Privacy Policy

Last updated: March 17, 2026

This Privacy Policy describes how StackTrack collects, uses, and protects your information when you use our website and application.

1. Overview

StackTrack (“we,” “us,” or “our”) operates the website https://stacktrack.health and the application https://app.stacktrack.health. We are committed to protecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and your rights regarding your data.

We do not sell your personal information.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored in hashed form)

If you sign in with a third-party provider (e.g., Google, Apple), we receive your email and name from that provider.

2.2 Health and Medication Data

When you use the application, we store the data you enter, including:

  • Medications, supplements, and protocols (names, dosages, forms, categories)
  • Programs and dosing schedules
  • Dose logs (what you took, when, and any notes)
  • Inventory (quantities, lots, expiration dates, suppliers, costs)
  • Body measurements and symptom logs (if you use those features)
  • Person profiles (names, dates of birth, height, weight) if you track for yourself or others

This information is stored in our database and is used solely to provide the Service to you.

2.3 Usage Data

We automatically collect certain information when you use the Service, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Date and time of access

2.4 Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Authentication: Keeping you logged in
  • Preferences: Remembering your settings (e.g., theme)
  • Analytics: Understanding how the Service is used (if we enable analytics)

You can control cookies through your browser settings. Disabling cookies may limit some functionality.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Generate and display your schedules, dose logs, and inventory
  • Enable AI features (drug research, product extraction, chat)
  • Send you transactional emails (e.g., password reset, account notifications)
  • Comply with legal obligations
  • Protect against fraud and abuse
  • Analyze usage patterns to improve the product (in aggregate, where possible)

We do not use your health data for advertising or marketing purposes.

If you are in the European Economic Area (EEA), we process your data based on:

  • Consent: For health data and optional features, where required by law
  • Contract: To perform our agreement with you (providing the Service)
  • Legitimate interests: To improve the Service, ensure security, and comply with legal obligations

5. Data Storage and Security

  • Storage: Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS), so your data is isolated from other users.
  • Encryption: Data is encrypted in transit (TLS) and at rest (AES-256).
  • Authentication: Supabase Auth handles authentication with industry-standard practices.

We take reasonable measures to protect your data, but no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Sharing

We do not sell your personal information. We may share data only in these limited circumstances:

  • Service providers: Supabase (hosting, database, auth) and Vercel (application hosting) process data on our behalf under agreements that require them to protect your data.
  • Legal requirements: We may disclose data if required by law, court order, or government request, or to protect our rights and safety.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We would notify you of any such change.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymize your personal and health data within a reasonable period, except where we are required to retain it by law.

8. Your Rights

Depending on where you live, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request a copy of your data in a portable format (e.g., JSON)
  • Opt-out of sales: We do not sell data; you have the right to opt out if that ever changes
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at support@stacktrack.health. We will respond within a reasonable timeframe. You may also export your data from within the application (Settings).

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to non-discrimination for exercising your rights. We do not sell your personal information.

Washington Residents (MHMDA)

If you are a Washington resident, please see our Consumer Health Data Privacy Notice for additional information about your health data and how to exercise your rights.

9. Children’s Privacy

The Service is not intended for anyone under 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete it.

10. International Transfers

Our service providers (Supabase, Vercel) may store and process data in the United States or other countries. If you are outside the U.S., your data may be transferred to and processed in the U.S. By using the Service, you consent to such transfers. We take appropriate safeguards to protect your data in accordance with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. Your continued use of the Service after such changes constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or your data, contact us at support@stacktrack.health.