Legal

Privacy Policy

How we handle your data. Plain English first, with the legal substance behind it.

Last updated: 27 April 2026

Answer every question in your intake honestly, including the sensitive ones. Your answers are stored securely, used only to generate your report, never sold, never shared with marketers, and deleted on request. The compounds we recommend are based on what you tell us. The more accurate your answers, the more useful your report.

1. Who runs Distil

Distil is a sole-trader business operated by Sebastian Stallard, trading as "Distil". For the purposes of UK GDPR, the data controller is:

Sebastian Stallard, trading as Distil
Service address: Distil, 124 City Road, London, EC1V 2NX
Email: [email protected]

If we incorporate as a limited company in future, this policy will be updated and you will be notified.

2. What data we collect

Your questionnaire answers, your email, your payment confirmation, and a small amount of technical information that lets the site work. That's it.

Information you give us directly

Intake questionnaire answers:including health goals, current medications, supplements, diet, sleep, exercise, and (where you choose to share them) sensitive details such as conditions, pregnancy status, recent medical history, mental health, and reproductive health.
Contact details:first name, last name, email address.
Payment confirmation:Stripe handles your card details directly. We never see or store full card numbers, CVV, or expiry. We receive only a confirmation that payment succeeded, the amount, and a Stripe customer reference.
Journal email signup (optional):if you subscribe to journal updates from a /journal essay, we store your email address, the timestamp, the source page, and your IP address (used only to rate-limit and prevent abuse). You can unsubscribe at any time from any email we send.

Information collected automatically

Essential cookies:see Section 8 below.
Server logs:IP address, request path, timestamp, status code. Used for security and debugging. Retained for 30 days.
Error reports:when something breaks, an anonymised error report is sent to Sentry (see sub-processors below). No questionnaire content is included in error reports.

3. Special category data (sensitive health data)

Your health information is treated with the highest level of legal protection. We collect only what is necessary to generate your report.

Some of the questions ask about diagnosed conditions, medications, mental health, pregnancy, and other matters classified as "special category data" under UK GDPR Article 9. We collect this only with your explicit consent at the point you submit the questionnaire, and we use it only to generate your supplement report.

You are not required to answer any specific question, but the more we know, the safer and more accurate your report will be. Skipping a sensitive question simply means our report will not factor it in.

4. Why we collect it (lawful basis)

What we use it for	Lawful basis (UK GDPR Art. 6)
Generating your report	Performance of contract (Art. 6(1)(b))
Processing your payment	Performance of contract (Art. 6(1)(b))
Sending your report and confirmation emails	Performance of contract (Art. 6(1)(b))
Special-category health data	Explicit consent (Art. 9(2)(a))
Keeping payment records for HMRC	Legal obligation (Art. 6(1)(c))
Security logging and fraud prevention	Legitimate interests (Art. 6(1)(f))
Beta-tester feedback (where invited)	Legitimate interests (Art. 6(1)(f)). Opt-in only
Sending journal updates (where you subscribed)	Consent (Art. 6(1)(a)). Opt-in only, opt-out in every email

5. Who we share it with

We never sell your data. We share it only with the technical providers who make the service work, and only the minimum required.

The following sub-processors receive parts of your data strictly to deliver the service:

Provider	Purpose	Region
Anthropic	Generates your report (Claude AI). Receives your intake answers as the input to the model.	USA. Covered by Anthropic's Data Processing Addendum and Standard Contractual Clauses
Stripe	Payment processing. Receives only your name, email, and payment details. Never your health data.	Ireland (EU) / USA. Standard Contractual Clauses
Resend	Sending your confirmation and report-delivery emails.	EU (eu-west-1, Ireland)
Cloudflare	DNS, edge security, and (planned) report file storage via R2.	USA / global edge. Standard Contractual Clauses
Hetzner	Server hosting (where your report is generated and stored).	Germany (EU)
Sentry	Anonymised error monitoring. Receives no questionnaire content.	Germany (EU)

Each of the above is bound by a written data processing agreement and processes data only on our instructions.

We do not share your data with marketers, advertisers, insurers, employers, supplement brands, or any other third party. We do not sell your data, ever.

