Heads up: Everything on Anecdotal is self-reported by real people — these are not clinical results. Some compounds discussed here may not be approved for human use in your country. Anecdotal does not recommend, endorse, or advise the use of any substance. Always talk to a qualified healthcare professional before trying anything.

anecdotal

Privacy Policy

Last updated: March 14, 2026

1. Who We Are

Anecdotal is a community-driven platform that aggregates self-reported experiences with peptides, supplements, and related compounds. This policy explains how we collect, use, store, and protect your personal data.

2. Data We Collect

Account data

When you create an account, we collect your email address, a username of your choice, and an authentication credential (password or OAuth token via Google). Verified practitioners also provide their real name and credential type.

Health-related self-reported data

When you submit a log, you may provide: the goal you were pursuing, compound names and dosages, cycle length, outcome scores, side effects, a summary of your experience, and optional demographic information (age range and sex). This data is considered health-related and is treated with heightened protection.

Usage data

We collect standard server logs (IP addresses, browser type, pages visited) for security and rate limiting purposes. We do not use tracking pixels, advertising cookies, or third-party analytics that profile users.

Payment data

Premium subscriptions are processed by Stripe. We do not store your credit card number or payment details. Stripe processes this data under their own privacy policy.

3. How We Use Your Data

We use your data for the following purposes only:

  • To operate and maintain the platform
  • To display your submitted logs and comments (after moderation review)
  • To authenticate your identity and manage your account
  • To process Premium subscription payments
  • To enforce rate limits and prevent abuse
  • To generate aggregate, anonymized statistics for goal reports

We do not sell your data. We do not serve advertisements. We do not share identifiable data with third parties for marketing purposes.

4. Health Data — Special Protections

Self-reported health experiences, compound usage, side effects, and outcome scores may qualify as health-related data under applicable privacy laws (including UK GDPR, EU GDPR, and Australian Privacy Act). We treat all such data with heightened protection:

  • We process health-related data only with your explicit consent, obtained at account creation
  • Health data is stored in our Supabase-hosted PostgreSQL database with encryption at rest
  • We minimize data collection — we ask for age ranges (not exact ages) and provide "prefer not to say" options
  • Community members are pseudonymous by default — your real identity is never required or displayed
  • We do not combine your health data with external datasets or use it for profiling

5. Pseudonymity and Identity

Community members use a username of their choice. Your email address is never displayed publicly. You are not required to provide your real name unless you opt in to a public profile or apply for practitioner verification. Verified practitioners choose to use their real name and credentials — this is always opt-in.

6. Data Sharing

We share data only in these limited circumstances:

  • Stripe — for payment processing (Premium subscriptions only)
  • Supabase — our database and authentication provider, which processes data on our behalf
  • Legal obligations — if required by law, regulation, or valid legal process

We do not sell data. We do not share data with advertisers. We have no affiliate relationships with supplement or peptide companies.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — request your data in a machine-readable format
  • Withdraw consent — withdraw your consent for health data processing at any time (this may require account deletion)
  • Restriction — request that we limit processing of your data

To exercise any of these rights, contact us at privacy@anecdotal.app. We will respond within 30 days.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information.

UK and EU residents (GDPR)

Our lawful basis for processing account data is legitimate interest (operating the platform). Our lawful basis for processing health-related self-reported data is explicit consent, obtained at account creation. You may withdraw consent at any time by contacting us or deleting your account.

Australian residents

Health information is treated as sensitive information under the Privacy Act 1988. We collect and process this information only with your consent.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregate data (e.g., goal report statistics) may be retained indefinitely as it cannot be linked back to you.

9. Security

We implement appropriate technical and organizational measures to protect your data, including: encryption at rest and in transit, rate limiting on API endpoints, CSRF protection, input validation, and authentication error sanitization to prevent credential leakage. No system is 100% secure — we cannot guarantee absolute security but we take reasonable steps to protect your information.

10. Cookies

We use essential cookies only — for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children

Anecdotal is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. Continued use of Anecdotal after changes are posted constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@anecdotal.app.