Privacy Policy

1. Introduction

Biohacker's OS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at biohacker-os.com and use our biohacking tools.

Unlike most health platforms, we operate on a Local-First architecture. This means your sensitive health data (glucose levels, microbiome composition, treatment protocols) is processed entirely within your web browser using HTML5 technologies. We do not have servers that receive, store, or process your personal health information.

2. Information We Do NOT Collect

It is critical to understand what we do not collect:

• No Health Data Uploads: We do not receive your CGM glucose readings, continuous glucose monitoring data, Dexcom exports, FreeStyle Libre files, microbiome sequencing results, Viome reports, Thryve data, or any other personal health metrics.
• No User Accounts: We do not require registration, usernames, passwords, or email addresses to use our tools.
• No Server-Side Processing: All calculations, data analysis, chart rendering, and report generation happen in your browser's JavaScript engine. Our servers never see your data.
• No Third-Party Health Data Sharing: Since we never receive your health data, we cannot and do not share it with advertisers, analytics companies, research institutions, or any third parties.

3. Information Automatically Collected

When you visit our website, certain technical information may be automatically collected by our hosting infrastructure and analytics services:

3.1 Server Logs

Our hosting provider (GitHub Pages / Netlify / Vercel) may log:

• IP address (anonymized where possible)
• Browser type and version (User-Agent string)
• Device type and operating system
• Referring website URL
• Pages visited and timestamps
• HTTP status codes

This information is used solely for security monitoring, abuse prevention, and performance optimization. It is not linked to any personal health data.

3.2 Cookies and Local Storage

We use two types of browser storage:

• Essential Cookies: Minimal cookies required for session functionality and security (e.g., CSRF tokens if applicable).
• localStorage: Your tool inputs (CGM selections, gut microbiome parameters, red light calculator settings) are saved in your browser's localStorage API. This data remains exclusively on your device and is never transmitted to us. You can clear localStorage at any time through your browser settings.

3.3 Analytics Services

If we implement web analytics (e.g., Google Analytics, Plausible, Fathom), these services may collect:

• Aggregate page view statistics
• Geographic location (country/city level, derived from IP)
• Browser and device characteristics
• Traffic sources and referral paths

Analytics data is aggregated and anonymized. It does not include personal health information or individually identifiable data. We prioritize privacy-focused analytics providers that do not use tracking cookies.

4. How We Use Collected Information

Any information we collect is used exclusively for:

• Maintaining website security and preventing abuse
• Improving website performance and user experience
• Understanding aggregate traffic patterns to optimize content
• Complying with legal obligations

We do NOT use any collected information for:

• Profiling individual users' health conditions
• Selling or renting personal data to third parties
• Targeted advertising based on health interests
• Automated decision-making about individuals

5. Third-Party Services

5.1 Hosting Infrastructure

Our website is hosted on cloud infrastructure providers (GitHub Pages, Netlify, Vercel, or similar). These providers process server log data as described in Section 3.1. Their privacy policies govern their handling of this data:

• GitHub Privacy Statement
• Netlify Privacy Policy
• Vercel Privacy Policy

5.2 External Links

Our website contains links to external websites (scientific journals like Nature, PubMed, research institutions). When you click these links, you leave our website and are subject to the privacy policies of those external sites. We are not responsible for the privacy practices of third-party websites.

5.3 AdSense Advertising (If Enabled)

If we enable Google AdSense advertising in the future, Google may place cookies on your browser to serve personalized ads. These cookies track your browsing behavior across websites but do NOT access your health data processed within our tools. You can opt out of personalized advertising through Google Ads Settings.

6. Data Security

Since your health data never reaches our servers, the primary security responsibility lies with you:

• Device Security: Ensure your computer, phone, or tablet is protected with strong passwords and up-to-date antivirus software.
• Browser Updates: Keep your web browser updated to the latest version to benefit from security patches.
• Public Computers: Avoid using our tools on shared or public computers, as localStorage data may persist after your session.
• Clearing Data: You can delete all locally stored data by clearing your browser's localStorage and cookies through browser settings.

For data we do collect (server logs, analytics), we implement industry-standard security measures including HTTPS encryption, access controls, and regular security audits.

7. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Right to Access: Request information about what personal data we hold about you (limited to server logs and analytics data).
• Right to Deletion: Request deletion of your personal data from our systems. Note that since health data is stored locally, you control its deletion through your browser settings.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Object: Object to processing of your personal data for certain purposes.
• Right to Data Portability: Request transfer of your personal data to another service provider.

To exercise these rights, contact us at legal@biohacker-os.com.

9. International Data Transfers

Our hosting infrastructure may process server log data in various countries. By using our website, you consent to the transfer of such technical data to countries outside your residence, which may have different data protection laws. However, no personal health data is transferred since it remains on your device.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by posting the updated policy on this page with a revised "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: legal@biohacker-os.com
• Website: biohacker-os.com
• Response Time: We aim to respond to all privacy inquiries within 30 days.

12. Regulatory Compliance

This Privacy Policy is designed to comply with applicable data protection laws including:

• GDPR (General Data Protection Regulation): For users in the European Economic Area
• CCPA (California Consumer Privacy Act): For California residents
• HIPAA Notice: While we are not a covered entity under HIPAA, we acknowledge the sensitivity of health data and voluntarily adhere to principles of health information privacy.