-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprivacy.html
More file actions
193 lines (183 loc) · 13.1 KB
/
privacy.html
File metadata and controls
193 lines (183 loc) · 13.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
<title>Privacy Policy — SupplementScore</title>
<link rel="icon" type="image/svg+xml" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Crect width='24' height='24' rx='6' fill='%231F7A6B'/%3E%3Cpath d='M5 19C5 11 11 5 19 5C19 13 13 19 5 19Z' fill='%23F8F4ED'/%3E%3Cpath d='M5 19C9 15 13 11 19 5' stroke='%231F7A6B' stroke-width='1.4' stroke-linecap='round' fill='none'/%3E%3C/svg%3E">
<meta name="description" content="What data SupplementScore stores, how we handle it, and what your rights are.">
<meta property="og:url" content="https://supplementscore.org/privacy.html">
<meta property="og:site_name" content="SupplementScore">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="Privacy Policy — SupplementScore">
<meta name="twitter:description" content="Privacy policy and data-handling practices.">
<link rel="canonical" href="https://supplementscore.org/privacy.html">
<meta property="og:title" content="Privacy Policy — SupplementScore">
<meta property="og:description" content="Privacy policy and data-handling practices.">
<meta property="og:type" content="website">
<script>document.documentElement.setAttribute('data-theme','light');</script>
<style>html{color-scheme:light}</style>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Mona+Sans:wght@400;500;600;700;800&family=Plus+Jakarta+Sans:wght@400;500;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/styles.css?v=20260527-bottomline">
<style>
body { background: var(--color-background-primary); color: var(--color-text-primary); }
.pg-wrap { max-width: 720px; margin: 0 auto; padding: 32px 24px 64px; line-height: 1.65; }
.pg-back { display: inline-flex; align-items: center; gap: 6px; font-size: 13px; color: var(--color-text-secondary); text-decoration: none; padding: 6px 12px; border: 1px solid var(--color-border-secondary); border-radius: 8px; margin-bottom: 24px; transition: all .15s; }
.pg-back:hover { background: rgba(31,122,107,.05); color: var(--color-brand); }
.pg-wrap h1 { font-size: 2rem; font-weight: 700; margin: 0 0 8px; line-height: 1.2; }
.pg-sub { color: var(--color-text-secondary); font-size: 14px; margin-bottom: 28px; }
.pg-wrap h2 { font-size: 1.3rem; font-weight: 700; margin: 36px 0 10px; padding-top: 14px; border-top: 1px solid var(--color-border-tertiary); }
.pg-wrap h2:first-of-type { padding-top: 0; border-top: none; }
.pg-wrap p { margin-bottom: 14px; }
.pg-wrap ul { margin: 0 0 16px 22px; }
.pg-wrap li { margin-bottom: 6px; }
.pg-close-fab{position:fixed;top:16px;right:16px;width:40px;height:40px;border-radius:50%;background:var(--color-background-primary);border:1px solid var(--color-border-secondary);box-shadow:0 2px 12px rgba(0,0,0,.14);display:flex;align-items:center;justify-content:center;cursor:pointer;z-index:50;color:var(--color-text-secondary);transition:transform .15s,color .15s;padding:0;text-decoration:none}
.pg-close-fab:hover{transform:scale(1.08);color:var(--color-text-primary)}
.pg-close-fab:focus-visible{outline:2px solid var(--color-brand);outline-offset:2px}
@media(max-width:760px){.pg-close-fab{top:12px;right:12px;width:36px;height:36px}}
</style>
<!-- Analytics: uncomment one line below to enable Plausible (privacy-friendly, no cookies, GDPR-clean).
