All payments made in the preview are in test mode. Read more
Group Test Hub

GroupTestHub — Privacy Policy

Effective Date: April 28, 2026

GroupTestHub (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

By using the Platform, you agree to the practices described in this Privacy Policy.

1. Information We Collect

A. Information You Provide Directly

  • Authentication data (Supabase Auth): Email address, hashed password, email verification status, authentication provider (email or Google OAuth if enabled), last sign-in timestamp and IP.
  • Profile data: Alias (public display name), avatar/profile picture (stored in Supabase Storage “avatars” bucket).
  • Role assignments: Data in user_roles table.
  • Group participation: Memberships, roles within groups, contributions.
  • Documents: Uploaded PDFs/images (third-party COAs, lab results) stored in Supabase Storage; external COA links.
  • Shipping/tracking: Tracking numbers you voluntarily provide.
  • Payment data: Status, amounts, Stripe reference IDs. We do not store credit card numbers — Stripe handles all payment details.

B. Automatically Collected Information

  • IP address, browser type, operating system, device identifiers, usage analytics, cookies/session storage.

C. Information from Third Parties

  • Payment metadata from Stripe.
  • Authentication data from Google (if used).
  • Limited shipping/compound information shared with partner laboratories.

2. How We Use Your Information

To create/manage accounts, facilitate group tests and payments, send transactional emails, provide support, improve the Platform, detect fraud, and comply with legal obligations.

3. Third-Party Processors

  • Lovable Cloud / Supabase — Hosting, database, auth, storage (data processed in US/Europe regions).
  • Stripe, Inc. — Payment processing (see Stripe Privacy Policy).
  • Google — Authentication (if you use Google OAuth).
  • Cloudflare Workers — Edge runtime.
  • Resend (or email provider) — Transactional emails via notify@grouptesthub.com.
  • Partner laboratories (Janoshik, ChemYo, Labmax, Swiss Scientific, etc.) — Receive only shipping address and compound info needed to perform testing.

4. Email & Notifications

Transactional emails sent from notify@grouptesthub.com for:

  • Payment confirmations
  • Payment notifications to Managers
  • Late-join store credit grants
  • Authentication emails (signup, magic link, recovery, email change, etc.)

Non-essential emails include unsubscribe options. Manage preferences in account settings.

5. Cookies & Tracking

  • Supabase auth/session cookies (essential)
  • Stripe checkout cookies
  • Analytics cookies (if implemented)
  • Local/session storage for app state

EU/UK users: Cookie consent banner available if required.

6. Your Privacy Rights

Access, Correction, Deletion: Available in account settings or by contacting support@grouptesthub.com.

Data Portability: Request a portable copy of your data.

GDPR (EU/EEA/UK): Additional rights to object/restrict processing and lodge complaints with your supervisory authority. Lawful bases: contract, legitimate interests, consent. Contact privacy@grouptesthub.com.

CCPA/CPRA (California): Right to know, delete, and opt-out of sale. We do not sell personal information.

COPPA: Platform not for children under 13. We do not knowingly collect data from children under 13.

7. Data Retention & Security

Retention

  • Active accounts: While account is active.
  • Financial records: Minimum 7 years (legal/tax requirement).
  • Group history/results: Retained in anonymized form to support other participants.
  • Deleted accounts: Personal identifiers removed or anonymized; transaction/group history retained in anonymized form.

Security

  • Row-Level Security (RLS) on every table
  • Encryption at rest and in transit
  • Role-segregated access via has_role() security definer functions
  • Regular audits and least-privilege access

Breach Notification

We will notify affected users and authorities as required by law (CCPA, GDPR, state laws) without undue delay.

8. Public Visibility — Be Explicit

  • Public groups: Discoverable; alias + metadata visible to all registered users. Results can be made public (irreversible).
  • Community groups: Results always public, no opt-out.
  • Aliases: Once used, your alias becomes a public identifier visible to other group members and (in Public/Community mode) to all registered users.

9. International Data Transfers

Our infrastructure (Supabase/Lovable Cloud, Cloudflare) processes data primarily in the United States and Europe. If you are outside the US, your data will be transferred to these regions. For EU/EEA/UK users, we use Standard Contractual Clauses (SCCs) and other appropriate safeguards. Contact us for details.

10. Changes to This Privacy Policy

We may update this Policy at any time. Material changes will be notified via in-app banner or email. Continued use after changes constitutes acceptance.

11. Contact Us

privacy@grouptesthub.com
Create The World, LLC dba Group Test Hub
Elgin, Illinois, USA

For GDPR matters, contact our Data Protection Officer at the same address.

See also our Terms of Service.