Privacy Policy
This Privacy Policy explains how Rabbits Foot Ltd (“we”, “us”, “our”) collects, uses and protects your personal data when you use stackr.bio (the “Service”). We are the data controller for the personal data processed through the Service, and we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Rabbits Foot Ltd
Company Registration No: 08885404 (England & Wales)
Registered Office: 1 Spice Court, Ivory Square, Plantation Wharf, London, SW11 3UE, United Kingdom
Contact: hello@stackr.bio
2. What data we collect
- Account data — email address, username, hashed password, and (optionally) display name when you create an account.
- Quiz responses — demographic and goal information you choose to submit (e.g. age range, sex, goals, experience level) to generate a peptide stack recommendation.
- Recommendation history — the stacks generated for you and any you choose to save or share publicly via your profile page.
- Technical data — IP address, user agent, request timestamps, and basic server logs used to operate, secure and rate-limit the Service.
We do not knowingly collect data from children under the age of 18. The Service is not intended for minors.
3. How we use your data and our lawful bases
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Provide the core Service (account, quiz, recommendations) | Performance of a contract |
| Operate, secure and debug the Service; prevent abuse | Legitimate interests |
| Comply with legal, tax and regulatory obligations | Legal obligation |
| Display public profile pages where you opt in | Consent (you can withdraw at any time) |
4. Sharing your data
We do not sell your personal data. We share it only with trusted processors that help us run the Service (for example: hosting, database and email infrastructure providers). These processors act under written contracts that meet UK GDPR requirements.
We may disclose data where required by law, by a court order, or to protect the rights, property or safety of Rabbits Foot Ltd, our users or others.
5. International transfers
Where data is transferred outside the UK, we rely on UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses with the UK Addendum.
6. How long we keep your data
- Account and recommendation data: for as long as your account is active. If you delete your account we remove or anonymise it within 30 days, except where we must retain records to meet legal obligations.
- Server and security logs: typically up to 90 days.
- Anonymous, aggregated analytics: may be retained indefinitely as it no longer identifies you.
7. Your rights
Under UK GDPR you have the right to:
- access a copy of the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data (the “right to be forgotten”);
- restrict or object to processing;
- data portability;
- withdraw consent at any time where processing is based on consent; and
- lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise any of these rights, email hello@stackr.bio. We will respond within one month.
8. Security
We use industry-standard measures to protect your data, including TLS-encrypted connections, hashed passwords, restricted access, and rate-limiting on sensitive endpoints. No system is completely secure, and you remain responsible for keeping your password confidential.
9. Cookies
See our Cookie Policy for details of the cookies we use.
10. Changes to this policy
We may update this policy from time to time. The “Last updated” date above shows when it was last revised. Material changes will be notified through the Service.