Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.

Information We Collect

We collect information that you provide directly to us, including:

  • Account information (email, password, username)
  • Profile information (birth month, birth year, sex, height, weight, body fat percentage, bio, social media usernames)
  • Health and wellness data (biomarker values, supplements, diet information, fitness routines, effect tracking)
  • User-generated content (posts, comments, votes, profile information)
  • Chat messages and AI interactions
  • Food log entries and dietary patterns
  • Generic events and activity tracking
  • Device information (device tokens for push notifications, device type, IP address, user agent)
  • Usage data and analytics (page views, session information, interaction patterns)
  • Payment and subscription information (processed through Stripe and Apple Store)
  • Anonymous session data (for users who visit before registering)

How We Use Your Information

We use the collected information to:

  • Provide and improve our services
  • Personalize your experience and generate AI-powered health recommendations
  • Process AI analysis of your health data (with your explicit consent)
  • Send you push notifications (with your permission and preferences)
  • Process payments and manage subscriptions
  • Authenticate your account (including via Google OAuth)
  • Analyze platform usage and performance using analytics services
  • Communicate with you about our services via email
  • Ensure platform security and prevent fraud
  • Track anonymous user journeys to improve conversion
  • Provide customer support

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases under GDPR:

  • Consent: AI processing (chat and recommendations), analytics tracking (PostHog), marketing emails. You can withdraw consent at any time through your settings.
  • Contract: Account management, subscription services, providing the core platform functionality you signed up for.
  • Legitimate Interest: Security and fraud prevention, platform analytics and improvement, ensuring platform stability and performance.
  • Legal Obligation: Tax records, compliance with applicable laws and regulations, responding to legal requests.

For special category data (health information), we process based on your explicit consent, which you provide when you use AI features or track health data on our platform.

Data Retention

We retain your personal data indefinitely until you request deletion or delete your account. Specifically:

  • Account and Profile Data: Retained until account deletion
  • Health Tracking Data: Retained until account deletion or your explicit request for deletion
  • Analytics Data: Retained according to PostHog's retention policies (typically 25 months for event data)
  • Payment Records: Retained for 7 years as required by law for tax and accounting purposes
  • Chat Messages: Retained until account deletion
  • User-Generated Content: Posts, comments, and other content retained until account deletion or content removal

When you delete your account, we will delete all associated personal data within 30 days, except where we are required to retain certain information by law (such as payment records).

Data Security

We implement robust security measures to protect your data:

  • Regular security audits and updates
  • Strict access controls and authentication
  • Secure data storage and backup procedures

Data Sharing and Third-Party Services

We do not sell your personal information. We work with trusted third-party service providers to deliver our services:

  • Third-Party Analytics: We use PostHog to analyze platform usage and user behavior. This helps us improve our services and understand how users interact with the platform.
  • OpenRouter AI: When you use AI features (chat or recommendations), your anonymized health data is processed by OpenRouter AI services to generate personalized insights. This requires your explicit consent.
  • Stripe: Payment processing for web subscriptions. Stripe handles all payment card information securely and we do not store full payment card details.
  • Apple Store: In-app purchase processing for iOS subscriptions. Apple handles all payment information.
  • Google OAuth: Authentication services. When you sign in with Google, Google processes your authentication credentials.
  • Amazon SES: Email delivery service for transactional and promotional emails.
  • Apple Push Notification Service (APNs): Delivery of push notifications to iOS devices.
  • AWS S3: Secure storage of user-uploaded files and media.

We may share anonymized, aggregated data to improve our services and provide community insights. Your individual data is only shared when:

  • You explicitly choose to make it public (e.g., public posts, profile information)
  • Required by law or legal process
  • Necessary to protect our rights or users
  • With your explicit consent for AI processing

Your Rights (GDPR and CCPA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of all your personal data through our data export feature
  • Right to Rectification: Correct inaccurate information through your profile settings
  • Right to Erasure: Request deletion of your account and all associated data (Right to be Forgotten)
  • Right to Restrict Processing: Opt-out of certain data processing activities
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Opt-out of analytics tracking, email communications, or push notifications
  • Right to Withdraw Consent: Withdraw consent for AI processing at any time

To exercise these rights, you can:

  • Use the data export feature in your account settings
  • Use the account deletion feature to permanently delete your account
  • Adjust your notification preferences in settings
  • Contact us at support@staqc.com

Cookies and Tracking Technologies

We use cookies, session storage, and similar technologies to:

  • Maintain your session and authentication state
  • Store your preferences and settings
  • Analyze platform usage and performance through PostHog
  • Improve user experience and functionality
  • Provide security features and prevent fraud
  • Track anonymous user journeys before registration

You can control cookies through your browser settings, though disabling cookies may affect platform functionality.

Push Notifications

If you use our iOS app, you may receive push notifications. You can:

  • Control which types of notifications you receive through your notification preferences
  • Disable push notifications entirely through your device settings or app preferences
  • Manage notification preferences per notification type in your account settings

We use Apple Push Notification Service (APNs) to deliver notifications to your iOS devices. Device tokens are stored securely and only used for notification delivery.

AI Processing and Consent

Our platform uses AI services to provide personalized health recommendations and chat assistance. When you use these features:

  • You must explicitly accept AI terms of use before accessing AI features
  • Your anonymized health data (biomarkers, supplements, diet, fitness, effects) is sent to OpenRouter AI for processing
  • No personally identifiable information (name, email, username) is sent to AI services
  • You can withdraw consent at any time by disabling AI features
  • AI processing is separate for chat and recommendations - you can consent to one or both independently

Contact Us

If you have questions about our privacy practices or would like to exercise your rights, please contact us at:

  • Email: support@staqc.com

Last Updated: December 20, 2025