Privacy Policy

Last updated: March 4, 2026

1. Overview

NADAC Intelligence ("we," "us," or "the Service") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication, notifications, and password recovery
  • Name — used for display purposes
  • Password — stored as a bcrypt hash (we never store plaintext passwords)

2.2 Google OAuth

If you sign in with Google, we receive:

  • Your Google email address
  • Your Google display name
  • Your Google profile picture URL
  • An OAuth token for authentication (stored securely, not used to access other Google services)

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank account details on our servers. We store only your Stripe customer ID and subscription status to manage your account tier.

2.4 User-Generated Data

We store data you explicitly create through the Service:

  • Watchlist — the drug NDCs you choose to track
  • Price alerts — alert rules you configure (drug, alert type, threshold) and triggered alert history

2.5 Automatically Collected Data

We do not use third-party analytics services (such as Google Analytics). We do not track your browsing behavior across the site. Standard server logs may record IP addresses and request timestamps for security and debugging purposes.

3. How We Use Your Information

  • To authenticate you and maintain your session
  • To manage your subscription and process payments via Stripe
  • To send transactional emails: account verification, password resets, and price alert notifications
  • To display your watchlist and configured alerts
  • To enforce feature access based on your subscription tier

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services that may process your data:

Stripe

Payment processing. Receives your email and payment details. Subject to Stripe's Privacy Policy.

Google OAuth

Optional sign-in provider. We only request basic profile information (email, name, picture). Subject to Google's Privacy Policy.

Resend

Email delivery. Receives your email address and message content for transactional emails. Subject to Resend's Privacy Policy.

5. Cookies and Local Storage

  • Session cookie — an HTTP-only cookie for authentication (required for the Service to function)
  • Theme preference — stored in localStorage to remember your light/dark mode choice

We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

6. Data Retention

  • Account data — retained for the duration of your account
  • Watchlist and alerts — retained for the duration of your account
  • Alert history — retained for the duration of your account
  • Password reset tokens — automatically expire after 1 hour
  • Email verification tokens — automatically expire after 24 hours

7. Data Security

We take reasonable measures to protect your personal information, including:

  • Passwords are hashed using bcrypt before storage
  • Sessions use HTTP-only cookies with JWT tokens
  • Payment data is handled entirely by Stripe (PCI DSS compliant)
  • Database connections use secure configurations

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access your personal data stored in your account
  • Update your account information
  • Delete your account and all associated data
  • Export your watchlist data (available to Professional tier and above)
  • Cancel your subscription at any time

To exercise any of these rights, contact us at the email address below.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

If you have questions about this Privacy Policy or your personal data, please contact us at support@analyticproductions.com.