
05 Data Retention
5.1 Account Data
We retain your account data for as long as your account remains active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention or dispute resolution.
5.2 Community Content
Posts, comments, and community contributions you submit are retained as part of the Platform's community record. If you delete your account, your community content may be anonymized rather than deleted to preserve the integrity of community threads and conversations.
5.3 Log and Usage Data
Technical log data is retained for a maximum of 90 days for security monitoring and debugging purposes, after which it is deleted or anonymized.
5.4 Contact Form Submissions
Messages submitted through the contact form are retained for up to 12 months to allow for follow-up and to maintain a record of support interactions.
06 Data Security
6.1 Security Measures
BioStackIQ implements industry-standard technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encrypted data transmission using TLS/HTTPS for all Platform communications
- Encrypted storage of authentication credentials through Supabase's authentication system
- Row-level security policies on our database to ensure users can only access their own data
- Access controls limiting employee and system access to personal data on a need-to-know basis
- Regular security reviews of our infrastructure and third-party service configurations
6.2 Limitations
No method of electronic transmission or storage is completely secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users in accordance with applicable law.
07 Your Rights and Choices
7.1 Access and Correction
You have the right to access the personal information we hold about you and to request correction of any inaccurate or incomplete data. You can update most profile information directly through your account dashboard. For data not accessible through the dashboard, submit a request through our contact page.
7.2 Deletion
You have the right to request deletion of your personal data. You can delete your account through the dashboard settings. Upon account deletion, we will remove your personal data within 30 days subject to the retention exceptions described in Section 5. To submit a data deletion request, use the contact form and select "Privacy or data request" as the topic.
7.3 Data Portability
You have the right to receive a copy of your personal data in a structured, machine-readable format. To request a data export, contact us through the contact page with your request.
7.4 Opt-Out of Communications
You may opt out of non-essential communications from BioStackIQ at any time. Transactional emails such as account confirmations, password resets, and account status notifications are required for Platform operation and cannot be opted out of while your account is active.
7.5 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including:
- The right to know what personal information is collected and how it is used
- The right to delete personal information
- The right to opt out of the sale of personal information (note: BioStackIQ does not sell personal information)
- The right to non-discrimination for exercising your privacy rights
7.6 European Users (GDPR)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority.
08 Cookies and Tracking
We do not use third-party advertising cookies or tracking pixels. We use session cookies and local storage solely for the purpose of maintaining your authenticated session and storing your user preferences within the Platform. These are strictly necessary for the Platform to function and are not used for advertising or cross-site tracking.
You can configure your browser to refuse cookies or to alert you when cookies are being sent. Note that disabling cookies may affect the functionality of the Platform, including your ability to remain logged in.
09 Children's Privacy
BioStackIQ is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user under the age of 18 has created an account or submitted personal data to the Platform, we will take steps to delete that information and terminate the associated account. If you believe a minor has provided personal information to us, please contact us through the contact page.
10 Third-Party Links and Content
The Platform may contain links to third-party websites, research publications, and vendor sites including affiliate partners. These third-party sites are governed by their own privacy policies and terms of service. BioStackIQ is not responsible for the privacy practices or content of any third-party site. We encourage you to review the privacy policies of any third-party site you visit through links on the Platform.
11 Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will notify you by posting the updated policy on this page with a revised effective date, and where appropriate, by sending a notification to your registered email address. Your continued use of the Platform after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
12 Contact Information
If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us through the contact form at biostackiq.com/contact.html and select "Privacy or data request" as your topic. We respond to all privacy-related inquiries within 5 business days.
biostackiq.com
support@biostackiq.com