Privacy policy
Last updated: July 5, 2026
Rogue Receptor ("we," "us," or "our") operates the website roguereceptor.com and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We take your privacy extremely seriously — especially because our platform handles health-related information.
Information we collect
Information you provide directly
When you create an account or use our services, you may provide:
- Email address (for account creation and magic link authentication)
- Name (optional, for personalization)
- Medications and supplements you take (your "stack")
- Health vitals you choose to log (blood pressure, weight, blood sugar, heart rate)
- Medical documents you upload to your prescription vault (prescriptions, lab results, insurance cards)
- Photos of your medicine cabinet (for our AI identification feature)
- Date of birth, gender, height, and weight (optional, for BMI and dosage calculations)
- Payment information (processed by DodoPayments — we never see or store your full card number)
Information collected automatically
When you visit our site, we automatically collect:
- Device type, browser type, and operating system
- IP address (anonymized for analytics)
- Pages visited, time spent, and interaction patterns
- Referral source (how you found us)
Information we do not collect
- We do not collect Social Security numbers
- We do not collect insurance policy numbers (unless you voluntarily upload them to your vault)
- We do not collect genetic or genomic data
- We do not access your phone's contacts, messages, or call history
How we use your information
We use the information you provide to:
- Analyze your medication and supplement stack for potential interactions
- Generate personalized daily timing schedules
- Identify nutrient depletions caused by your prescriptions
- Store your health documents securely in your prescription vault
- Send you dosage reminders (only if you opt in)
- Generate doctor letter PDFs at your request
- Improve our interaction database and algorithms
- Send transactional emails (account verification, password resets, receipts)
How we protect your data
Encryption
All data is encrypted in transit using TLS 1.3. Health data stored in our database is encrypted at rest. Documents uploaded to your prescription vault are stored in encrypted cloud storage (Cloudflare R2) and are only accessible through your authenticated session.
Access controls
Access to user health data is strictly limited to automated systems that process your interaction checks and analysis requests. Our team does not routinely access individual user health data. In the rare cases where we need to investigate a technical issue, access is logged, limited to the minimum necessary data, and conducted by authorized personnel only.
Data minimization
We only collect the data necessary to provide our services. We do not build advertising profiles from your health data. We do not sell your data. Ever.
Data sharing and disclosure
We never sell your data
We do not sell, rent, lease, or trade your personal or health information to any third party for any purpose, including advertising.
Third-party service providers
We share limited data with the following service providers who help us operate our platform:
- Anthropic — our AI provider. When you run a stack analysis or use the photo scan feature, your medication list is sent to Anthropic's API for processing. Anthropic does not use this data to train their models and deletes it according to their data retention policy.
- Vercel — our hosting provider. They process web requests but do not access your health data.
- Cloudflare — stores uploaded documents and photos. Data is encrypted at rest.
- Neon (PostgreSQL) — our database provider. Stores your account and health data with encryption at rest.
- Resend — sends transactional emails (magic links, receipts). Only receives your email address.
- DodoPayments — processes payments. We never see or store your full payment card details.
Legal requirements
We may disclose your information if required by law, legal process, or governmental request. We will notify you of such requests unless prohibited by law.
Your rights and choices
- Access: You can view all data we hold about you at any time from your account settings.
- Export: You can export all your data (stack, vitals, analyses) in standard formats (CSV, JSON) from your dashboard.
- Correction: You can update or correct any information in your profile at any time.
- Deletion: You can delete your account and all associated data at any time. Deletion is permanent and cannot be undone. We will delete all your data from our active systems within 30 days and from backups within 90 days.
- Opt out of emails: You can unsubscribe from marketing emails at any time. Transactional emails (password resets, security alerts) cannot be disabled while your account is active.
- Disable reminders: You can turn off all reminders from your account settings.
Data retention
We retain your data for as long as your account is active. If you delete your account, we delete all your data within 30 days from active systems and within 90 days from encrypted backups. Anonymized, aggregated data (such as "X% of users taking Drug A also take Supplement B") may be retained indefinitely as it cannot be traced back to any individual.
Children's privacy
Rogue Receptor is not intended for use by individuals under the age of 18 without parental or guardian involvement. Our Family plan allows parents and guardians to manage profiles for minor dependents. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately and we will delete it.
International data transfers
Our servers and service providers are located in the United States and other countries. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to such transfers. We ensure appropriate safeguards are in place with our service providers.
HIPAA notice
Rogue Receptor is a consumer health information tool, not a covered entity under HIPAA (the Health Insurance Portability and Accountability Act). We are not a healthcare provider, health plan, or healthcare clearinghouse. While we are not legally required to comply with HIPAA, we voluntarily implement security practices that align with HIPAA standards, including encryption, access controls, and audit logging, because we believe your health data deserves that level of protection regardless of legal requirements.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes affecting how we handle health data, we will also notify you via email.
Contact us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
- Email: privacy@roguereceptor.com
- Website: roguereceptor.com/privacy