Privacy Policy
Last updated: January 2026
TL;DR
You may know us as "The Health Integrity Project". In this policy, we may be referred to as "we", "our", or "us".
We started this project because we care about data and science integrity, transparency, and making that information available for people. We value data privacy as much as this project and consider protecting your data an absolute must.
We believe that you should not have to provide non-public personal information to get access to scientific knowledge. You do not have to provide things like your real name, address, or date of birth to sign up for a regular user account. For expert and researcher accounts that create content with their knowledge/expertise, we do require personal information to validate their credentials—that's fundamental to keeping this project integral.
We do not sell or rent your information to anybody and we will do our best to keep the amount of data we collect from you and the number of third parties involved to the minimum necessary to keep this site running and make it better for you.
1. About this Privacy Notice
This Privacy Policy applies to the personal information we collect about you through our website or when you communicate with us. You have rights in relation to how we use your personal information.
By using our website, you represent that you are at least 16 years of age. We do not knowingly advertise to, or collect personal information from, any individual under the age of 16. If we become aware that we have collected personal information from someone under 16, we will suspend any services we are providing and delete that personal information immediately.
2. Definitions, Data & Metadata
| Term | Meaning |
|---|---|
| The Health Integrity Project, us, we, our, the project, HIP | The Health Integrity Project team that operates the site |
| Our services, the website | The Health Integrity Project websites, emails, and notifications; excluding third-party sites and services that have their own privacy policies |
| Personal Information | Information you provide or we collect that relates to you or could identify you: real name, email address, password, IP address, user-agent information, picture, location, website, social media identifiers, education and professional information |
| Contributions | Content you add or changes you make to any HIP Sites |
| User account | An account you can sign up for and use to browse the HIP Sites |
| Expert or Researcher account | An account you are invited to by the HIP team, requiring a vetting process |
| Third parties | Individuals, entities, websites, services, products, and applications not controlled by HIP, including other users and independent organizations |
About Metadata
Metadata collection helps improve your user experience, but you may remove or disable some or all locally stored data through your browser settings.
- Cookies: We use cookies to understand how you use the HIP Sites, make our services safer and easier to use, and create a better experience. See the Cookies We Use table below.
- IP Addresses: When you visit our website, we automatically receive your device's IP address, which could determine your geographical location.
- Browser Data: We receive information including device type, unique device IDs, browser type and version, language preference, operating system, internet service provider, referring website, pages visited, and timestamps.
- Local Storage: We use technologies like local storage and session storage to deliver our services. This may include text, Personal Information (like your IP address), and usage information (like your username or visit time).
Cookies We Use
We only set analytics cookies if you click "Accept analytics" in the cookie banner. You can change your choice at any time using the Cookie Settings link in the footer. No advertising, remarketing, or cross-site tracking cookies are used.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique visitors anonymously | 2 years |
_ga_<ID> | Google Analytics | Persists session state for the GA4 property | 2 years |
hip-consent-v1 | HIP (local storage) | Remembers your cookie banner choice | Until cleared |
Google Analytics is configured with IP anonymization, Google signals disabled, ad personalization disabled, and a 2-month data retention window.
3. Personal Information We Collect, How & Why
Data Controller
For the purposes of the General Data Protection Regulation (GDPR), "The Health Integrity Project" is a "Data Controller".
Information We Collect
- Account login and contact details such as your name and email address
- For experts: picture, expertise area, years of experience, location, personal website/company name, education credentials
- Website and social media details such as profile names you choose to share
- Images, photos, and user-generated content
- Device information such as IP address, device ID and type, location, activity logs, browser type, language, time zone
How We Collect It
- When you access and use our website via technologies described in the Metadata section
- When you create an account
- When you contact us with an inquiry or complaint
- When you engage with us on social media
- When you apply for membership as an expert/researcher
- When you respond to a survey
Why We Collect It
- To provide you with our services
- To update you with new content on our website and via email (with your consent)
- To engage with you on social media
- To review applications for expert/researcher recruitment
- To improve and optimize our website
- To collect survey feedback to improve content
- For accounting, audit, legal, and internal purposes
4. Marketing
We do not broker, rent, or sell your personal information to third parties.
