Privacy Policy

Last Updated: February 12, 2026

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for login and communications)
• Password (stored as encrypted hash - we never see your actual password)
• Name (optional)
• Date of birth (optional, for age-based calculations)
• Phone number (optional)
• Marketing preferences (whether you want to receive updates)

1.2 Health Information

When you use the calculator, we collect health-related information, including:

• Body weight (for dosage calculations)
• Age or age range (for age-based dosing)
• Medical conditions (sensitivity, reflux/GERD, etc.)
• Current medications (for interaction warnings)
• Dietary information (e.g., eating solid foods)
• Product preferences (e.g., Nutrivene Daily form type)
• Supplement usage (protocols generated, supplements selected)

1.3 Care Recipients ("Subjects")

If you create profiles for care recipients, we collect:

• Name (to identify the care recipient)
• Date of birth (for age calculations)
• Weight (for dosage calculations)
• Notes (allergies, conditions, preferences - anything you choose to record)

1.4 Usage Information

We automatically collect:

• Session data (calculator sessions, protocols generated)
• Login history (when you access the site)
• Page views (which pages you visit)
• Browser information (for compatibility)
• IP address (for security)

1.5 What We Do NOT Collect

2. How We Use Your Information

2.1 Primary Uses

We use your information to:

• Provide the calculator service (generate personalized protocols)
• Save your data (so you can access it later)
• Send account-related emails (verification, password reset)
• Improve the calculator (understand usage patterns, fix bugs)
• Provide customer support (answer your questions)

2.2 Communications

We may use your email to send:

• Account verification (required)
• Password reset links (when requested)
• Important service updates (e.g., Terms changes, security issues)
• Admin messages (if you're an approved user)
• Optional newsletters (only if you consented during registration)

You can opt out of optional communications at any time in your account settings.

3. How We Protect Your Information

3.1 Security Measures

We protect your data using:

• Encryption: Passwords are hashed using industry-standard bcrypt
• Secure servers: Data stored on secure hosting infrastructure
• Database security: Prepared statements prevent SQL injection
• Session management: Secure session cookies with httpOnly and SameSite flags
• Access control: Role-based access limits who can view data
• CSRF protection: Prevents unauthorized form submissions

3.2 Data Storage

• Data is stored on servers provided by Hostinger
• Backups are created regularly
• Soft-delete policy (deleted data is marked as deleted but retained for 90 days)

3.3 Who Can Access Your Data

Very limited access:

• You: Full access to your own data
• Administrators (Level 3-4): Can view user lists and manage calculator data
• Developer: Database access for maintenance and bug fixes only
• No one else: We do not sell, rent, or share your data with third parties

4. How We Share Your Information

4.1 When We May Share Information

We may share your information only in these limited circumstances:

• Legal Requirements: If required by law, subpoena, court order, or government request
• Safety: To prevent harm to you, others, or our legal rights
• Service Providers: Hosting provider (Hostinger) - bound by confidentiality agreements
• With Your Consent: If you explicitly agree to share information

4.2 Aggregate Data

We may share anonymized, aggregated statistics (e.g., "500 users generated protocols this month") that cannot identify individual users.

5. Your Rights and Choices

5.1 Access Your Data

You can access your data at any time by logging into your account:

• View your profile in Account Settings
• View your care recipients in My Care Recipients
• View generated protocols (coming soon)

5.2 Update Your Data

You can update your information at any time:

• Update account details in Account Settings
• Update care recipient profiles in My Care Recipients
• Update communication preferences

5.3 Delete Your Data

You can request deletion of your account:

• Go to Account Settings
• Click "Delete Account"
• Confirm deletion

What happens when you delete:

• Your account is marked as deleted (soft delete)
• You can no longer log in or access data
• Data is retained for 90 days (for recovery requests)
• After 90 days, data is permanently removed

5.4 Export Your Data

You can request an export of your data by contacting us via the admin messaging system. We will provide a copy of your data in a readable format within 30 days.

5.5 Opt Out of Communications

You can opt out of optional communications:

• Unsubscribe from newsletters using the link in any email
• Update preferences in Account Settings
• You will still receive essential emails (verification, password reset, critical service updates)

6. Children's Privacy

6.1 Account Age Requirement

You must be at least 18 years old to create an account.

During registration, you confirm that you are 18+ years old. We do not knowingly collect information from minors under 18 for account creation purposes.

