Security & Anonymity

Updated March 9, 2026

Structural anonymity

Anonymity is not a promise — it's architecture. Here's how it works in practice.

Email encrypted AES-256-GCM with key versioning, never stored in plaintext

No real name — only a public_handle (pseudonym) is used

No nominative server logs — no IP ↔ identity association

Photos RAM-only — raw photo is never written to disk

Lab documents RAM-only — source file is never stored

Face blurred by default — disableable by user choice

Automatic genital censorship — non-disableable, systematic

UUIDs everywhere — data is linked to technical identifiers, not people

The breach scenario — "What if we get hacked?"

stacksnstats.db — full breach simulation

# 100% database dump — what an attacker sees

user_id        a1b2c3d4-e5f6-7890-abcd-ef1234567890
email          [AES-256-GCM encrypted blob]
public_handle  IronForge42
created_at     2026-XX-XX
tier           smarter

protocols      Test E 250mg/wk, Arimidex 0.5mg E3D
health_logs    BP 128/82, Weight 87.3kg, HR 68bpm
bloodwork      Testosterone 1247 ng/dL, Hematocrit 51.2%
photos         [processed — face blurred, genitals censored]
reports        [AES-256-GCM encrypted blob]
billing        paddle_txn_abc123 (useless without Paddle)

UUIDs, encrypted blobs, and health data with no name attached. Impossible to know who they belong to.

Infrastructure

Hosting	Scaleway, France — ISO 27001 certified and HDS (Hébergeur de Données de Santé). See Scaleway security page.
Database	Supabase self-hosted — no third-party cloud, RLS (Row Level Security)
Backups	Daily pg_dump encrypted with GPG — 30-day rotation
Photos & lab docs	RAM-only processing, never raw file in storage
Transactional emails	Scaleway TEM — same datacenter, no external transit
Encryption	AES-256-GCM (email, reports), bcrypt (passwords), HTTPS everywhere

Hosting

Scaleway, France — ISO 27001 certified and HDS (Hébergeur de Données de Santé). See Scaleway security page.

Database

Supabase self-hosted — no third-party cloud, RLS (Row Level Security)

Backups

Daily pg_dump encrypted with GPG — 30-day rotation

Photos & lab docs

RAM-only processing, never raw file in storage

Transactional emails

Scaleway TEM — same datacenter, no external transit

Encryption

AES-256-GCM (email, reports), bcrypt (passwords), HTTPS everywhere

What we DON'T protect (honesty)

This section is what separates a real security page from marketing bullshit.

—No E2E: protocol and health data are readable server-side (required for AI to work). Structural anonymity compensates — even readable, this data can't be linked to a real identity.
—Email can be decrypted: we hold the server key. In the event of a court order, we can technically decrypt the email.
—Paddle knows the payment identity: the Merchant of Record (Paddle, UK) holds billing data. StacksnStats only receives a transaction ID. Linking the payment to the account requires data from both sides — two jurisdictions (France + UK), two separate legal procedures.
—Crypto ≠ total anonymity: crypto payments go through NOWPayments which may have its own compliance obligations. But the link is even more indirect — three potential actors needed to link payment to an identity.
—US AI: data sent to Claude API transits through the USA. It's cleaned and not retained, but the theoretical risk exists (CLOUD Act, FISA). Disableable in settings.
—Limited photo detection: only the face and genital areas are detected automatically. Tattoos, scars and other distinctive marks are NOT detected — user's responsibility.

Legal details

Contact: contact@stacksnstats.io — response within 30 days (GDPR Art. 12(3))

Host: Scaleway SAS, 8 rue de la Ville l'Évêque, 75008 Paris