5. Disclosure To Third Parties & Cross-Borders
We share the minimum amount of your personal information to pursue our legitimate interests in a way that does not materially impact your rights, freedom, or interests.
These third parties include:
- Service providers who perform functions on our behalf (e.g., cloud storage providers)
- Government regulatory bodies and law enforcement agencies as required by law
- Anyone else to whom you authorize us to disclose it
Should we transfer your personal data outside of the United States, we will ensure that a similar degree of protection is afforded by ensuring those countries provide an adequate level of protection for personal information.
Our Third-Party Providers
| Third Party | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database services | supabase.com/privacy |
| Google Inc | Authentication | google.com/policies/privacy |
| Zoho Email | Email services | zoho.com/privacy |
| Netlify | Website hosting | netlify.com/privacy |
| Google Analytics | Aggregated, anonymous traffic measurement (only with your consent) | policies.google.com/privacy |
| Buttondown | Newsletter services | buttondown.com/legal/privacy |
Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Terms of Service.
6. Your Rights
Disclosure of Your Personal Information
You may request that we disclose the personal information we hold about you, including a copy and details of our processing activities (what we collect, how we use it, and any third parties with whom we share it). You may also request your information in a portable format (structured, commonly used, machine-readable) to transmit to another entity.
We may limit or reject requests where the burden would be disproportionate, where other persons' rights would be violated, or as required by law.
Modification of Personal Information
Please notify us if your personal information is inaccurate or incomplete. You may request to update or correct your information via the link on our website footer.
Objection & Restriction
You may object to your personal information being processed in certain circumstances, or where we do not have a lawful basis. You may restrict processing where you are contesting accuracy, where we lack lawful basis, to oppose erasure, or if you are exploring your right to object.
Right to Deletion ("Forget Me")
You may request that we delete your personal information. If you make a request, we will delete your personal information.
Withdrawing Consent & Opting Out
You may withdraw your consent at any time. If you do, we will only communicate with you where necessary to complete our obligations.
When You Exercise Your Rights
We will continue to provide you with the same service as all our users. However, where you do not supply certain information or request its deletion, we may be delayed or prevented from satisfying your request.
Complaints
If you have a complaint about how we handle your personal information, please contact us via the link on our website footer.
Verifying Your Identity
We take privacy seriously. If you contact us to make an enquiry or exercise your rights, we may ask additional questions to verify your identity.
7. Security
We take all reasonable security measures to ensure your personal information is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
We use Secure Sockets Layer (SSL) technology to protect your online information. SSL encrypts all information including personal data, providing security by encrypting all data transmissions.
No method of transmission over the internet using industry standard technology is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information, but we will always try our best.
If we ever experience unauthorized access, disclosure, or use of your personal information, we will follow our processes to notify you and the relevant government body in accordance with relevant laws.
Retention
We will only keep your data for as long as necessary for the purpose for which it was collected, subject to legal, accounting, or reporting requirements.
At the end of any retention period, your data will either be deleted completely or anonymized (for example, by aggregation with other data so it can be used for statistical analysis and business planning in a non-identifiable way).
Non-Personal Information may be retained indefinitely as appropriate.
8. Sharing Information Online & Links To Other Websites
We may make available opportunities for you to share information online like social media or blogs. Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, or dissemination of publicly disclosed personal information.
Sometimes our website may contain links to third-party websites. We are not responsible for the content or privacy practices of third-party websites. We suggest you review the privacy policy of each website you visit.
9. Updating Our Privacy Policy
Privacy laws and our practices change over time and may result in changes to our Privacy Policy. We reserve the right to modify this Privacy Policy at any time.
Any changes will be effective upon publication on our website and will replace any other privacy policy published by us to date. Your continued use of our services after publication of any modified privacy policy indicates your acceptance of the updated Privacy Policy.
Any material changes will be notified to you in a manner we consider appropriate, such as via email (if we have your contact information) or a popup when you access our website.
10. How To Contact Us
If you have any enquiries about your account, questions or complaints about how we handle your personal information, or you want to request a copy or deletion of your data, you can contact our Privacy Officer via email at legal@healthintegrityproject.org