6.2 Children as Care Recipients

However, this calculator is designed to be used for children with Down syndrome or other conditions:

• Parents/guardians (18+) create accounts
• Parents/guardians add children as "care recipients"
• Parents/guardians provide children's information (age, weight, conditions)
• Parents/guardians are responsible for protecting children's information
• Parents/guardians must consult pediatricians before using any recommendations

Parent/Guardian Responsibility: If you add a child as a care recipient, you are responsible for protecting their information and making appropriate healthcare decisions under guidance of their pediatrician.

7. Cookies and Tracking

7.1 Essential Cookies Only

7.2 Session Cookies

We use session cookies to:

• Keep you logged in
• Remember your preferences during your session
• Provide CSRF protection (security)

These cookies are essential for the website to function. They expire when you close your browser or log out.

7.3 Your Browser Controls

You can control cookies through your browser settings. However, disabling cookies will prevent you from using the calculator (you won't be able to log in).

8. Data Retention

8.1 Active Accounts

We retain your data as long as your account is active and for 90 days after deletion.

8.2 Inactive Accounts

If you don't log in for 2 years, we may send you an email asking if you want to keep your account active. If you don't respond within 30 days, we may delete your account.

8.3 Deleted Accounts

• Soft delete: Account marked as deleted, data retained for 90 days
• Hard delete: After 90 days, data is permanently removed from our systems
• Backups: Data may persist in backups for up to 30 additional days

8.4 Session Data

Calculator sessions (intake data, generated protocols) are retained for:

• 24 hours for temporary sessions (quick calculate mode)
• Indefinitely for saved sessions (associated with care recipients)

9. HIPAA and Healthcare Privacy

9.1 If Used by Healthcare Providers

If a licensed healthcare provider uses this calculator as part of patient care, they may be subject to HIPAA requirements. In such cases:

• The healthcare provider is responsible for HIPAA compliance
• The healthcare provider should obtain proper patient consent
• The healthcare provider is responsible for protecting patient information

10. Third-Party Services

10.1 Hosting Provider

This website is hosted by Hostinger. Your data is stored on their servers, and they have access to the database for hosting purposes. Hostinger maintains their own privacy policy and security measures.

10.2 Email Service

We use standard email protocols (SMTP) to send verification emails and communications. Email is not encrypted in transit unless your email provider supports it.

10.3 Payment Processing

We do not currently charge for this service. If we add paid features in the future, payment processing will be handled by a third-party payment processor (e.g., Stripe), and they will have their own privacy policies.

10.4 Donations

We accept donations via Venmo (and potentially other platforms in the future). When you donate:

• You are redirected to the payment platform (Venmo, etc.)
• The payment platform handles your payment information
• We do not receive or store your payment card information
• We may see your name/username from the payment notification

11. Data Security

11.1 How We Protect Your Data

• Password Hashing: Passwords encrypted using bcrypt (we never see your actual password)
• Secure Database: MySQL with prepared statements to prevent SQL injection
• HTTPS/SSL: All data transmitted over encrypted connections (when available)
• Session Security: Secure session cookies with httpOnly and SameSite flags
• Access Control: Role-based permissions limit who can access data
• Regular Updates: We keep software up to date with security patches

11.2 Limitations

12. Your California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

• What personal information we collect
• How we use it
• Who we share it with
• Request a copy of your data

12.2 Right to Delete

• Request deletion of your personal information
• We will delete within 90 days (subject to legal retention requirements)

12.3 Right to Opt-Out

• Opt out of sale of personal information
• Note: We do NOT sell personal information, so this doesn't apply

12.4 Non-Discrimination

• You will not be discriminated against for exercising your privacy rights
• We will not charge you more or provide lesser service

12.5 California Proposition 65

Some supplements may contain substances known to the State of California to cause cancer, birth defects, or reproductive harm (e.g., fish oil may contain trace mercury or lead). For more information, visit www.P65Warnings.ca.gov.

13. International Users

This Service is operated from the United States. If you are accessing from outside the U.S.:

• Your information will be transferred to and stored in the United States
• U.S. privacy laws may differ from your country's laws
• By using this Service, you consent to the transfer of your information to the U.S.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date at the top.

Significant changes will be communicated via:

• Email to registered users
• Prominent notice on the website
• Requiring re-acceptance of terms

Check this page regularly. Your continued use after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

16. Data Breach Notification

In the event of a data breach that may affect your personal information:

• We will notify you within 72 hours (when feasible)
• We will notify you via email to the address on file
• We will describe the breach, what information was affected, and steps we're taking
• We will provide guidance on protecting yourself (e.g., change passwords)

17. Your Consent

By using this Service, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.

18. Questions About Privacy?

• View what data we have: Check your Account Settings and Care Recipients
• Update your data: Edit in Account Settings
• Delete your data: Use "Delete Account" option
• Contact us: Use admin messaging