Sign up at https://plausible.io and replace the data-domain if needed. -->
<script defer data-domain="supplementscore.org" src="https://plausible.io/js/script.js"></script>
<link rel="manifest" href="/manifest.webmanifest">
<link rel="apple-touch-icon" sizes="180x180" href="/icons/icon-180-apple.svg">
<meta name="theme-color" content="#1F7A6B">
<meta name="apple-mobile-web-app-title" content="SuppScore">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https:; connect-src 'self' https://formspree.io https://plausible.io https://www.fda.gov https://www.efsa.europa.eu; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://formspree.io;">
<script src="_site-ux.js?v=20260527-rel-path-fix" defer></script>
<!-- SEO-BREADCRUMB:start -->
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "BreadcrumbList",
"itemListElement": [
{
"@type": "ListItem",
"position": 1,
"name": "Home",
"item": "https://supplementscore.org/"
},
{
"@type": "ListItem",
"position": 2,
"name": "Privacy Policy",
"item": "https://supplementscore.org/privacy.html"
}
]
}
</script>
<!-- SEO-BREADCRUMB:end -->
</head>
<body>
<main class="pg-wrap">
<a href="index.html" class="pg-close-fab" onclick="event.preventDefault();if(document.referrer&&document.referrer.indexOf(location.origin)===0&&history.length>1){history.back();}else{location.href='index.html';}" aria-label="Close and return">
<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
</a>
<h1>Privacy Policy</h1>
<p class="pg-sub">Last updated: 2026-05-01</p>
<h2>The short version</h2>
<p>SupplementScore stores nothing about you on our servers. The "profile" feature (your age, sex, current supplements, prescription medications) lives entirely in your browser's local storage. We never see it. If you clear your browser data or open the site on a different device, the profile is gone.</p>
<h2>What we collect</h2>
<ul>
<li><strong>Local-only profile data:</strong> if you fill in the profile form, your inputs (age, sex, current supplements, medications, blood-work values, goals) are stored in your browser's <code>localStorage</code>. They never leave your device.</li>
<li><strong>Inaccuracy reports:</strong> when you submit a "Report inaccuracy" form, the form contents (the claim you flagged, your suggested correction, your citation, optionally your email) are sent to our forms processor (Formspree) and forwarded to our editorial inbox.</li>
<li><strong>Server logs:</strong> our hosting provider (GitHub Pages) records standard HTTP request logs (IP address, user agent, requested URL, timestamp). These are retained per GitHub's policy and we do not link them to any other identifier.</li>
</ul>
<h2>What we don't collect</h2>
<ul>
<li>No account system. No login. No email subscription unless you explicitly sign up.</li>
<li>No cookies, tracking pixels, or third-party advertising scripts.</li>
<li>No analytics that follow you across the web. (If we add a privacy-friendly analytics tool like Plausible or Umami, this section will list it.)</li>
<li>No payment data — the site is free and does not process payments.</li>
</ul>
<h2>Third-party services</h2>
<ul>
<li><strong>GitHub Pages</strong> — site hosting. <a href="https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" target="_blank" rel="noopener">GitHub privacy statement</a>.</li>
<li><strong>Formspree</strong> — handles inaccuracy reports and contributor signup forms. <a href="https://formspree.io/legal/privacy-policy/" target="_blank" rel="noopener">Formspree privacy policy</a>.</li>
<li><strong>Google Fonts</strong> — serves the Plus Jakarta Sans typeface. Google may log the font request. <a href="https://policies.google.com/privacy" target="_blank" rel="noopener">Google privacy policy</a>.</li>
</ul>
<h2>Your rights</h2>
<p>If you're in the EU/EEA (GDPR), the UK (UK-GDPR), or California (CCPA), you have the right to:</p>
<ul>
<li>Access — request what data we have about you (we can only check our inaccuracy-report inbox; we have no other store).</li>
<li>Delete — ask us to delete your inaccuracy-report submission. Email the contact below.</li>
<li>Export — receive your inaccuracy-report submission in a portable format.</li>
<li>Opt out — clearing your browser's local storage removes the profile we never saw to begin with.</li>
</ul>
<h2>Children</h2>
<p>SupplementScore is not directed at children under 13 and we do not knowingly collect any data from anyone under 13. If you believe a child has submitted information through our forms, contact us and we will delete it.</p>
<h2>Changes</h2>
<p>If this policy changes materially, the "Last updated" date at the top will change and the change will be summarised in our <a href="about.html">annual transparency report</a>.</p>
<h2>Contact</h2>
<p>Privacy questions or data-deletion requests: see the contact email in the <a href="index.html">main site footer</a>.</p>
</main>
<!-- SS_FOOTER_BEGIN -->
<!-- 2026-05-23 — Footer rewritten in centered-column layout (Direction B from
the mockup review). Single vertical axis: brand → tagline → inline link
row (hairlines top/bottom) → centered contributor CTA → legal at bottom.
