GDPR LGPD CCPA

Privacy Policy

This policy explains how DFFCO — Dehydration, Fibromyalgia and Cognitive Function collects, uses, stores and protects personal data from users worldwide — in compliance with the EU General Data Protection Regulation (GDPR), Brazilian LGPD and California CCPA.

Last updated: 30 April 2026 · Version 2.0

Educational content only. DFFCO is an educational scientific evidence repository. We do not collect, process or store health records, medical history, diagnoses or any clinical personal data. This platform does not constitute medical advice, diagnosis or treatment.

Contents

1 Data Controller

The data controller responsible for personal data processed through this platform is:

DFFCO is not a healthcare provider, medical institution, clinical research organization or regulated health entity. It is an open-access repository of peer-reviewed scientific evidence summaries for educational purposes.

2 Information We Collect

2.1 — Automatically collected (current)

2.2 — Voluntarily provided (future — newsletter)

When newsletter functionality is implemented, users who explicitly opt in will provide:

2.3 — What we do NOT collect

3 How We Use Information

Data collected is used exclusively for:

We do not use your data for advertising, profiling, automated decision-making, or any commercial purpose. We do not sell, rent, license or share personal data with third parties, except as required by law or described in Section 9 (International Transfers).

4 Legal Basis for Processing

We rely on the following legal bases under GDPR (Article 6) and LGPD (Article 7):

For California residents: our processing activities do not constitute a "sale" or "sharing" of personal information as defined by CCPA/CPRA. We do not use data for cross-context behavioral advertising.

5 Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Under GDPR (EU / EEA residents)

Under LGPD (Brazilian residents)

Under CCPA/CPRA (California residents)

To exercise any of these rights, contact us at contact@dffcoevidence.com. We will respond within 30 days (GDPR/LGPD) or 45 days (CCPA). Identity verification may be required before fulfilling requests.

6 Cookies & Tracking Technologies

DFFCO uses a minimal cookie approach:

We do not use: Google Analytics, Meta Pixel, advertising trackers, cross-site cookies, fingerprinting techniques, or any third-party analytics scripts. No tracking SDK is loaded on any public page.

Google Fonts and Tailwind CSS CDN are loaded from external servers; these providers may log IP addresses per their own privacy policies. We are evaluating self-hosting these assets to eliminate this exposure.

Because we use only strictly necessary session cookies, we are not legally required to present a cookie consent banner under current interpretations of GDPR Recital 30 and ePrivacy Directive guidance. If tracking cookies are introduced in the future, a consent mechanism will be implemented before deployment.

7 Data Retention

When retention periods expire, data is securely deleted using methods appropriate to the storage medium. We do not retain personal data beyond what is necessary for the stated purpose.

8 Data Security

We implement technical and organizational measures proportionate to the risk level associated with the data we process:

No system is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and affected individuals where required (GDPR Art. 34 / LGPD Art. 48).

9 International Data Transfers

DFFCO is currently operated locally (development phase). When deployed to production cloud infrastructure, data may be processed on servers located outside your country of residence.

Third-party services currently used that may process data from your request:

10 Children's Privacy

DFFCO is a scientific evidence platform intended for adults, including healthcare professionals, researchers and patients. It is not directed at children under 13 years of age (or under 16 where required by local law, such as GDPR Article 8).

We do not knowingly collect personal data from children. If you believe a child has submitted data to this platform, please contact us immediately at contact@dffcoevidence.com and we will delete such data promptly.

11 Policy Updates

This Privacy Policy may be updated to reflect changes in our practices, legal requirements or platform features. When we make material changes, we will:

Continued use of the platform after the effective date of any update constitutes acceptance of the revised policy. We encourage you to review this page periodically.

Previous versions of this policy are available upon request at contact@dffcoevidence.com.

12 Contact Us

For privacy-related inquiries, requests to exercise your rights, data breach reports or questions about this policy, please contact:

DFFCO — Dehydration, Fibromyalgia and Cognitive Function

Privacy inquiries: contact@dffcoevidence.com

Response time: within 30 days · Available in EN / PT

Contact us

Supervisory Authorities

EU residents may lodge a complaint with their national data protection authority (e.g., CNIL — France, Garante — Italy, BfDI — Germany). Brazilian residents may contact the ANPD (Autoridade Nacional de Proteção de Dados) at gov.br/anpd. California residents may contact the CPPA (California Privacy Protection Agency).