Privacy information
Version: 2026-04-12
Our terms and privacy policy are intentionally short. Please read what you can expect from staty, and what we expect from users. By using the described staty components (app, feedback form, etc.), you acknowledge all provisions on this page, including text in “Show/hide details” boxes, and also accept the separate terms.
Principles
-
Analysis of the health data in your digital spreadsheets is the one central feature that we care about. That data gets stored only temporarily, and processed only for your analyses and related features, never anything else. No sharing, no usage for feeding external AI models, no processing by third parties, no monetary interests behind this project, no unfavorable privacy changes later on, etc. Only a free and open science tool for everyone. We store and use other, technically needed data for a longer time, as described further down.
-
We consider your health data highly sensitive, even if you may only be noting down seemingly unimportant numbers in your spreadsheets. Unwanted sharing, stealing or loss of the data could lead to severe consequences for users, and we strongly acknowledge this criticality. More importantly, the software development process of staty actually focuses on protecting your data by implementing a secure application with minimal permissions and attack surface for hackers, data storage only while needed, listening to user concerns, monitoring for any problems, and overall good practices regarding security.
-
Users decide what to share outside of the app. There’s no sharing functionality in staty. Data and analysis results are only visible if you’re logged in.
Screenshots are a good choice if you decide to share information with others, which is why we try to display visually-pleasing charts that people can understand.
There are big online communities for discussing health, biohacking and self-experimentation results, for instance on Reddit forums, and of course you have the permission to take and share screenshots at your own discretion (see terms: commercial purposes need permission!). How you describe and use them is your own matter, but don’t blame staty for any misinterpretations, since it’s only a statistical tool.
-
Legal basis: The data we collect is to fulfill the service as explained in the terms (the “contract”). The data controller is me, Andreas Sommer ‒ and I can tell you that I’m well-aware of what data privacy really means. Contact details: see end of this page.
We collect and use your data as follows
This informational website:
- No personal data collection, no cookies, no user behavior tracking
- Logging (= storage) of your IP address, the visited page and performance statistics like success/error code per web page, browser (“user agent string”), detailed versions/timing of request and response. Logs may be used for performance analysis, problem troubleshooting, abuse detection, and other purposes to keep the website stable, error-free and performant. Browser errors may be collected for the same purposes. Logs are retained for up to 3 years.
The staty application (the web-based app that you use after creating an account and logging in with the button “Sign in with Google”):
-
First name, last name, e-mail address, link to the profile picture: for display and communication with you
-
Content of your spreadsheets (from Google Drive) that you specify as data source for health data analyses. Spreadsheet content is considered potential health data and therefore treated with highest sensitivity and privacy protection. The data is only stored temporarily and gets deleted automatically if it gets too old, the user does not actively use it for data analyses, or the user account is suspended or terminated.
-
User configuration: outcomes, functions, steps and other configuration that you do in the application is stored while the account exists. This may include names and values from your spreadsheet health data. For example, you may specify an outcome “Headache strength” and a step to read and process that row from the spreadsheet. This data is treated with the same sensitivity and protection as the full spreadsheet content.
-
Logging: same as for the website (see above), plus…
-
Additional logging
- All actions taken in the application may be logged (examples: analysis requests, configuration changes), often together with the user ID or other information to correlate users and their configuration with logs and potential problems.
- Personal data (e.g. your name) and sensitive personal data (e.g. your spreadsheet content or analysis results) are never logged. Instead, all logging uses anonymization such as IDs instead of names. None of your spreadsheet content is ever logged, but only identifiers (e.g. a spreadsheet/outcome/function/step ID).
- In addition, to check performance and usage statistics of the application features, request and performance parameters may be logged and used to improve the app. For example, that could be the number of analyzed outcomes, size of analyzed data, detailed timing, but not sensitive information such as your health data (spreadsheet content or names that you specify in the configuration, such as “Headache strength”).
- Browser errors may be collected and associated with the user and request ID in order to fix problems
-
Logs may be used for performance analysis, problem troubleshooting, support for reported user problems, and other purposes to keep the application healthy, error-free and performant. They are retained for up to 3 years.
-
When a staty account gets terminated by the user, all data, excluding logs, is deleted within at most 3 months (usually faster), unless other parts of this policy apply
-
If an account gets suspended, it’s like a time penalty, so your data is kept and you’ll get the chance to use the account again
-
If an account was terminated, for example because of abuse, at least your e-mail address (or an anonymized form of it) may be retained for up to 3 years to block re-registering another account with the same e-mail address. The user’s application configuration may be kept for up to 3 months in case the user wants to complain and get the account unsuspended without losing anything.
-
Essential browser cookies or local storage in your browser to enable user login and basic functionality
Feedback form:
- Your full feedback, including e-mail address, may be stored permanently and used as described in the terms. You may inquire that we remove the parts containing personal or sensitive personal data that you sent us. Realistically though, we will rather delete feedback and questions that aren’t needed anymore, for example when they got turned into work tasks, solutions, website or application improvements, etc.
You have the following rights regarding your data
The basic GDPR rights as on every other website or service. You can execute most rights directly in the staty application (self-service; TODO Not implemented yet, stay tuned!).
- Access / data portability: You can get a copy of the personal data we hold about you. In the staty application, open the top-right menu and click on “Privacy” to find an option for viewing your data in both human-readable or machine-readable formats (TODO This is not implemented yet but will be soon. Please write an e-mail instead, for now.). For other cases, for instance if you sent feedback or e-mailed us and want to know whether we still store those messages, please send an inquiry using the contact information below.
- Rectification: The staty application stores your first name, last name and e-mail address as personal data. This data is regularly updated from the source (e.g. Google API), and should therefore automatically be kept up to date. If you see an error in that data, please contact us as shown below.
- Erasure (be forgotten): In the staty application, open the top-right menu and click on “Privacy” to find an option for terminating your account (TODO Will be implemented soon). For other cases, please contact us as shown below.
- Restrict processing: If you believe that our processing is unlawful or too much, you can request restriction of that processing (as an alternative to terminating your account).
- Objection: You can opt out of processing for direct marketing or our legitimate interests, and of automated decision-making, unless there are reasons that override your request. We believe this does not apply to staty at all, but please contact us if needed.
- Detailed information of your rights is accessible in GDPR Chapter 3: Rights of the data subject. Any details or rights not mentioned here still apply and you can contact us about any privacy-related requests.
You can contact us like this:
- If you are a registered user of staty, you have agreed to the terms. Mind that we may suspend or terminate your account if you send abusive or spamy messages. Please be nice and write good questions and inquiries ‒ that helps both you and us.
- E-mail: info@staty.org (we understand English and German)
Severability clause
If any provision of the above policy turns out invalid, illegal or unenforceable, the remaining provisions are not affected and the problematic provision shall be replaced with a rule that works according to the applicable laws, as close as possible to the desired purpose of the provision.
See also
Please read the terms as well.
Anything unclear or missing? Please send us feedback.