Khimaira Studios ltd (“we”, “us”, “our”) operates My Synergy Stack (“the Service”). We are committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it. It applies to all users of the My Synergy Stack website and web application.
This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The data controller for the Service is:
When you register an account, we collect your name and email address. This is necessary to create and manage your account and to communicate with you about the Service.
Payments are processed by Stripe, a third-party payment processor. We do not store your full credit or debit card details. Stripe may collect and store payment information in accordance with their own privacy policy. We receive only a payment confirmation and a customer reference from Stripe.
We collect data about how you use the Service, including the goals you select, supplements you analyse, safety filters you apply, stacks you save, and features you interact with. This data is used to provide and improve the Service and to generate anonymised analytics.
If you click on affiliate links within the Service (e.g., links to iHerb or Amazon), we may record which links were clicked for business analysis purposes. We do not receive information about whether a purchase was completed from the retailer’s side without a separate tracking mechanism.
We automatically collect certain technical data when you use the Service, including your IP address, browser type and version, operating system, referring URLs, pages viewed, and time spent on pages. This data is collected via cookies and analytics tools (see Section 7).
If you contact us by email, we will retain a record of that correspondence including your email address and the content of your message.
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Contract performance |
| Processing subscription payments | Contract performance |
| Providing the Service and its features | Contract performance |
| Sending transactional emails (receipts, account notifications) | Contract performance |
| Responding to your enquiries and support requests | Legitimate interests |
| Improving and developing the Service | Legitimate interests |
| Analysing usage patterns and generating analytics | Legitimate interests |
| Preventing fraud and ensuring security | Legitimate interests / Legal obligation |
| Complying with legal and regulatory obligations | Legal obligation |
| Sending marketing emails (only with your consent) | Consent |
We do not sell your personal data. We may share your data with the following categories of recipients:
Supabase — provides our database and authentication infrastructure. Your account data and saved stacks are stored on Supabase servers.
Stripe — processes subscription payments. Stripe acts as an independent data controller for payment data.
Google Analytics (GA4) — provides website analytics. Data is anonymised and aggregated where possible.
We may disclose your data to law enforcement, regulators, or courts if required by applicable law, legal process, or to protect the rights, property, or safety of Khimaira Studios ltd, its users, or the public.
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
We may share your data with third parties for purposes not described in this policy if we have obtained your explicit consent to do so.
We retain your personal data for as long as your account is active or as necessary to provide the Service. Specifically:
Cookies are small text files stored on your device when you visit a website. We use cookies to make the Service work correctly and to understand how it is used.
Essential cookies — Required for authentication and session management. These cannot be disabled without breaking the Service.
Analytics cookies — We use Google Analytics GA4 to collect anonymised data about how users interact with the Service. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from logging in or using the Service. For more information about managing cookies, visit allaboutcookies.org.
Some of our service providers (including Supabase and Stripe) may process your data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner’s Office (ICO), to protect your data in accordance with UK GDPR requirements.
If you are located in the United Kingdom or European Economic Area, you have the following rights regarding your personal data:
Right of Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data, subject to certain legal exceptions.
Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another controller.
Right to Object
You have the right to object to processing based on legitimate interests, including for direct marketing purposes.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.
To exercise any of these rights, please contact us at support@khimairastudios.com. We will respond within 30 days. We may need to verify your identity before processing your request.
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (HTTPS/TLS), password hashing, row-level security on our database, and access controls limiting who can view your data.
However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.
The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us at support@khimairastudios.com and we will delete that data promptly.
Users between 13 and 17 years of age may only use the Free tier of the Service with parental or guardian consent and supervision.
The Service contains links to third-party websites and services (including affiliate links to retailers). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices of third-party sites.
We may update this Privacy Policy from time to time. We will notify you of material changes by email to your registered address or by prominent notice on the Service at least 14 days before changes take effect. The “Effective Date” at the top of this document indicates when the current version became active.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
Company: Khimaira Studios ltd
Email: support@khimairastudios.com
Website: www.khimairastudios.com
ICO (UK regulator): ico.org.uk · 0303 123 1113
© 2025–2026 Khimaira Studios ltd. All rights reserved.
End of Privacy Policy — Version 1.0