Skip to main content
Narrated

Privacy Policy

Last updated: April 5, 2026

In plain language

We collect only what we need to run the site: your email, username, and any health experiences you choose to share. We never sell your data or show you ads. Your identity is private by default — you pick a username, and we never show your real name unless you choose to. Payment info is handled by Stripe — we never see your card number. You can delete your account and data at any time.

1. Who We Are

Narrated is a community-driven platform that aggregates self-reported experiences with interventions, supplements, and related compounds. This policy explains how we collect, use, store, and protect your personal data.

Data Controller

The data controller for your personal data is Narrated. For all privacy-related matters, you can contact us at privacy@narrated.health.

2. Data We Collect

Account data

When you create an account, we collect your email address, a username of your choice, and an authentication credential (password or OAuth token via Google). Verified practitioners also provide their real name and credential type.

Health-related self-reported data

When you submit a log, you may provide: the goal you were pursuing, compound names and dosages, cycle length, outcome scores, side effects, a summary of your experience, and optional demographic information (age range and sex). This data is considered health-related and is treated with heightened protection.

Usage data

We collect standard server logs (IP addresses, browser type, pages visited) for security and rate limiting purposes. We use Google Analytics 4 (GA4) with Consent Mode v2 to understand how the site is used. GA4 analytics cookies are only set if you give consent via our cookie banner. Without consent, GA4 operates in cookieless mode and does not store identifiers on your device. We do not use tracking pixels or advertising cookies.

Payment data

Premium subscriptions are processed by Stripe. We do not store your credit card number or payment details. Stripe processes this data under their own privacy policy.

3. How We Use Your Data

We use your data for the following purposes only:

  • To operate and maintain the platform
  • To display your submitted logs and comments (after moderation review)
  • To authenticate your identity and manage your account
  • To process Premium subscription payments
  • To enforce rate limits and prevent abuse
  • To generate aggregate, anonymized statistics for goal reports

We do not sell your data. We do not serve advertisements. We do not share identifiable data with third parties for marketing purposes.

4. Health Data — Special Protections

Self-reported health experiences, compound usage, side effects, and outcome scores may qualify as health-related data under applicable privacy laws (including UK GDPR, EU GDPR, and Australian Privacy Act). We treat all such data with heightened protection:

  • We process health-related data only with your explicit consent, obtained at account creation
  • Health data is stored in our Supabase-hosted PostgreSQL database with encryption at rest
  • We minimize data collection — we ask for age ranges (not exact ages) and provide "prefer not to say" options
  • Community members use usernames by default — your real identity is never required or shown
  • We do not combine your health data with external datasets or use it for profiling

5. Usernames and Identity

Community members use a username of their choice. Your email address is never displayed publicly. You are not required to provide your real name unless you opt in to a public profile or apply for practitioner verification. Verified practitioners choose to use their real name and credentials — this is always opt-in.

6. Data Sharing

We share data only in these limited circumstances:

  • Stripe — for payment processing (Premium subscriptions only)
  • Supabase — our database and authentication provider, which processes data on our behalf
  • Google Analytics — for anonymised website usage analytics (only with your consent)
  • Legal obligations — if required by law, regulation, or valid legal process

We do not sell data. We do not share data with advertisers. We have no affiliate relationships with supplement or intervention companies.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States. Our key sub-processors — Supabase (database and authentication), Stripe (payment processing), and Google (analytics) — are US-based companies. These transfers are protected by appropriate safeguards, including UK adequacy decisions and Standard Contractual Clauses (SCCs) as applicable. You can request more details about the safeguards in place by contacting us at privacy@narrated.health.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — request your data in a machine-readable format
  • Withdraw consent — withdraw your consent for health data processing at any time (this may require account deletion)
  • Restriction — request that we limit processing of your data

To exercise any of these rights, contact us at privacy@narrated.health. We will respond within 30 days.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information.

UK and EU residents (GDPR)

Our lawful basis for processing account data is legitimate interest (operating the platform). Our lawful basis for processing health-related self-reported data is explicit consent, obtained at account creation. Analytics data (via Google Analytics) is processed on the basis of your consent, given through our cookie banner. You may withdraw consent at any time by contacting us or deleting your account.

If you are a UK resident, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk.

Australian residents

Health information is treated as sensitive information under the Privacy Act 1988. We collect and process this information only with your consent.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregate data (e.g., goal report statistics) may be retained indefinitely as it cannot be linked back to you.

10. Security

We implement appropriate technical and organizational measures to protect your data, including: encryption at rest and in transit, rate limiting on API endpoints, CSRF protection, input validation, and authentication error sanitization to prevent credential leakage. No system is 100% secure — we cannot guarantee absolute security but we take reasonable steps to protect your information.

11. Cookies

We use essential cookies for authentication and session management. We also use Google Analytics 4 (GA4), which may set analytics cookies on your device — but only if you give consent via our cookie banner. If you choose "Essential Only," no analytics cookies are set. You can change your preference at any time by clearing your browser's local storage for this site. We do not use advertising cookies.

12. Children

Narrated is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. Continued use of Narrated after changes are posted constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@narrated.health.