Privacy Policy

Updated March 9, 2026

What we know / What we CANNOT know

What we know	What we CANNOT know
Your email (AES-256-GCM encrypted in DB)	Your real name
Your public_handle (chosen pseudonym)	Your physical address
Your protocol logs (compounds, doses, dates)	Your real identity
Your health measurements (weight, BP, etc.)	Who you are in real life
Your bloodwork results	Your face (blurred by default, raw photo never stored)
Your subscription tier	Your genitals (auto-censored, non-disableable)

What we know

Your email (AES-256-GCM encrypted in DB)

What we CANNOT know

Your real name

What we know

Your public_handle (chosen pseudonym)

What we CANNOT know

Your physical address

What we know

Your protocol logs (compounds, doses, dates)

What we CANNOT know

Your real identity

What we know

Your health measurements (weight, BP, etc.)

What we CANNOT know

Who you are in real life

What we know

Your bloodwork results

What we CANNOT know

Your face (blurred by default, raw photo never stored)

What we know

Your subscription tier

What we CANNOT know

Your genitals (auto-censored, non-disableable)

Even if our entire database leaked, no one could trace it back to you.

Zero tracking

No Google Analytics, no third-party trackers
No advertising, no data selling
No retargeting pixels
No sharing with data brokers
No tracking cookies

Intelligence artificielle — AI Transparency

ModelClaude (Anthropic) — Haiku for light tasks, Sonnet for analysis, Opus for complex reports

What the AI seesYour protocol data, measurements, bloodwork — only after your explicit consent

What it producesPattern observations, correlations, suggestions — never a medical diagnosis

Where it runsAnthropic API (USA) — data cleaned before sending, not stored by Anthropic after processing

AI Act classMinimal risk system (Art. 6) — not a medical device (SaMD), no automated decision-making affecting rights

USA transfer — honest note

— The PII sanitizer removes direct identifiers before sending
— Data sent is linked to a UUID, not to an identity
— Anthropic does not retain API data after processing
— Transfer is covered by Standard Contractual Clauses (SCCs)
— AI consent is explicit and can be disabled

We cannot guarantee that a US authority could not compel Anthropic to intercept data in transit, or that Anthropic's retention policy won't change in the future.

If this near-zero risk is something you absolutely don't want to take, you can disable AI processing in Settings. The app works without it — you lose AI features but your data never leaves France.

StacksnStats uses artificial intelligence to analyze your protocol and health data. Results are pattern-based observations, not medical diagnoses. You are always informed when a feature uses AI, and you can disable AI processing at any time.

Legal details

Subprocessors

Subprocessor	Purpose	Data	Location
Scaleway SAS	Infrastructure hosting (self-hosted Supabase) + transactional emails (TEM)	All data + emails in transit	France (Paris DC)
Anthropic PBC	AI API (Claude)	Cleaned protocol/health data (PII sanitizer)	USA (API) — data not retained
Paddle.com	Payment (Merchant of Record)	Transaction ID, plan, status	UK
NOWPayments	Crypto payment	Transaction ID only	EU

Scaleway SAS

Infrastructure hosting (self-hosted Supabase) + transactional emails (TEM)

France (Paris DC)

Anthropic PBC

AI API (Claude)

USA (API) — data not retained

Paddle.com

Payment (Merchant of Record)

NOWPayments

Crypto payment

Scaleway is certified ISO 27001 and HDS (Hébergeur de Données de Santé). Scaleway TEM (Transactional Email) is the same provider — emails stay within the same network, no external transit.

Contact: contact@stacksnstats.io — response within 30 days (GDPR Art. 12(3))

DPO: Peplade (self-designated as solo developer)

Publisher: [Name of auto-entrepreneur — to be completed before publication]

Host: Scaleway SAS, 8 rue de la Ville l'Évêque, 75008 Paris