Privacy Policy

1. Who we are

Stack Almanac (“we”, “us”, “our”) operates the website stackalmanac.com and the web application at app.stackalmanac.com. We are committed to protecting your privacy and handling your personal data responsibly.

2. Data we collect

We collect the following categories of data:

• Account data: email address, display name, and authentication credentials when you create an account.
• Supplement data: your supplement stack, dosages, time blocks, logging history, and compliance data.
• Bio-profile data: optional biological information you provide (sex, age, weight, health goals, genetic variants). This is special category data under GDPR Article 9 and requires your explicit consent.
• Health metrics: optional self-reported data (sleep, energy, mood, focus scores) and data from connected health services.
• AI conversation data: messages exchanged with the Almanac Advisor to provide personalised recommendations.
• Usage data: how you interact with the application, including feature usage and session information.
• Payment data: processed securely by Stripe. We do not store your card details.

3. How we use your data

• To provide and personalise the Stack Almanac service
• To power the Almanac Advisor with context about your stack, goals, and bio-profile
• To run the correlation engine and generate personal insights
• To send reminders and notifications you have opted into
• To process payments and manage your subscription
• To improve the product and fix issues

4. Data storage and security

Your data is stored securely using Supabase (hosted on AWS infrastructure). All data is encrypted in transit (TLS) and at rest. Row Level Security ensures users can only access their own data. Bio-profile data is stored with additional access controls as required by GDPR Article 9.

5. Third-party services

• Supabase: database, authentication, and serverless functions
• Anthropic (Claude): AI advisor. Conversation data is sent to generate responses but is not used to train models.
• Stripe: payment processing. Subject to Stripe’s Privacy Policy.
• Vercel: website and application hosting
• Telegram / WhatsApp: if you connect messaging integrations, messages are processed via their respective APIs

6. Your rights (GDPR)

If you are in the UK or EEA, you have the right to:

• Access, correct, or delete your personal data
• Export your data in a portable format (CSV/JSON)
• Withdraw consent for bio-profile data processing
• Object to processing or request restriction
• Lodge a complaint with the ICO (UK) or your local DPA

You can export or delete your data from the Account section of the app at any time.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. No third-party analytics cookies are set.

8. Data retention

Your data is retained for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymised, aggregated data may be retained for product improvement.

9. Children

Stack Almanac is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. The “last updated” date at the top reflects the most recent revision.

11. Contact

For privacy enquiries, email privacy@stackalmanac.com.