Privacy
OSDb (Open Supplements Database) is a project by Francesco Latini. This page explains what data we collect when you use osdb-api.org and the related services (the NutriFinder consumer app at nutrifinder.it and the brand dashboard at dashboard.nutrifinder.it).
What we collect
- Anonymous analytics. We use Umami, self-hosted at analytics.osdb-api.org. Umami does not use cookies and does not track you across sites. It records page views, referrer, country (derived from IP, then discarded), browser and OS family. We cannot identify you from this data.
- Account data, if you sign in to NutriFinder. Email address and a hashed password. Used only to log you in and to associate your favourites and quiz responses with your account.
- Server logs. nginx access logs include IP address, request path, and user agent. Kept for at most 30 days for operational purposes (debugging, abuse handling).
What we do not collect
- We do not sell or share personal data with third parties.
- We do not use third-party advertising or cross-site tracking.
- We do not set marketing cookies. The site uses session cookies only for authenticated NutriFinder sessions (httpOnly, SameSite, scoped to the API hostname).
Your rights
If you have a NutriFinder account, you can request access to your data, correction, or deletion at any time by emailing info@osdb-api.org. We will respond within 30 days. You can also request that we delete your account entirely.
Where data lives
Application data is hosted on AWS infrastructure in the EU (Frankfurt region). Analytics data is hosted on the same EU server.
Changes
We will update the “last updated” date above if this policy changes. Material changes will also be linked from the OSDb landing page for at least 30 days.