Privacy Policy & Notice of Privacy Practices

Effective Date: February 28, 2026

JGA Ventures LLC, doing business as Stack Precision ("Stack Precision," "we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
HIPAA-Compliant Health Data Protection: Stack Precision implements comprehensive administrative, physical, and technical safeguards to protect your health information to HIPAA standards. We maintain Business Associate Agreements (BAAs) with our infrastructure and service providers as required by HIPAA, ensuring they are contractually obligated to protect your health information to the same standards we maintain. We will never sell your data. See our Privacy & Security page for details on our security practices.

1. Information We Collect

1.1 Information You Provide Directly

When you use Stack Precision, you may choose to provide:

  • Account Information: Email address, display name, and profile preferences. You may also use Stack Precision without providing personally identifying information by using our anonymous recovery code authentication—in this case, only a pseudonymous identifier and recovery code are stored
  • Supplement Data: Supplement stacks, dosages, schedules, and tracking information
  • Journal Entries: Daily wellness metrics (energy, mood, focus, stress, sleep quality, pain levels on 1-5 scales), notes, and health observations
  • Genetic Information: Gene variants and interpretations you choose to upload from consumer genetic testing services
  • AI Conversations: Messages exchanged with our AI health assistant
  • Research Notes: Articles, notes, and information you save within the app

1.2 Information Collected Automatically

We collect limited technical information to operate and improve the app:

  • Device Information: Device type, operating system version, and app version
  • Usage Analytics: Feature access patterns, session timing, and interaction counts (see Section 8 for details)
  • Crash Reports: Technical error logs to improve app stability
What We Never Collect in Analytics: Supplement names, health metric values, journal content, genetic data, or any Protected Health Information (PHI). Our analytics capture only anonymized counts and timestamps.

2. How We Use Your Information

We use your information solely to provide and improve Stack Precision:

  • Deliver core app functionality (supplement tracking, scheduling, reminders)
  • Power AI-assisted health insights when you initiate conversations
  • Generate personalized scheduling and notification reminders
  • Maintain security and detect unauthorized access
  • Analyze anonymized usage patterns to improve the app experience
  • Respond to your support requests
  • Comply with legal obligations

We do not use your health data for advertising, marketing profiling, or any purpose unrelated to providing the service you requested.

3. AI Features and Data Processing

AI Consent Required: Before using AI features, you must provide explicit consent. This consent is renewed monthly to ensure you remain in control of your data. You can modify or withdraw consent at any time in Settings.

3.1 Our AI Provider

Stack Precision uses Google Vertex AI (Gemini) to power our AI health assistant. We access Google's AI services through their enterprise API, which provides stronger privacy protections than consumer products.

3.2 What Data May Be Shared with AI

When you start an AI conversation, you control exactly what context is included. Based on your choices, the following may be sent to Google Vertex AI:

  • Your chat messages and conversation history for that session
  • Supplement information (names, dosages, schedules) — if you enable this option
  • Journal metrics (numerical scores only) — if you enable this option
  • Genetic variant information (gene name, variant, your genotype, risk allele status, and a brief description of what the variant may affect) — if you enable this option. You can view the exact text that would be shared with the AI for each variant in the app's genetic detail view.

3.3 What We Never Send to AI Providers

The following information is never transmitted to any AI provider:

  • Your name or display name
  • Your email address
  • Your user ID or account identifiers
  • Your device information or IP address
  • Any data that could directly identify you

Your AI conversations are effectively anonymous. Even if data were intercepted, it could not be linked to your identity.

3.4 Google Vertex AI Data Handling

  • Enterprise API data is not used for model training
  • Data is retained 30 days for abuse monitoring, then deleted
  • Processing occurs in Google Cloud data centers with enterprise security

For more information, see Google Vertex AI Data Governance.

3.5 Minimum Necessary Principle

Consistent with HIPAA's minimum necessary standard, we limit the health information shared with AI providers to only what is relevant to your conversation. Genetic data is subject to a token budget that prioritizes clinically significant variants, and you control which data categories are included on a per-session basis.

4. Data Storage and Security

4.1 Infrastructure

Your data is stored on Google Cloud Platform through Firebase services:

  • Database: Cloud Firestore with encryption at rest (AES-256)
  • File Storage: Cloud Storage with encryption at rest
  • Authentication: Firebase Authentication with secure token management
  • Location: United States data centers

4.2 Security Measures

We implement HIPAA-standard security controls:

  • Encryption in Transit: TLS 1.2+ for all data transmission
  • Encryption at Rest: AES-256 encryption for stored data
  • Access Controls: Role-based access; your health data is accessible only to you
  • Authentication: Secure login with optional biometric protection
  • Session Security: Automatic timeout after 15 minutes of inactivity
  • Audit Logging: Comprehensive logs of data access and modifications

For detailed information about our security practices, see our Privacy & Security page.

5. Data Sharing and Disclosure

We do not sell your personal information. We share data only in these limited circumstances:

Recipient Purpose Data Shared
Google Vertex AI AI chat features Conversation content and health context you select (no identifiers)
Google Cloud / Firebase Infrastructure All app data (encrypted, access-controlled)
RevenueCat Subscription management Pseudonymous ID only (no health data)
Google BigQuery Community Trends (opt-in) De-identified supplement and genetic grouping data (see Section 12)
Legal authorities If required by law As legally compelled

We maintain Business Associate Agreements (BAAs) with our infrastructure and AI service providers as required by HIPAA.

In the event of a merger, acquisition, or sale of assets, your data would transfer to the successor entity with equivalent privacy protections. We would notify you before any such transfer.

6. Your Rights Regarding Your Health Information

Under HIPAA, you have the following rights with respect to your Protected Health Information (PHI). You may exercise any of these rights by contacting our Privacy Officer through our contact form and selecting "Privacy Inquiry."

6.1 Right to Access and Inspect Your Data

You have the right to inspect and obtain a copy of your PHI maintained by Stack Precision. All your data is accessible within the app at any time. You may also request a complete export of your data in an electronic format through our contact form. We will respond to access requests within 30 days.

6.2 Right to Request Amendment

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete. You can update or correct most information directly within the app. For other amendments, contact us through our contact form. We may deny an amendment request if the information was not created by us, is not part of our records, is accurate and complete, or is not available for inspection. If we deny your request, we will provide a written explanation.

6.3 Right to an Accounting of Disclosures

You have the right to request a list of certain disclosures we have made of your PHI. This accounting will not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized in writing. To request an accounting, contact our Privacy Officer. We will provide the first accounting within any 12-month period free of charge.

6.4 Right to Request Restrictions

You have the right to request that we restrict how we use or disclose your PHI. While we are not required to agree to all restrictions, we will comply with any restriction request if the disclosure is to a health plan for payment or healthcare operations and the PHI relates to a service you paid for in full out of pocket.

6.5 Right to Confidential Communications

You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may ask that we contact you only by email. We will accommodate reasonable requests.

6.6 Right to a Copy of This Notice

You have the right to obtain a paper or electronic copy of this Notice of Privacy Practices at any time. This notice is always available at stackprecision.ai/privacy-policy.html.

6.7 Delete Your Data

You can request deletion of your account and associated data through Settings > Account > Delete Account, or by contacting us. Our deletion process:

  • 30-day grace period: After requesting deletion, you have 30 days to cancel by logging back in
  • Permanent deletion: After the grace period, your personal data, health data, supplements, journals, genetic data, and chat history are permanently and irreversibly deleted
  • Audit log retention: Security audit logs (which record access timestamps and actions, but not health data content) are retained for 7 years as required by HIPAA compliance standards

6.8 Lapsed Subscription Accounts

If your subscription expires and you do not resubscribe or become a Community Contributor (see Section 12):

  • Day 0–30: Your account enters “lapsed” status. Your data remains intact but premium features are unavailable. You may resubscribe at any time to restore full access.
  • Day 30: Your account transitions to pending deletion with a 7-day grace period. You will be notified within the app.
  • Day 37: If no action is taken, your personal data is deleted following the same process as account deletion above.
  • Day 67: All soft-deleted records are permanently purged from our systems.

You can prevent automatic deletion at any point by resubscribing or opting into the Community Contributor program.

6.9 Individual Record Deletion

When you delete individual items (supplements, journal entries, etc.) within the app:

  • Items are immediately hidden from your view (soft delete)
  • After 30 days, items are permanently removed from our systems
  • This allows recovery if you accidentally delete something

6.10 AI Data Controls

For each AI chat session, you control:

  • Whether to include supplement data
  • Whether to include journal metrics
  • Whether to include genetic data

AI consent expires monthly and must be renewed, ensuring you confirm your preferences monthly.

