Editorial reviews. Affiliate fees from some providers don't affect rankings. Disclosure

Legal · Effective 2026-05-14

Privacy Policy

What we collect, how we use it, and your rights under GDPR + CCPA.

Hormonal Health Portal Editorial (Hormonal Health Portal) operates this site from Monaco. This policy explains what we collect, why, how long we keep it, and your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).

We do not collect protected health information (PHI).We are not a healthcare provider and are not subject to HIPAA. Our content is informational. If you contact a telehealth brand through our site, that brand's privacy policy governs the health information you share with them — not ours.

1. What we collect

1.1 Information you provide

  • Email address when you join our newsletter or request a personalized report from a tool. We send this to our email provider (Beehiiv) for delivery.
  • Contact form messages when you email us directly.
  • Tool inputs (quiz answers) — anonymous by default. If you submit an email at the end of a tool, your answers are associated with that email so we can send a personalized summary. Otherwise quiz answers are not retained per user.

1.2 Information collected automatically

  • Anonymous session ID — a random UUID stored in an httpOnlycookie for up to 30 days. Used to attribute affiliate clicks and prevent double-counting. Not linked to your identity.
  • Affiliate click metadata — when you click an affiliate link, we log the brand, placement, page you came from, user agent, country, and a truncated IP address (last octet zeroed). We do not log full IP addresses beyond 24 hours.
  • Analytics — we use a self-hosted, cookieless analytics tool (Plausible) that does not identify individual users.

1.3 What we never collect

  • Health conditions, diagnoses, medications you take, or any clinical information
  • Real (non-anonymized) IP addresses beyond 24 hours
  • Cross-site tracking identifiers
  • Information from anyone we know to be a child under 16

2. Why we use this information (GDPR Article 6 bases)

  • Newsletter delivery — consent (Article 6(1)(a))
  • Affiliate click logging — legitimate interest (Article 6(1)(f)), narrowly for revenue attribution and fraud prevention
  • Site analytics — legitimate interest, in aggregate / cookieless form
  • Responding to contact-form messages — consent

3. Sharing

We share data with the following categories of processors, under data processing agreements:

  • Beehiiv — newsletter email delivery
  • Cloudflare — DNS, CDN, DDoS protection
  • Backblaze B2 — media storage and database backups
  • Affiliate networks (Impact, CJ, ShareASale, Awin, Rakuten) — we pass an anonymous click ID so they can attribute conversions back to our site

We do not sell personal information.

4. Retention

  • Newsletter email: until you unsubscribe, then 30 days for cleanup
  • Session cookie: 30 days from last use
  • Affiliate click logs: 24 months for tax/audit purposes, then deleted
  • Full IP addresses in server logs: 24 hours, then truncated
  • Truncated IPs in click logs: 30 days
  • Database backups: 30 days daily, 12 months monthly snapshots

5. Your GDPR rights (EU/EEA/UK residents)

You can:

  • Request access to the personal data we hold about you
  • Request correction or deletion ("right to be forgotten")
  • Withdraw consent for newsletter at any time (the unsubscribe link in every email)
  • Object to processing based on legitimate interest
  • Request data portability
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@example.com or our Data Protection Officer at dpo@example.com. We respond within 30 days.

6. Your California rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete personal information we have collected
  • Correct inaccurate personal information
  • Opt out of sale or sharing — we do not sell or share for cross-context advertising
  • Limit use of sensitive personal information — we do not collect sensitive personal info as defined by CPRA
  • Non-discrimination for exercising these rights

To exercise these rights, email privacy@example.com. We respond within 45 days.

7. Cookies

We use the following cookies:

CookiePurposeLifetimeCategory
sidAnonymous session for affiliate click attribution30 daysStrictly necessary
consentRemembers your cookie consent choices12 monthsStrictly necessary

8. Children

This site is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have, contact privacy@example.com and we will delete it.

9. International transfers

We are based in Monaco. Our hosting provider, backup storage, and email provider operate in the EU. Our affiliate networks may operate from the US under appropriate safeguards (Standard Contractual Clauses where required).

10. Changes

Material changes to this policy are announced in the site footer for 30 days and via email to newsletter subscribers. Minor edits (clarifying language, typos) are made without notice but always carry an updated effective date at the top of this page.

11. Controller

Data controller:
Hormonal Health Portal Editorial
[To be confirmed — registered office address, Monaco]
Email: privacy@example.com
DPO: dpo@example.com

Related: Terms of use · Affiliate disclosure