Legal

Privacy Policy

Last updated: May 11, 2026 · www.biohackdir.com · Also see: Terms of Service →

This Privacy Policy explains how BiohackDir ("we", "us", or "our") collects, uses, and protects information when you visit our website or use our directory services. By using BiohackDir, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

We collect information you give us directly, including:

  • Name and email address when you submit a listing claim form or contact us
  • Clinic name, phone number, address, and website URL when claiming or updating a listing
  • Payment information processed through Paddle (our payment processor) when subscribing to a paid plan
  • Any messages or correspondence you send us

1.2 Clinic Listing Information

Clinic listings on BiohackDir are compiled from publicly available sources including Google Maps, business websites, and other public directories. This information includes clinic names, addresses, phone numbers, websites, and service descriptions. If you are a clinic owner and wish to update or remove your listing, contact us at legal@biohackdir.com.

1.3 Automatically Collected Information

When you visit BiohackDir we automatically collect:

  • Pages visited and search queries performed on our directory
  • Browser type and operating system
  • Referring website or search engine
  • Approximate location based on IP address (city-level only)
  • IP address and access timestamps stored in server access logs (retained for up to 90 days)

We use Koko Analytics for site analytics. Koko Analytics is a privacy-friendly tool that does not use cookies or track users across websites.

2. How We Use Your Information

We use the information we collect to:

  • Display and maintain clinic listings in our directory
  • Process listing claims and verify clinic ownership
  • Process subscription payments for verified and partner listings
  • Respond to your inquiries and support requests
  • Improve the directory, search functionality, and user experience
  • Send transactional emails related to your listing or account (e.g. payment confirmations, listing activation notices)
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for advertising purposes. You may opt out of non-essential transactional emails at any time by contacting us at legal@biohackdir.com.

3. Lawful Basis for Processing

§ Added — required for GDPR compliance for EU/UK visitors.

Where the General Data Protection Regulation (GDPR) or UK GDPR applies to the processing of your personal information, we rely on the following lawful bases:

  • Contract: Processing your information is necessary to provide our directory services, process your subscription, and manage your clinic listing.
  • Legitimate interests: We process certain data to improve our directory, prevent fraud, and maintain the security and integrity of our services. We have assessed that these legitimate interests are not overridden by your rights.
  • Legal obligation: We may process data where required to comply with applicable laws, including tax and accounting obligations.
  • Consent: Where we rely on your consent (for example, for optional marketing communications), you may withdraw that consent at any time.

Where data is transferred outside the European Economic Area (EEA) — for example, to our payment processor Paddle or our hosting provider Hostinger — such transfers are made under Standard Contractual Clauses approved by the European Commission or other appropriate safeguards. You may request details of these safeguards by contacting us at legal@biohackdir.com.

4. Payments and Billing

Subscription payments for Verified ($299/month) and Partner ($599/month) listings are processed by Paddle, our payment processor. BiohackDir does not store your credit card or payment details on our servers. All payment data is handled directly by Paddle and subject to their privacy policy available at paddle.com/privacy.

When you subscribe, Paddle may collect your name, email address, billing address, and payment information. Please review Paddle's privacy policy for details on how they handle this data.

5. Cookies

BiohackDir uses minimal cookies necessary for the site to function:

  • Session cookies to keep you logged in to your clinic dashboard
  • WordPress functional cookies for basic site operation

We do not use advertising cookies, tracking pixels, or third-party marketing cookies. Our analytics tool (Koko Analytics) is cookieless.

You can control or disable cookies through your browser settings. Disabling functional cookies may prevent you from accessing your clinic dashboard. For guidance on managing cookies in your browser, visit allaboutcookies.org.

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

  • With Paddle to process subscription payments
  • With Hostinger, our hosting provider, who stores our website data under strict confidentiality
  • When required by law, court order, or government authority
  • To protect the rights, property, or safety of BiohackDir or its users
  • In connection with a merger, acquisition, or sale of assets, where your data may be transferred to a successor entity subject to equivalent privacy protections

7. Subprocessors

§ Added — transparency best practice; required under many data processing frameworks.

We use the following third-party service providers (subprocessors) who may process your personal data on our behalf:

Paddle — Payment processing and subscription billing. Privacy policy →

Hostinger — Website hosting and data storage. Located in the EU. Privacy policy →

Koko Analytics — Privacy-friendly, cookieless website analytics. Self-hosted; no data leaves our server. About →

WPForms — Contact and claim form processing. Form submissions are stored on our Hostinger server. Privacy policy →

We will update this list when we add new subprocessors that process personal data.

8. Data Retention

We retain your information for as long as necessary to provide our services:

  • Clinic listing data is retained while the listing exists on the directory
  • Account and billing records are retained for up to 7 years for legal and accounting purposes
  • Contact form submissions are retained for up to 2 years
  • Analytics data is aggregated and anonymized after 12 months
  • Server access logs are retained for up to 90 days and then permanently deleted

You may request deletion of your personal data at any time by contacting us at legal@biohackdir.com. Note that we may be required to retain certain data for legal or accounting purposes even after a deletion request.

9. Your Rights

Depending on your location you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Objection: Object to how we process your data
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Portability: Request your data in a machine-readable format
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at legal@biohackdir.com. We will respond within 30 days. If you are located in the EU/UK and believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority.

10. California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information — we do not sell or share personal information
  • The right to limit the use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide our services
  • The right to non-discrimination for exercising your privacy rights

To submit a CCPA/CPRA request, contact us at legal@biohackdir.com with the subject line "CCPA Request." We will verify your identity before processing the request.

11. Data Security

We implement reasonable security measures to protect your information including:

  • SSL/TLS encryption for all data transmitted to and from our website
  • Secure hosting infrastructure with limited access to personal data
  • Regular WordPress and plugin updates to address security vulnerabilities
  • Restricted access to personal data on a need-to-know basis

However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

12. Data Breach Notification

§ Added — required under GDPR (72-hour notification) and California law.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities as required by applicable law.

Under GDPR, we are required to notify the relevant supervisory authority within 72 hours of becoming aware of a breach where feasible. Where a breach is likely to result in a high risk to individuals, we will also notify affected individuals directly without undue delay.

Under California law, we will notify California residents of breaches affecting their personal information in the most expedient time possible and without unreasonable delay.

To report a potential security issue, contact us at legal@biohackdir.com with the subject line "Security Issue."

13. Do Not Track

§ Added — best practice disclosure; required in some jurisdictions.

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. BiohackDir does not alter its data collection practices in response to DNT signals because we do not engage in cross-site tracking. Our analytics tool (Koko Analytics) does not track users across websites regardless of DNT settings.

15. Children's Privacy

BiohackDir is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. The medical treatments described on this site are intended for adults. If you believe a child has provided us with personal information, contact us at legal@biohackdir.com and we will delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes that significantly affect how we handle your data, we will make reasonable efforts to notify active account holders by email at least 14 days before the changes take effect.

Continued use of BiohackDir after changes are posted constitutes acceptance of the updated policy. If you do not agree to the updated policy, you should discontinue use of our services and request deletion of your account data.

17. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

BiohackDir
Email: legal@biohackdir.com
Website: www.biohackdir.com

We aim to respond to all privacy-related enquiries within 30 days.

Scroll to Top