6. How long we keep it

Intake answers and reports for 24 months unless you ask us to delete them sooner. Payment records for 7 years (HMRC requires this). Email contact until you ask us to remove you.

What	How long	Why
Intake questionnaire answers	24 months from submission, then auto-deleted	So you can come back for a re-run or comparison; longer than this is unnecessary
Generated reports (HTML)	24 months from generation, then auto-deleted	Same as above
Payment records (transaction confirmations only)	7 years	HMRC tax record-keeping requirement
Email contact details	Until you request erasure	So we can answer follow-up questions or honour future contact
Server logs	30 days	Security and debugging
Error reports (Sentry)	90 days	Sentry default retention

You can request earlier deletion at any time. See Section 7.

7. Your rights

You can ask us for a copy of your data, ask us to correct it, ask us to delete it, or withdraw your consent. Email [email protected] and we will respond within 30 days.

Under UK GDPR you have the right to:

Access your data: get a copy of everything we hold about you.
Rectify:ask us to correct anything that is wrong.
Erase:ask us to delete your data (the "right to be forgotten").
Restrict:ask us to stop processing your data while a question is being resolved.
Object:object to processing based on legitimate interests.
Portability:receive your data in a machine-readable format.
Withdraw consent:at any time, with no detriment to you. Withdrawal does not affect processing already done lawfully before withdrawal.
Complain to the ICO:if you believe we have mishandled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

To exercise any of these rights, email [email protected]. We respond within 30 days. We may ask for proof of identity before releasing or deleting data.

8. Cookies

We use two cookies, both essential. We do not use any analytics, marketing, or tracking cookies.

The site sets only the following essential cookies:

Cookie	Purpose	Duration
`beta_master`	Authenticates beta-period access via the site password.	12 hours
`beta_token`	Authenticates a beta-tester invite token.	7 days

Both are HttpOnly, Secure in production, and SameSite=Lax. They are exempt from consent requirements under PECR Regulation 6(4) (strictly necessary for the service you have requested).

In plain English

We use Cloudflare's Web Analytics to count page views and see roughly where our visitors come from. It does not set any cookies, does not fingerprint you, and does not track you across other sites. We never see who you are individually from analytics, only aggregate numbers like "37 people opened the questionnaire today".

We use Cloudflare Web Analytics for aggregate traffic measurement. It is cookieless, does not set any client-side identifiers, does not use device fingerprinting, and is enabled at the Cloudflare proxy layer (no third-party JavaScript runs in your browser for this purpose). The data we receive is aggregate: page-view counts per URL, anonymous referrer (which site sent you here), country (not city or IP), and browser/device class. No personally identifiable information is collected, stored, or shared. This processing is exempt from consent requirements under PECR Regulation 6(4) on the basis that it is anonymous statistical measurement strictly necessary for service operation, and is in any case carried out by Cloudflare in their capacity as our infrastructure provider. Cloudflare's analytics retention is 6 months. If we ever introduce richer analytics with cookies or personal identifiers, we will update this policy and provide a clear opt-in.

9. Security

Data is transmitted over TLS 1.2+ and stored on servers in Germany (Hetzner) and on Cloudflare's edge (where applicable). Access to production systems is restricted by SSH key authentication. Stripe handles all card data; we never see it. Special-category health data is logically separated from contact identifiers in our systems wherever possible.

No system is perfectly secure, and we will not promise otherwise. If we ever experience a personal data breach that meets the UK GDPR threshold, we will notify the ICO within 72 hours and notify affected users without undue delay.

10. International transfers

Some of our sub-processors (Anthropic, Stripe, Cloudflare) operate in the USA. Where data is transferred outside the UK/EEA, we rely on the UK Addendum to the EU Standard Contractual Clauses, plus the UK Government's adequacy decisions where relevant, to maintain UK GDPR-equivalent protection.

11. Children

Distil is for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has used the service, please contact us and we will delete the data.

12. Changes to this policy

If we change this policy in any material way, we will update the "Last updated" date above and, if you have an active intake or report on file with us, we will notify you by email. Minor wording fixes will not be notified individually.

13. Contact

Questions, requests, or complaints about how we handle your data:

Email: [email protected]