Your data, your call.

What we collect, in plain English

When you visit without signing in

• Nothing about you that identifies you, ever.
• Standard server logs (IP address, browser type, page requested) are kept by Netlify for operations and abuse prevention. We do not link these to any person.
• Any verdicts you save go into your browser’s local storage, on your device. They never reach our servers until you sign in.

When you sign in

• Your email address. Used to send you the sign-in link. Nothing else. No newsletters. No marketing. No "you might also like."
• Saved verdicts you choose to save from Henry or Arun.
• Your My Meds list if you choose to keep one. Name, kind (Rx / OTC / supplement / cosmetic), dose, and any private notes you write to yourself.

When you upload a photo of a product or a bottle

• The photo is sent to Anthropic’s Claude vision API so the agent can read the label. Anthropic processes the image to answer the request, then discards it according to their own data policy.
• We do not store your photos. The image never lands in a database, never lands on a disk, never gets backed up. After the agent finishes reading it, only the structured verdict (the text result) is kept, and only if you save it.
• If you scan a bottle to add it to your My Meds list, the photo is processed the same way and discarded after the fields are extracted.

What we never collect

How we secure what we do collect

Encryption

Every page of The Dose loads over HTTPS (TLS 1.2 or higher). Your data is encrypted in transit when it moves between your device and our servers, and encrypted at rest by our database provider (Supabase, on AWS infrastructure, AES-256 disk encryption).

No passwords

We do not store passwords. Sign-in uses a one-time magic link sent to your email. There is nothing on our side to leak in a breach. The link expires after a short window.

Row-level security

Every table that holds your data has database-level rules that prevent anyone from reading your rows except you. Even with full database access, an attacker who is not signed in as you cannot read your saved verdicts or your My Meds list. The rule is enforced by the database itself, not by application code that could be bypassed.

Least privilege

The keys that have read access to your data live only in our server-side environment, never in code that runs in your browser. The browser uses a public key that only has the rights you would give it: read and write your own rows.

Session handling

Signing in stores a token in your browser. Signing out wipes that token from your device and revokes it server-side. On a shared device, sign out before you walk away.

Where this lives

The Dose runs on Netlify (hosting and serverless functions). Authentication and database storage run on Supabase, hosted on Amazon Web Services in the United States. The AI agents are powered by Anthropic’s Claude API. These are widely-used, enterprise-grade providers with their own published security and privacy policies. Their handling of any data we route to them is governed by their own terms, on top of ours.

We do not transfer your data outside of these providers. If we ever need to add a provider that touches your data, this page will be updated before that happens.

A note on HIPAA, FERPA, and other regulations

The Dose is an educational publication, not a healthcare provider, insurer, clearinghouse, or business associate. We are not regulated by HIPAA. We hold no formal patient relationship with you, and nothing on this site is a medical record.

That said, we treat your medication information with the level of care HIPAA-covered entities are required to apply, because we believe that’s the right standard for the kind of data this is, whether the law applies or not.

The Dose is a US-based site. If you are visiting from the EU, UK, or California, you have rights under GDPR, UK GDPR, and CCPA. You can exercise all of them by emailing us at the address below: right of access, right to delete, right to rectify, right to portability, right to object. We will respond within 30 days, usually much faster.

Your controls

• Delete one saved verdict: open My Verdicts, click Delete on the row.
• Delete one med: open My Meds, click Delete on the row.
• Sign out everywhere: click Sign out in the site header. Your local session is cleared and the token is revoked on the server.
• Delete your entire account: email us using the address below with the subject line "delete my account." We will remove your auth record, which cascades to remove every saved verdict and every med you ever added. Permanent. No back doors.
• Export your data: same email address, subject line "export my data." We send back a JSON file with everything we hold on you, usually within a day or two.

If we ever change this

Any meaningful change to what we collect, where it lives, or who can see it gets reflected on this page, with a new "last updated" date at the bottom. If the change broadens our use of your data in any way, signed-in visitors will see an in-app notice the next time they sign in, before the change applies to them.

We will never quietly broaden data use. The whole point of The Dose is to be the place that verifies before you believe; we hold ourselves to the same standard.

Questions, requests, or concerns