The previous brand+3-column grid is gone; .site-footer-grid and
.site-footer-col classes are no longer emitted. Old CSS rules for those
remain in place harmlessly (no markup references them). -->
<footer class="site-footer" role="contentinfo">
<div class="site-footer-inner">
<div class="site-footer-brand-row">
<span class="site-footer-leaf" aria-hidden="true">
<svg viewBox="0 0 24 24" aria-hidden="true" focusable="false"><path d="M5 19C5 11 11 5 19 5C19 13 13 19 5 19Z"/></svg>
</span>
<span class="site-footer-brand">SupplementScore<span class="site-footer-brand-tld">.org</span></span>
</div>
<nav class="site-footer-links" aria-label="Footer navigation">
<a href="/">Home</a>
<a href="/compare/index.html">Compare</a>
<a href="/#research" onclick="window._tabSwitchByUser=true">Research</a>
<a href="/#profile" onclick="window._tabSwitchByUser=true">Profile <span class="site-footer-beta" aria-label="Beta">(Beta)</span></a>
<a href="/about.html">About</a>
</nav>
<div class="site-footer-contrib">
<div class="site-footer-contrib-eyebrow">Non-profit · volunteer-run</div>
<div class="site-footer-contrib-title">Help build the database</div>
<div class="site-footer-contrib-desc">Clinicians, researchers, developers, help us improve this site.</div>
<form class="site-footer-contrib-form" onsubmit="return ssFooterContrib(event)" novalidate>
<input type="email" placeholder="your@email.com" aria-label="Your email address" required>
<button type="submit" aria-label="Send" title="Send"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="5" y1="12" x2="19" y2="12"/><polyline points="12 5 19 12 12 19"/></svg></button>
<div class="site-footer-contrib-success" role="status" aria-live="polite">✓ Thanks! We'll be in touch.</div>
</form>
</div>
<div class="site-footer-bottom">© 2026 SupplementScore · CC-BY 4.0 · <a href="/privacy.html">Terms & Privacy</a> · <a href="mailto:hello@supplementscore.org">hello@supplementscore.org</a> · Educational reference, not medical advice. Always consult a clinician before changing your supplement regimen.</div>
</div>
<script>
/* Footer contributor form — small handler shared by every page that ships the
shared site-footer. Defined once on window so re-loads on subsequent pages
are no-ops. Posts to the same Formspree endpoint as the about-page form,
tagged with source='contributor-footer' so leads from here are attributable. */
window.ssFooterContrib = window.ssFooterContrib || function(e){
e.preventDefault();
var form = e.target;
var input = form.querySelector('input[type=email]');
var btn = form.querySelector('button');
var email = (input.value || '').trim();
if (!email || email.indexOf('@') < 0 || email.length < 5) {
input.classList.add('is-invalid');
setTimeout(function(){ input.classList.remove('is-invalid'); }, 2000);
return false;
}
btn.disabled = true; btn.textContent = 'Sending…';
fetch('https://formspree.io/f/mnjoylkz', {
method: 'POST',
headers: { 'Content-Type': 'application/json', 'Accept': 'application/json' },
body: JSON.stringify({ email: email, source: 'contributor-footer', date: new Date().toISOString() })
}).then(function(r){
if (r.ok) { form.classList.add('is-success'); }
else { btn.disabled = false; btn.textContent = 'Try again'; }
}).catch(function(){ btn.disabled = false; btn.textContent = 'Try again'; });
return false;
};
</script>
</footer>
<!-- SS_FOOTER_END -->
</body>
</html>