Privacy Policy

Last updated: June 8, 2026

At SomaStack, we respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy details how we collect, store, and utilize your information.

1. Information We Collect

To provide personalized vitamin stack algorithms, we collect the following metrics:

• Onboarding Profile Answers: Age, gender, physical activity level, and general notes/goals regarding recovery.
• Strava Account Data (Optional): If you connect your Strava account, we read your profile identification and recent physical activity statistics (distance, heart rate, and duration).
• Account Identifiers: If you sign up, we store your email address and profile name.

2. How We Store Your Information

Your profile metrics, account configuration, and checked supplement lists are safely stored in our secure database instance (PostgreSQL / SQLite) deployed within our isolated hosting environment on Railway. We do not distribute, share, or sell your health metrics to third-party advertising companies.

3. API Integrations and Data Sharing

• Google Gemini API: To calculate your custom supplement stack, we send your anonymized profile summary (age, gender, workout description) to the Gemini model API. No personal identifiers (like email or password hashes) are ever sent to the AI service.
• Strava & Google OAuth: All tokens for login services are secured in cryptographically signed, HTTP-only session cookies. You can terminate integrations at any time from your settings panel.

4. Cookies

We use standard, secure, HTTP-only session cookies to authenticate your account and persist dashboard logins. We do not use cross-site tracking cookies.

5. Contact Us

If you have any questions regarding data usage or wish to delete your account data, please contact us at [email protected].