Privacy Policy

Last updated: March 2026  ·  Effective immediately  ·  GDPR compliant

SupplementLabs.ai ("we", "our", or "the company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and AI coaching service, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is SupplementLabs.ai. For all data protection inquiries, please contact us at info@supplementlabs.ai.

2. Information We Collect

We collect information you provide directly to us (Art. 13 GDPR):

• Account registration data (email address, name, password)
• Health and wellness information you share with the AI coach (goals, supplement history, uploaded blood test results)
• Payment information processed securely through Stripe (we do not store card numbers)
• Communications you send to us via the contact form

We also collect certain data automatically:

• Usage data (pages visited, features used, session duration)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies — see our Cookie Notice
• Referral codes and affiliate click data
• Analytics data via Google Analytics 4 and Meta Pixel (see Section 5)

3. Legal Basis for Processing

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the AI coaching service you signed up for
• Legitimate interests (Art. 6(1)(f) GDPR): Analytics, fraud prevention, and service improvement
• Consent (Art. 6(1)(a) GDPR): Marketing emails and non-essential tracking (you can withdraw at any time)
• Legal obligation (Art. 6(1)(c) GDPR): Tax records, compliance requirements

4. How We Use Your Information

• To provide, operate, and improve the AI coaching service
• To personalize your supplement recommendations
• To process payments and manage your subscription
• To send transactional emails (account confirmations, password resets)
• To measure website performance and marketing effectiveness (GA4, Meta Pixel)
• To comply with legal obligations
• To detect and prevent fraud or abuse

5. Analytics & Advertising Tracking

Google Analytics 4 (GA4) Analytics

We use Google Analytics 4 to understand how visitors use our website. GA4 collects data such as pages visited, session duration, device type, and geographic location (approximate). This data is processed by Google LLC (USA). GA4 uses cookies and similar identifiers to distinguish users.

• Data collected: page views, events (sign_up, login, purchase), session data, browser/device info
• Data processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Transfer mechanism: EU Standard Contractual Clauses
• Opt-out: Google Analytics opt-out browser add-on or via your browser's cookie settings
• Google's Privacy Policy: policies.google.com/privacy

Meta Pixel (Facebook Pixel) Advertising

We use the Meta Pixel (Pixel ID 1422599199052586) to measure the effectiveness of our advertising on Facebook and Instagram, and to build audiences for remarketing. Meta's pixel fires on page load and on key conversion events (registration, purchase).

• Data collected: page views, custom events (Lead, Purchase), hashed email addresses (on conversion), IP address, browser data
• Data processor: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
• Transfer mechanism: EU Standard Contractual Clauses
• Opt-out: Facebook Ad Preferences or YourAdChoices
• Meta's Privacy Policy: facebook.com/privacy/policy

Our Own Analytics

We also run a lightweight, self-hosted analytics system that tracks page views and feature usage. This data stays on our servers, is never shared with third parties, and is used solely to understand how users interact with the product.

6. Affiliate Links & Disclosures

Some product recommendations on SupplementLabs.ai contain affiliate links to Amazon and iHerb. When you click these links, those platforms may set their own tracking cookies. We earn a commission on qualifying purchases at no additional cost to you. See our Affiliate Disclosure for full details.

• Amazon Associates: We participate in the Amazon Services LLC Associates Program and equivalent EU programs (Amazon.de, Amazon.fr, etc.)
• iHerb: We participate in the iHerb affiliate program

7. AI-Generated Content Disclaimer

All supplement recommendations provided by SupplementLabs.ai are generated by artificial intelligence based on the information you provide. This content is for informational purposes only and does not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before starting any supplement regimen, especially if you have a medical condition or take prescription medications.

8. Third-Party Services

• OpenAI — powers the AI coach. Your messages are processed by OpenAI's API. See OpenAI's Privacy Policy.
• Stripe — payment processing. See Stripe's Privacy Policy.
• Google Analytics 4 — website analytics. See above and Google's Privacy Policy.
• Meta Pixel — advertising measurement. See above and Meta's Privacy Policy.
• Amazon Associates & iHerb — affiliate programs. See above.
• Render / Neon — cloud hosting and database infrastructure.

9. Data Retention

• Account data: retained while your account is active, deleted within 30 days of a deletion request
• Health/wellness data: deleted with your account or on request
• Transaction records: retained for 7 years (legal/tax obligation)
• Analytics data (GA4): retained per Google's data retention settings (default 14 months)
• Server logs: retained for up to 90 days

10. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights under the GDPR:

• Right of access (Art. 15) — request a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate data
• Right to erasure (Art. 17) — request deletion ("right to be forgotten")
• Right to data portability (Art. 20) — receive your data in a machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interests
• Right to restriction (Art. 18) — restrict how we process your data
• Right to withdraw consent (Art. 7(3)) — withdraw at any time where processing is consent-based
• Right to lodge a complaint — contact your local data protection authority (e.g., BfDI in Germany, CNIL in France)

To exercise any of these rights, contact us at info@supplementlabs.ai. We will respond within 30 days.

11. International Data Transfers

Your data may be transferred to and processed in the United States (e.g., by OpenAI, Google, Stripe, Render). We ensure appropriate safeguards through EU Standard Contractual Clauses or equivalent transfer mechanisms as required by GDPR Chapter V.

12. Security

We implement industry-standard security measures including HTTPS encryption, secure password hashing (bcrypt), and AES-256-GCM encrypted storage of sensitive tokens. No method of transmission over the internet is 100% secure.

13. Children's Privacy

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

14. Cookies

We use cookies and similar technologies. Please see our Cookie Notice for full details including cookie types, purposes, and how to manage them.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy with an updated date. Your continued use of our service after changes constitutes acceptance of the updated policy.

16. Contact & Data Controller