Privacy policy

Last updated: March 2026

The short version

We know the topics on this site are deeply personal. So here is the honest summary: we collect what we need to run your account and nothing more. We do not sell your data. We do not show ads. You can delete everything at any time.

  • Your journal entries, chat messages, and submissions are stored securely and tied to your account.
  • AI chat messages are processed by OpenAI to generate responses. OpenAI does not use API data to train their models.
  • Stripe handles your payment details. We never see or store your card number.
  • We do not run analytics or tracking scripts.
  • You can delete your account and all associated data whenever you choose.

What we collect

Account information

When you create an account, we store your email address and a user identifier. Your password is handled by our authentication provider (Supabase) and is hashed — we never see or store it in plain text.

Journal entries

If you use the symptom journal, your entries (notes, severity ratings, dates) are stored in our database and linked to your account. Only you can access them.

AI chat messages

When you use the AI chat, your messages and the AI's responses are stored in our database so you can return to previous conversations. Your messages are also sent to OpenAI's API to generate responses. See "How AI data is handled" below for details.

Experience submissions

If you submit an experience, the content you provide is stored in our database. Submissions are anonymous — they are not publicly linked to your account or email address.

Subscription status

We store whether your subscription is active, when it started, and when it renews. We do not store payment card details — Stripe handles that entirely.

How AI data is handled

This is important, so we want to be clear about it.

  • When you send a message in the AI chat, it is transmitted to OpenAI's API (GPT-4o) to generate a response.
  • OpenAI processes your message to produce a reply, then returns it to us. Under their API data usage policy, OpenAI does not use API inputs or outputs to train their models.
  • Your chat history is stored in our database so you can revisit conversations. You can delete individual conversations or all chat data by deleting your account.
  • We do not share your chat data with anyone other than OpenAI for the purpose of generating responses.

If OpenAI's data practices change in a way that affects your privacy, we will update this policy and notify you.

Payment processing

Payments are handled entirely by Stripe. When you subscribe, you enter your payment details directly into Stripe's secure form. We never see, handle, or store your card number.

What we do receive from Stripe: your subscription status, billing period dates, and a Stripe customer identifier. This lets us know whether your subscription is active.

Cookies

We use cookies for one purpose: keeping you logged in. When you sign in, a session cookie is set by our authentication provider (Supabase). This is a functional cookie — it does not track you across other sites.

We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

Third-party services

We use three third-party services:

  • Supabase — hosts our database and handles authentication. Your account data, journal entries, and chat messages are stored on Supabase infrastructure.
  • OpenAI — processes AI chat messages to generate responses. See "How AI data is handled" above.
  • Stripe — processes subscription payments. Stripe stores your payment details under their own privacy policy.

We do not share your data with anyone else. We do not sell data. We do not use data brokers.

Content sourcing

Some of our educational content is informed by patterns observed in publicly available online discussions. We analyse and aggregate these patterns — we never republish anyone's original words. The source material is public forum posts; we transform and synthesise it into general educational content.

Data retention and deletion

Your data is kept for as long as your account is active. If you delete your account:

  • Your journal entries, chat messages, and account information are permanently deleted from our database.
  • Experience submissions you made will remain on the site, as they are anonymous and not linked to your identity.
  • Stripe will retain transaction records as required by financial regulations, but we will remove your Stripe customer ID from our systems.

If you cancel your subscription but do not delete your account, we retain your data for 30 days in case you choose to resubscribe. After 30 days, your data may be deleted.

Your rights

Wherever you are located, you have the right to:

  • Access — ask us what data we hold about you.
  • Deletion — delete your account and all associated data at any time from your account settings, or by contacting us.
  • Export — request a copy of your data in a portable format.
  • Correction — ask us to correct any inaccurate information.
  • Objection — object to how we process your data.

For UK and EU residents

We are committed to complying with the UK GDPR and EU GDPR. Our lawful basis for processing your data is contractual necessity (we need your account data to provide the service) and legitimate interest (we use aggregated, anonymised patterns to improve our content). You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

Children

LivedSupport is not designed for anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will remove it.

Changes to this policy

We will update this page when our data practices change. The "last updated" date at the top will always reflect the most recent version. For significant changes, we will notify you by email.

Contact

If you have questions about this policy or want to exercise any of your rights, email us at [email protected]. We aim to respond within 48 hours.