Your Privacy Matters: This Privacy Policy explains how we collect, use, protect, and share
your information when you use the TNI Supplement Calculator.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for login and communications)
- Password (stored as encrypted hash - we never see your actual password)
- Name (optional)
- Date of birth (optional, for age-based calculations)
- Phone number (optional)
- Marketing preferences (whether you want to receive updates)
1.2 Health Information
When you use the calculator, we collect health-related information, including:
- Body weight (for dosage calculations)
- Age or age range (for age-based dosing)
- Medical conditions (sensitivity, reflux/GERD, etc.)
- Current medications (for interaction warnings)
- Dietary information (e.g., eating solid foods)
- Product preferences (e.g., Nutrivene Daily form type)
- Supplement usage (protocols generated, supplements selected)
1.3 Care Recipients ("Subjects")
If you create profiles for care recipients, we collect:
- Name (to identify the care recipient)
- Date of birth (for age calculations)
- Weight (for dosage calculations)
- Notes (allergies, conditions, preferences - anything you choose to record)
1.4 Usage Information
We automatically collect:
- Session data (calculator sessions, protocols generated)
- Login history (when you access the site)
- Page views (which pages you visit)
- Browser information (for compatibility)
- IP address (for security)
1.5 What We Do NOT Collect
We do NOT use:
- Third-party tracking cookies (Google Analytics, Facebook Pixel, etc.)
- Advertising trackers
- Social media tracking
- Cross-site tracking
We only use essential session cookies to keep you logged in. That's it.
2. How We Use Your Information
2.1 Primary Uses
We use your information to:
- Provide the calculator service (generate personalized protocols)
- Save your data (so you can access it later)
- Send account-related emails (verification, password reset)
- Improve the calculator (understand usage patterns, fix bugs)
- Provide customer support (answer your questions)
2.2 Communications
We may use your email to send:
- Account verification (required)
- Password reset links (when requested)
- Important service updates (e.g., Terms changes, security issues)
- Admin messages (if you're an approved user)
- Optional newsletters (only if you consented during registration)
You can opt out of optional communications at any time in your account settings.
3. How We Protect Your Information
3.1 Security Measures
We protect your data using:
- Encryption: Passwords are hashed using industry-standard bcrypt
- Secure servers: Data stored on secure hosting infrastructure
- Database security: Prepared statements prevent SQL injection
- Session management: Secure session cookies with httpOnly and SameSite flags
- Access control: Role-based access limits who can view data
- CSRF protection: Prevents unauthorized form submissions
3.2 Data Storage
- Data is stored on servers provided by Hostinger
- Backups are created regularly
- Soft-delete policy (deleted data is marked as deleted but retained for 90 days)
3.3 Who Can Access Your Data
Very limited access:
- You: Full access to your own data
- Administrators (Level 3-4): Can view user lists and manage calculator data
- Developer: Database access for maintenance and bug fixes only
- No one else: We do not sell, rent, or share your data with third parties
4. How We Share Your Information
✅ WE DO NOT SELL YOUR DATA
We do NOT sell, rent, lease, or trade your personal information to third parties. Period.
4.1 When We May Share Information
We may share your information only in these limited circumstances:
- Legal Requirements: If required by law, subpoena, court order, or government request
- Safety: To prevent harm to you, others, or our legal rights
- Service Providers: Hosting provider (Hostinger) - bound by confidentiality agreements
- With Your Consent: If you explicitly agree to share information
4.2 Aggregate Data
We may share anonymized, aggregated statistics (e.g., "500 users generated protocols this month")
that cannot identify individual users.
5. Your Rights and Choices
5.1 Access Your Data
You can access your data at any time by logging into your account:
- View your profile in Account Settings
- View your care recipients in My Care Recipients
- View generated protocols (coming soon)
5.2 Update Your Data
You can update your information at any time:
- Update account details in Account Settings
- Update care recipient profiles in My Care Recipients
- Update communication preferences
5.3 Delete Your Data
You can request deletion of your account:
- Go to Account Settings
- Click "Delete Account"
- Confirm deletion
What happens when you delete:
- Your account is marked as deleted (soft delete)
- You can no longer log in or access data
- Data is retained for 90 days (for recovery requests)
- After 90 days, data is permanently removed
5.4 Export Your Data
You can request an export of your data by contacting us via the admin messaging system. We will provide
a copy of your data in a readable format within 30 days.
5.5 Opt Out of Communications
You can opt out of optional communications:
- Unsubscribe from newsletters using the link in any email
- Update preferences in Account Settings
- You will still receive essential emails (verification, password reset, critical service updates)
6. Children's Privacy
6.1 Account Age Requirement
You must be at least 18 years old to create an account.
During registration, you confirm that you are 18+ years old. We do not knowingly collect information from
minors under 18 for account creation purposes.
6.2 Children as Care Recipients
However, this calculator is designed to be used for children with Down syndrome or other conditions:
- Parents/guardians (18+) create accounts
- Parents/guardians add children as "care recipients"
- Parents/guardians provide children's information (age, weight, conditions)
- Parents/guardians are responsible for protecting children's information
- Parents/guardians must consult pediatricians before using any recommendations
Parent/Guardian Responsibility: If you add a child as a care recipient, you are responsible for
protecting their information and making appropriate healthcare decisions under guidance of their pediatrician.
7. Cookies and Tracking
7.1 Essential Cookies Only
✅ We only use essential session cookies.
