Privacy Policy

What we collect

When you browse Health Stacked, we may collect:

• —Basic usage data — pages visited, products clicked, and session information — to improve the product
• —Your email address if you subscribe to our newsletter

When you create an account, we also collect:

• —Your name, email address, and password (hashed)
• —Products you save or interact with
• —How you heard about us (referral source)

If you create a stack page, we additionally collect:

• —Your username and public profile information (bio, title, social links)
• —The products you add to your stack

How we use it

• —To operate the Health Stacked catalog and product recommendations
• —To send emails you've opted into (newsletter, product updates)
• —To improve the platform and understand how people use it
• —To contact you about your account or important policy changes

If you create a stack page, we also use your information to display your public health stack page.

We do not sell or share your personal data with third parties for advertising or marketing purposes, as those terms are defined under applicable privacy laws.

What's public

If you browse or subscribe to our newsletter, none of your personal information is public.

If you create a stack page, your page at healthstacked.com/yourname is public by default. This includes your name, bio, title, social links, and the products on your stack. Your email address and password are never public.

Health-related data

Because Health Stacked is a health product platform, some information we collect (products you save, products on your stack, browsing activity in health categories) may be considered “consumer health data” under certain state laws. We do not sell this data, share it with advertisers, use it for targeted advertising, or use it to infer sensitive health conditions. We use this data only to operate the platform and improve your experience.

Cookies and tracking

We use cookies to keep you logged in and to understand how visitors interact with the platform. We use our own analytics system to track anonymized usage data. We do not use advertising cookies, share data with ad networks, or use tracking for cross-site behavioral advertising.

Third-party services

We use Vercel for hosting and Supabase for authentication and data storage. Both providers maintain their own privacy and security practices.

Data retention and deletion

You can delete your account at any time from your account settings. This will remove your profile and any stack page you created. We may retain anonymized usage data for up to 7 years.

Your rights

You have the right to access, correct, or delete your personal data. Depending on where you live, you may have additional rights under local data privacy laws — including the GDPR (EU/UK), CCPA/CPRA (California), Washington's My Health My Data Act, and privacy laws in Virginia, Colorado, Connecticut, Nevada, Montana, Texas, and other states. These rights may include data portability, the right to object to processing, and the right to non-discrimination for exercising your rights. To exercise any of these rights, email us at aastha@healthstacked.com.

Children's privacy

Health Stacked is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will delete it promptly.

Changes to this policy

We may update this policy as the platform evolves. We'll notify you of significant changes via email. Continued use of Health Stacked after changes take effect means you accept the updated policy.