Privacy Policy

Effective Date: April 6, 2026  |  Last Updated: April 6, 2026

1. Who We Are

Stackd ("Stackd," "we," "us," or "our") is a sole proprietor business (LLC formation pending) operating the Stackd mobile application, accessible at stackd.health. We provide an educational platform for tracking dietary supplements and understanding how they may interact with personal health data.

For privacy-related questions, contact us at: support@stackd.health

2. Scope of This Policy

This Privacy Policy applies to all personal information collected through:

• The Stackd mobile application (iOS and Android)
• Our website at stackd.health
• Any communications between you and Stackd (email, support tickets, etc.)

By using Stackd, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the app.

3. Information We Collect

3.1 Information You Provide Directly

Category	Specific Data	Why It's Collected
Account	Email address, password (hashed), name	Account creation and authentication
Health Profile	Date of birth, biological sex, height, weight, health goals	Personalized supplement analysis
Supplement Data	Supplement names, dosages, schedules, brands, stacks	Core app functionality — tracking and analysis
Lab Results	Uploaded or manually entered lab values (e.g. blood panels)	Enhanced AI analysis and insights
Payment	Subscription tier; billing handled entirely by Stripe	Subscription management

3.2 Information Collected Automatically

• Device information: device type, OS version, app version
• Usage data: features accessed, session duration, crash reports
• Authentication tokens: session tokens for maintaining login state

3.3 Information from Third Parties

If you sign in with Apple or Google, we receive your email address and name as provided by those services. We do not receive your Apple or Google password.

4. How We Use Your Information

We use your information exclusively to operate and improve Stackd. Specifically:

• Provide the service: create your account, store your supplement stack, generate personalized AI-powered analysis
• AI analysis: your health profile and supplement data are sent to the Anthropic Claude API to generate educational insights. See Section 7 for details.
• Improve the app: aggregate, anonymized usage data helps us identify bugs and improve features
• Communicate with you: transactional emails (account confirmations, receipts), and — only with your consent — product updates
• Process payments: subscription billing via Stripe
• Enforce our terms: detect abuse, fraud, or violations of our Terms of Service

We do not sell your personal data. We do not use your data for advertising.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

• Contract performance: processing necessary to deliver the Stackd service you subscribed to
• Legitimate interests: app security, fraud prevention, improving product quality
• Consent: for optional communications (e.g. product newsletters); you may withdraw consent at any time
• Legal obligation: complying with applicable laws and regulations

6. Data Storage and Security

6.1 Where Your Data is Stored

Your data is stored in Supabase, a managed database platform hosted on AWS infrastructure. Data is stored in the United States. If you are located outside the US, your data will be transferred to and processed in the US.

6.2 Security Measures

• Passwords are never stored in plain text — they are hashed using industry-standard algorithms
• All data is transmitted over encrypted HTTPS connections
• Database access is restricted using row-level security policies
• Authentication tokens are stored securely on-device

6.3 No System is Perfect

While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Third-Party Services

We use the following third-party services to operate Stackd. Each has its own privacy practices:

Service	Purpose	Data Shared
Supabase	Database, authentication, file storage	All user data including health profile, supplements, lab results
Stripe	Payment processing	Email address, subscription tier. Payment card data is handled entirely by Stripe — we never see or store card numbers.
Anthropic (Claude API)	AI-powered supplement analysis	Health profile, supplement data, and any lab results you choose to include in an analysis request
Expo	Mobile app platform and delivery	Device metadata, crash reports
Apple / Google	Optional social sign-in	Email and name (only if you choose to sign in with Apple or Google)

8. Data Retention

We retain your personal data for as long as your account is active. Specifically:

• Account data: retained until you delete your account
• Supplement and health data: retained until deleted by you or upon account deletion
• Payment records: retained for 7 years as required by financial regulations
• Aggregated analytics: retained indefinitely (this data is not linked to you personally)

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

9. Your Rights and Choices

9.1 All Users

• Access: request a copy of the personal data we hold about you
• Correction: update inaccurate or incomplete data through the app settings
• Deletion: request deletion of your account and associated data
• Data portability: request your data in a structured, machine-readable format
• Opt-out of marketing: unsubscribe from any marketing communications at any time

9.2 EEA / UK Users (GDPR / UK GDPR)

In addition to the above, you have the right to object to processing, restrict processing, and lodge a complaint with your local data protection authority.

9.3 California Residents (CCPA)

California residents have the right to know what personal information is collected, to request deletion, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at support@stackd.health. We will respond within 30 days.

10. Children's Privacy

Stackd is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us immediately at support@stackd.health and we will delete the account promptly.

11. International Data Transfers

Stackd operates from the United States. If you access the app from outside the US, your data will be transferred to and processed in the US. By using Stackd, you consent to this transfer. We rely on standard contractual clauses and other appropriate safeguards where required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a prominent notice in the app at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of Stackd after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data: