StackLog — Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains what information StackLog ("we," "us," or "our") collects, how we use it, and the choices you have. StackLog is a personal tracker for supplements, nootropics, peptides, and hormone therapy, operated by Dorie, LLC, a Minnesota limited liability company. By using the Service, you agree to this Policy.

A note on health information. Much of what you track in StackLog is sensitive information about your health. We treat it as consumer health data and describe how we handle it in Section 9 (Consumer Health Data) below. StackLog is informational only and is not medical advice; see our Terms of Service for the full medical disclaimer.


1. Information We Collect

  • Account information: your email address and username, and authentication data (a hashed password, and passkey/WebAuthn credentials if you enable them).
  • Your stack data: the substances you track, doses, and schedules.
  • Journal check-ins: daily entries such as energy, mood, and focus ratings, plus any free-text notes you write.
  • WHOOP physiological data (optional): if you connect WHOOP, we receive physiological and health-related data such as recovery, sleep, and heart-rate variability (HRV) through WHOOP's OAuth integration. This is collected only if you choose to connect it.
  • Basic technical data: information needed to operate the Service securely, such as session and authentication data.

We do not collect biometric identifiers (such as fingerprints or facial geometry), and we do not use the WHOOP data to identify you.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including storing your stacks, journal entries, and connected data.
  • Authenticate you and keep your account secure.
  • Generate AI-assisted analysis at your request.
  • Send transactional emails (such as email verification and account-related messages).
  • Maintain, debug, and improve the Service.
  • Comply with legal obligations and enforce our Terms.

We do not sell your personal information, we do not share it for cross-context behavioral advertising, and we do not use it for advertising. We do not use your data to train our own or third parties' AI models.

Where required by law, we rely on your consent to collect and process your health-related data, and we obtain a separate authorization before sharing that data with any third party for any purpose beyond providing the Service. You can withdraw consent at any time as described in Section 9 and Section 10 (Your Rights).

4. Third-Party Processors

To provide the Service, we share limited data with service providers who process it only on our instructions and only for the purposes we specify, under data processing agreements. We do not authorize them to use your data for their own purposes.

  • Anthropic (Claude API): when you request AI analysis, the relevant stack data is sent to Anthropic to generate that analysis. This data is not used to train AI models.
  • Resend: used to send transactional email (e.g., verification and account messages); processes your email address and message content.
  • WHOOP: if you connect WHOOP, physiological data is synced via OAuth. You can disconnect this integration at any time (see Section 7).
  • Hosting and infrastructure: standard providers that host the application and store data on our behalf.

5. Cookies and Sessions

We use authentication cookies (JWT access and refresh tokens) to keep you signed in and to operate the Service securely. These are essential/functional cookies only. We do not use advertising or third-party tracking cookies.

6. Security

We take reasonable measures to protect your information, including hashing passwords and supporting passkeys (WebAuthn). However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials safe. If a breach affecting your information occurs, we will notify you and authorities as required by applicable law.

7. Data Retention and Deletion

We keep your information for as long as your account is active or as needed to provide the Service. When you delete specific entries or your account, we delete the associated data from our active systems, and residual copies in backups are purged within 30 days. We may retain limited information where required by law.

You can delete your account and your data at any time from your account Settings. Deletion is self-serve and cascades to remove your associated data. If you disconnect WHOOP, we stop syncing new data; previously synced WHOOP data is retained until you delete your account.

Data export: self-serve export is currently limited and planned for the future. In the meantime, contact us at the address below to request a copy of your data.

8. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect information from anyone under 18. If you believe someone under 18 has provided us information, contact us so we can remove it.

9. Consumer Health Data (Including Washington Residents)

This section applies to "consumer health data" and is intended to satisfy the Washington My Health My Data Act and similar laws. It applies regardless of where Dorie, LLC is located, based on the consumer's residency.

What we treat as consumer health data. The substances you track, doses, schedules, hormone-therapy information, journal check-ins relating to physical or mental health, and physiological data synced from WHOOP (recovery, sleep, HRV).

Sources. Directly from you, and — if you connect it — from WHOOP via OAuth.

How we use it. Solely to provide the Service as described in Section 2: to store your records, generate AI analysis at your request, and operate and secure your account.

Who we share it with. Only the processors in Section 4, bound to process it on our instructions. We do not sell consumer health data, and we do not share it for advertising. We will not share it with any third party for purposes beyond providing the Service without your separate written authorization.

Your rights regarding consumer health data. You have the right to confirm whether we collect, share, or sell it; to access it; to withdraw consent to its collection and sharing; and to have it deleted. To exercise these rights, use your account Settings or contact contact@stacklog.me. We will respond as required by applicable law. You may appeal a denied request by replying to our response.

10. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the use of your personal information, and to withdraw consent. You can delete your account and data directly from Settings. For other requests, contact contact@stacklog.me; we will verify your request and respond within the timeframe required by applicable law. You may use an authorized agent where the law permits, and you may appeal a denial by replying to our decision. We will not discriminate against you for exercising these rights.

11. International Users

The Service is operated from the United States and is directed to U.S. users. Your information will be processed and stored in the U.S. and in locations used by our processors. We do not target the Service to the European Economic Area or the United Kingdom.

12. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above. For material changes, we will provide reasonable notice (for example, by email or in-app notice) before they take effect. We will not apply materially different practices to data we previously collected without your consent where required by law.

13. Contact

Questions about this Policy or your data? Contact Dorie, LLC at contact@stacklog.me.