Privacy Policy
Last updated: 2026-05-23. Operator: Lattice (operated by Vincent Couey).
RxGrab is committed to transparency about what data we collect and which third parties touch your data when you visit. This page lists every data category, every ad and affiliate network, and how to exercise your privacy rights.
Health Information Disclaimer
RxGrab publishes educational content about medical topics. We do not collect, store, or transmit protected health information (PHI) as defined under HIPAA. RxGrab is not a covered entity or business associate under HIPAA. Tool inputs (medication lists, dosage calculations, supplement stacks) are stored only in your browser's localStorage and are never transmitted to our servers.
Information We Collect
- Analytics events: page views, referrer, browser type, country (derived from IP and discarded), device class. Collected via Google Analytics 4 and/or Cloudflare Web Analytics. We do not collect raw IP addresses for long-term storage.
- Cookies: we set no first-party tracking cookies. Third parties listed below may set their own cookies (ad measurement, affiliate attribution).
- localStorage: our interactive tools (calculators, savings estimators, dosage checks, savable lists) store your inputs locally in your browser. This data is never transmitted to our servers.
- Email address: only if you voluntarily subscribe to our newsletter. Stored and delivered via Kit (ConvertKit). Unsubscribe anytime.
- Server logs: Cloudflare records standard HTTP request logs (IP, user agent, path, status) for security and abuse prevention. Retention is governed by Cloudflare's policies; we do not retain or analyze these logs separately.
Third-Party Ad Networks and Affiliate Partners
RxGrab earns revenue through display advertising and affiliate partnerships. Each partner operates under its own privacy policy:
- Skimlinks: Affiliate link management. Skimlinks may set a cookie to attribute commissions on outbound clicks. The cookie does not contain personal information.
- Google AdSense: Display advertising. AdSense may set advertising cookies to serve relevant ads. Opt out of personalized ads at adssettings.google.com.
- Kit (formerly ConvertKit): Email newsletter delivery (only when you voluntarily subscribe). Stores your email address and subscription preferences.
- Cloudflare: Hosting, CDN, edge security. Standard request logs only.
- Google Analytics 4: Aggregate site usage analytics. We use IP anonymization where available.
How We Use Your Data
- To improve content and tools based on which pages and features are most useful.
- To deliver newsletter emails you have opted into.
- To attribute affiliate commissions on outbound product links.
- To prevent abuse and protect site availability.
We never sell personal data to third parties. We do not share email addresses with any party outside Kit, our email infrastructure provider.
Your Rights: California (CCPA / CPRA)
California residents have the right to know what categories of personal information we collect, to request deletion of personal information we hold about you, and to opt out of the sale or sharing of personal information. RxGrab does not sell personal information as defined by the CCPA. To exercise your rights, email vinnycouey@gmail.com with the subject line "CCPA Request" and we will respond within 45 days.
Your Rights: European Union / United Kingdom (GDPR / UK GDPR)
If you are located in the EU, UK, or EEA, you have the right to access, rectify, erase, restrict processing of, or port personal data we hold about you, and the right to object to processing. Our legal basis for processing analytics data is legitimate interest (operating and improving the site); our basis for email processing is consent (you opted in). To exercise these rights, email vinnycouey@gmail.com with the subject line "GDPR Data Subject Request" and we will respond within 30 days.
Children's Privacy (COPPA)
RxGrab is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through our newsletter signup or any other form, contact vinnycouey@gmail.com and we will delete it promptly.
Data Retention
- Analytics: aggregate event data retained for up to 14 months in Google Analytics, then auto-deleted.
- Email subscriptions: retained until you unsubscribe or request deletion.
- localStorage: retained on your device until you clear it (browser settings, "clear site data," or running
localStorage.clear() in your developer console).
- Server logs: governed by Cloudflare retention windows (typically under 30 days for raw logs).
How to Delete Your Data
- Newsletter: click "Unsubscribe" in any email, or email vinnycouey@gmail.com to request full deletion from our Kit account.
- localStorage: clear site data for rxgrab.com in your browser settings.
- Analytics: aggregate, non-identifying. Nothing to delete individually, but you can install an analytics-blocking extension to opt out going forward.
Do Not Track
Some browsers send a Do Not Track (DNT) signal. There is no consensus standard for how operators should respond. RxGrab treats DNT signals as a request to opt out of personalized advertising where the underlying ad network supports it; first-party analytics remain active for aggregate measurement.
Changes to This Policy
We update this policy when our data practices change. The "Last updated" date above reflects the most recent revision. Material changes will be announced on the RxGrab homepage.
Contact
Privacy questions or data requests: vinnycouey@gmail.com. Operator: Lattice (operated by Vincent Couey).
See also: About · Methodology · Affiliate Disclosure