6.11 Withdraw Consent

You may withdraw consent for AI data processing at any time in Settings. This does not affect data already processed but prevents future AI interactions until you re-consent.

7. Children's Privacy

Stack Precision is intended for users 18 years of age and older. We do not knowingly collect information from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately through our contact form and we will delete it within 5 business days.

8. Analytics and Tracking

We use Firebase Analytics to understand how users interact with the app. Our analytics are designed to be privacy-preserving:

What We Track

  • Onboarding completion rates and timing
  • Feature adoption (e.g., "user created first stack" — not what supplements)
  • Subscription events (plan selected, not health data)
  • App stability metrics

What We Never Track

  • Supplement names or dosages
  • Health metric values (mood, energy, etc.)
  • Journal content or entries
  • Genetic variants or interpretations
  • AI conversation content

Analytics use a pseudonymous identifier that cannot be linked to your email or personal identity.

9. Data Retention

Data Type Retention Period
Account and health data (active subscriber) Until you delete your account
Account and health data (lapsed subscriber) 30 days after subscription expires, then automatic deletion pipeline (see Section 6.8)
Community Contributor data Indefinite while contributor status active; standard deletion timeline upon withdrawal
Trend contributions after consent withdrawal Immediately and permanently deleted from analytics systems
Deleted items (soft delete) 30 days, then permanently removed
Deleted accounts 7-day grace period, then permanently removed
Security audit logs 7 years (HIPAA requirement; contain no health data content)
AI conversation data at Google Up to 30 days (Google's policy)

10. Breach Notification

In the event of a breach of unsecured Protected Health Information, we will:

  • Notify affected individuals without unreasonable delay, and no later than 60 days after discovery
  • Notify the U.S. Department of Health and Human Services as required
  • Provide notification that includes: a description of the breach, the types of information involved, steps you should take to protect yourself, what we are doing to investigate and mitigate, and contact information for further questions

If a breach affects 500 or more individuals, we will also notify prominent media outlets in the affected jurisdiction as required by HIPAA.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you through the app or via email
  • We will update the "Effective Date" at the top of this page
  • For significant changes affecting your rights, we may require you to re-acknowledge the updated policy

Your continued use of Stack Precision after changes take effect constitutes acceptance of the updated policy.

12. Community Trends (Opt-In)

Stack Precision offers an optional Community Trends feature that aggregates anonymized data to show population-level supplement and wellness patterns.

12.1 What Is Collected

If you opt in, the following de-identified data may be contributed:

  • Supplement names, categories, dosages, and frequency information
  • Genetic trait groupings (e.g., "MTHFR heterozygous"—not raw genotype data)
  • Aggregated wellness metric averages (not individual daily entries)

12.2 How It Is De-Identified

  • A random contribution identifier is generated for your data—it is not derived from your user ID or any personal information and cannot be traced back to your account
  • Data is aggregated with other participants before display
  • Minimum participant thresholds (at least 20 people per group, at least 3 users per supplement) prevent re-identification of small groups
  • Trends data is stored in Google BigQuery, separate from your personal account data

12.3 Your Control

  • Participation is entirely opt-in and requires explicit consent
  • You may withdraw at any time in Settings
  • When you withdraw consent, your de-identified contributions are permanently deleted from our analytics systems and the mapping between your account and your contribution identifier is destroyed. This deletion is irreversible—we cannot recover or re-link your contributions after withdrawal.

12.4 Community Contributors

When your subscription ends, you may choose to become a Community Contributor. This is entirely optional and requires separate, explicit consent.

What this means:

  • Your supplement and genetic grouping data, as it existed at the time of your last active subscription, remains in the anonymized trends pool
  • No new data is synced—your contribution is frozen at the point of donation
  • You retain free, read-only access to Community Trends and full access to core features (supplement tracking, journaling)
  • You do not have access to AI features or premium features

Your control:

  • You may withdraw your Community Contributor consent at any time in Settings
  • Withdrawal triggers immediate, permanent deletion of your contributions from our analytics systems (see Section 12.3 above)
  • You may also resubscribe at any time, which automatically transitions you back to a full active account

What we do not do:

  • We do not pre-select donation on your behalf
  • We do not pressure you to donate—you are presented the option twice (once before expiration, once after) and may decline both times
  • If you never open the app after your subscription ends, your data follows the standard lapsed account deletion timeline described in Section 6.8

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You can request details about the personal information we collect, use, and disclose
  • Right to Delete: You can request deletion of your personal information (subject to legal exceptions)
  • Right to Correct: You can request correction of inaccurate personal information we maintain about you
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising, so this right does not apply
  • Right to Limit Use of Sensitive Personal Information: We collect sensitive personal information (including genetic data and health information) solely to provide the service you requested. We do not use sensitive personal information for purposes beyond providing Stack Precision
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of sensitive personal information collected: Health information (supplement data, journal metrics), genetic data, and precise geolocation (not collected). Genetic data is collected only with your explicit consent and used solely for the in-app features you enable.

