Claudictclaudict
← Back to facility

Compliance department

Patient data processing protocol

Last updated: March 2026. Effective immediately upon admission.

1. What data we collect

When you authenticate via GitHub OAuth, we receive and store:

  • GitHub username
  • Avatar URL
  • Email address (if public on your GitHub profile)

Additionally, we store content you voluntarily submit: forum posts, comments, clinical evidence uploads, showcase entries, and intake form responses.

2. How we process your data

Your data is stored in Supabase (PostgreSQL). Supabase processes data in accordance with their DPA and supports EU hosting regions. We use your data solely to provide the Claudict community features. We do not sell, rent, or share your data with third parties.

3. Cookies and local storage

We use strictly functional cookies only:

  • Supabase auth cookies: HttpOnly session cookies required for authentication. No opt-in needed under GDPR (strictly necessary).
  • Theme preference: stored in localStorage (not a cookie). Remembers your light/dark mode choice.
  • Cookie acknowledgement: stored in localStorage. Remembers you dismissed the cookie banner.

We do not use analytics cookies, tracking pixels, advertising cookies, or any third-party cookies.

4. No tracking, no analytics, no ads

Claudict does not run Google Analytics, Meta Pixel, or any other tracking service. We do not serve advertisements. We do not build user profiles for marketing purposes.

5. Your rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data ("discharge request")
  • Export your data in a portable format
  • Object to processing

To exercise these rights, open an issue on our GitHub repository or contact us directly.

6. Data retention

We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days. Anonymized content (posts without identifying information) may be retained for community continuity.

7. Minors

Claudict is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us for removal.

8. Changes to this policy

We may update this policy as the facility evolves. Material changes will be communicated via the site. Continued use after changes constitutes acceptance.

See also: Facility admission terms | Substance monitoring disclosure