We do NOT use:
- Advertising cookies
- Third-party tracking cookies
- Analytics cookies (Google Analytics, etc.)
- Social media tracking pixels
- Cross-site tracking
7.2 Session Cookies
We use session cookies to:
- Keep you logged in
- Remember your preferences during your session
- Provide CSRF protection (security)
These cookies are essential for the website to function. They expire when you close your browser or log out.
7.3 Your Browser Controls
You can control cookies through your browser settings. However, disabling cookies will prevent you from
using the calculator (you won't be able to log in).
8. Data Retention
8.1 Active Accounts
We retain your data as long as your account is active and for 90 days after deletion.
8.2 Inactive Accounts
If you don't log in for 2 years, we may send you an email asking if you want to keep your account active.
If you don't respond within 30 days, we may delete your account.
8.3 Deleted Accounts
- Soft delete: Account marked as deleted, data retained for 90 days
- Hard delete: After 90 days, data is permanently removed from our systems
- Backups: Data may persist in backups for up to 30 additional days
8.4 Session Data
Calculator sessions (intake data, generated protocols) are retained for:
- 24 hours for temporary sessions (quick calculate mode)
- Indefinitely for saved sessions (associated with care recipients)
9. HIPAA and Healthcare Privacy
ℹ️ Important: We Are NOT a HIPAA-Covered Entity
This website and service are NOT covered by HIPAA (Health Insurance Portability and Accountability Act).
Why:
- We are not healthcare providers
- We are not health plans
- We are not healthcare clearinghouses
- We do not submit insurance claims
However, we still take your privacy seriously and implement strong security measures to protect your health information.
9.1 If Used by Healthcare Providers
If a licensed healthcare provider uses this calculator as part of patient care,
they may be subject to HIPAA requirements. In such cases:
- The healthcare provider is responsible for HIPAA compliance
- The healthcare provider should obtain proper patient consent
- The healthcare provider is responsible for protecting patient information
10. Third-Party Services
10.1 Hosting Provider
This website is hosted by Hostinger. Your data is stored on their servers, and they have
access to the database for hosting purposes. Hostinger maintains their own privacy policy and security measures.
10.2 Email Service
We use standard email protocols (SMTP) to send verification emails and communications. Email is not encrypted
in transit unless your email provider supports it.
10.3 Payment Processing
We do not currently charge for this service. If we add paid features in the future, payment processing will
be handled by a third-party payment processor (e.g., Stripe), and they will have their own privacy policies.
10.4 Donations
We accept donations via Venmo (and potentially other platforms in the future). When you donate:
- You are redirected to the payment platform (Venmo, etc.)
- The payment platform handles your payment information
- We do not receive or store your payment card information
- We may see your name/username from the payment notification
11. Data Security
11.1 How We Protect Your Data
- Password Hashing: Passwords encrypted using bcrypt (we never see your actual password)
- Secure Database: MySQL with prepared statements to prevent SQL injection
- HTTPS/SSL: All data transmitted over encrypted connections (when available)
- Session Security: Secure session cookies with httpOnly and SameSite flags
- Access Control: Role-based permissions limit who can access data
- Regular Updates: We keep software up to date with security patches
11.2 Limitations
No system is 100% secure.
Despite our security measures, we cannot guarantee absolute security. Data breaches, hacking, and unauthorized
access are possible. You use this Service at your own risk.
If you believe your account has been compromised, change your password immediately and contact us.
12. Your California Privacy Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
12.1 Right to Know
- What personal information we collect
- How we use it
- Who we share it with
- Request a copy of your data
12.2 Right to Delete
- Request deletion of your personal information
- We will delete within 90 days (subject to legal retention requirements)
12.3 Right to Opt-Out
- Opt out of sale of personal information
- Note: We do NOT sell personal information, so this doesn't apply
12.4 Non-Discrimination
- You will not be discriminated against for exercising your privacy rights
- We will not charge you more or provide lesser service
12.5 California Proposition 65
Some supplements may contain substances known to the State of California to cause cancer, birth defects, or
reproductive harm (e.g., fish oil may contain trace mercury or lead). For more information, visit
www.P65Warnings.ca.gov.
13. International Users
This Service is operated from the United States. If you are accessing from outside the U.S.:
- Your information will be transferred to and stored in the United States
- U.S. privacy laws may differ from your country's laws
- By using this Service, you consent to the transfer of your information to the U.S.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated
"Last Updated" date at the top.
Significant changes will be communicated via:
- Email to registered users
- Prominent notice on the website
- Requiring re-acceptance of terms
Check this page regularly. Your continued use after changes constitutes acceptance of the
updated Privacy Policy.
15. Contact Us
Questions about this Privacy Policy?
For privacy concerns or data requests:
- Use the admin messaging system (for registered users)
- Access: Messages → Contact Administrator
For technical issues:
- Sidney Lanier, Markov Innovations
- Via: Admin messaging system
16. Data Breach Notification
In the event of a data breach that may affect your personal information:
- We will notify you within 72 hours (when feasible)
- We will notify you via email to the address on file
- We will describe the breach, what information was affected, and steps we're taking
- We will provide guidance on protecting yourself (e.g., change passwords)
17. Your Consent
By using this Service, you consent to this Privacy Policy and our collection, use, and sharing of your
information as described herein.
18. Questions About Privacy?
Note: This Privacy Policy is provided for informational purposes and does not constitute
legal advice. We've made every effort to be transparent and compliant with applicable privacy laws.