To exercise these rights, contact us through our contact form and select "Privacy Inquiry" as the topic. We will verify your identity and respond within 30 days of receiving your request (within the 45-day CCPA maximum). If we need additional time, we will notify you of the extension.

14. Genetic Information

Stack Precision allows you to store genetic test results from consumer testing services. This section addresses specific legal requirements regarding genetic information.

GINA Prohibition: We are prohibited by the Genetic Information Nondiscrimination Act (GINA) from using or disclosing your genetic information for underwriting purposes. Stack Precision does not engage in underwriting of any kind. Your genetic information is used solely to provide the features you enable within the app.

14.1 Genetic Data Consent

  • Uploading genetic data requires explicit, separate consent before any data is stored
  • Before storing any genetic data, you review and individually select which markers to keep via a checkbox consent screen—we store only what you approve
  • You control whether genetic data is included in AI conversations (per-session toggle)
  • When genetic data is shared with our AI provider (Google Vertex AI), it is transmitted without any personal identifiers
  • Raw genetic files (from consumer genetic testing and sequencing services) are parsed locally on your device and are never uploaded to or stored on our servers—only the individual markers you select are stored

14.2 Transparency and Your Control

We believe you should have complete visibility into how your genetic data is used. For each stored variant, you can view within the app:

  • Why we track it: A plain-language explanation of why this variant is included in our database and its relevance to supplement response
  • What it may mean: A description of what the variant may affect, based on published research
  • What we share with the AI: The exact text that is sent to our AI provider when you include genetic data in a conversation—no more, no less
  • Research sources: Links to the peer-reviewed studies supporting our interpretation

You are responsible for evaluating whether you agree with our interpretation of your genetic data and whether you want it included in AI conversations. We provide this level of detail so you can make an informed decision. If you disagree with an interpretation, you can edit your genotype, remove individual markers, or exclude genetic data from AI conversations entirely.

14.3 Genetic Data Management

  • You may edit your genotype, remove individual markers, or delete all genetic data at any time from within the app
  • Deleted genetic markers can be restored within 7 days; after that, they are permanently removed following our standard data retention schedule
  • Deleting genetic data does not affect AI conversations that have already occurred, but prevents future conversations from including that data

State genetic privacy laws (including Illinois GIPA, Texas, and Montana) may provide additional protections. We design our consent and data handling practices to satisfy the strictest applicable state requirements.

15. Substance Use Disorder Records

Stack Precision does not specifically collect or maintain substance use disorder (SUD) treatment records. However, in compliance with the alignment of 42 CFR Part 2 with HIPAA effective February 16, 2026: if any information you provide could be considered a substance use disorder record, it will receive the same protections as all other PHI under this notice. We will not use or disclose any such information for civil, criminal, administrative, or legislative proceedings against you without your written consent or as otherwise permitted by law.

16. Filing Complaints

If you believe your privacy rights have been violated, you have the right to file a complaint:

Complain to Us

Contact our Privacy Officer through our contact form and select "Privacy Inquiry." We take all complaints seriously and will investigate and respond within 5 business days.

Complain to the U.S. Department of Health and Human Services

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights:

  • Online: HHS OCR Complaint Portal
  • Phone: 1-800-368-1019
  • Mail: U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, D.C. 20201
No Retaliation: We will not retaliate against you in any way for filing a complaint with us or with the Department of Health and Human Services.

17. Privacy Officer & Contact

Our designated Privacy Officer is responsible for ensuring compliance with this notice and applicable privacy laws:

  • Privacy Officer: Jeff Goodman
  • Title: Privacy Officer, Stack Precision
  • Contact: Contact Form (select "Privacy Inquiry")

For general questions about this Privacy Policy, our data practices, or to exercise any of your rights, please reach out through our contact form. Select the appropriate topic for your inquiry and we'll respond within 24–48 hours.