Privacy Policy

Effective Date: April 3, 2021
Last Updated: April 8, 2026

1. Who We Are

DCAGuide.org (« the Site », « we », « us », « our ») is operated by DCAGuide.org, a non-profit organisation. We publish educational and research-based information about sodium dichloroacetate (DCA) and related topics.

Data Controller (EU/UK): DCAGuide.org, [email protected].

We are committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have.

2. What Data We Collect and Why

We collect data in the following ways:

A. Google Analytics (Automatic Collection)

When you visit the Site, Google Analytics 4 (GA4) automatically collects the following data via cookies placed on your browser:

  • Anonymised IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, time on page, and navigation path
  • Referral source (how you found the Site)
  • Session duration and engagement data
  • General geographic location (country/region level, not precise)

This data is used solely to understand how visitors use the Site and to improve its content and usability. We do not use Google Analytics for advertising, remarketing, or personalisation.

Google Analytics cookies set on your device:

CookiePurposeDuration
_gaDistinguishes unique users2 years
_ga_tainer-id>Tracks session state and events2 years
_gidDistinguishes users (short-term)24 hours


B. Contact Form (When You Choose to Use It)

If you contact us via our contact form, we collect:

  • Your name (if provided)
  • Your email address
  • The content of your message

We use this information only to respond to your enquiry. We do not add contact form submissions to marketing lists.

C. User Comments (When You Choose to Post)

If you post a comment on the Site, we collect:

  • Your name or chosen display name
  • Your email address (not published publicly)
  • The content of your comment, including any personal or health-related information you voluntarily include

Important: Some visitors choose to share personal health information — such as diagnoses, treatment histories, or medication details — in comments. We do not solicit this information. If you share it, you do so voluntarily. Under GDPR, this constitutes « special category » data and is processed only because you have explicitly chosen to make it public. We strongly recommend not sharing personally identifying health information in public comments.

3. Legal Basis for Processing (EU/UK Users)

Under GDPR and UK GDPR, we process your personal data on the following lawful bases:

Data TypeLawful Basis
Google Analytics data (EU users with consent given)Consent (Art. 6(1)(a))
Google Analytics data (UK users — analytics only, no profiling)Legitimate interests (Art. 6(1)(f))
Contact form submissionsLegitimate interests / Contract (Art. 6(1)(b)(f))
User comments (non-health)Legitimate interests (Art. 6(1)(f))
Voluntarily shared health data in commentsExplicit consent — made public by the user (Art. 9(2)(e))


You may withdraw consent at any time where processing is consent-based. This does not affect the lawfulness of processing before withdrawal.

4. Google Analytics — Third-Party Data Processor

Google LLC acts as our data processor for analytics purposes. By using Google Analytics, we have entered into a Data Processing Agreement (DPA) with Google, as required by GDPR Article 28.

Data collected by Google Analytics is transmitted to and stored on Google’s servers in the United States. This constitutes an international transfer of personal data outside the EU/EEA. Google relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer safeguard.

You can learn more about how Google uses this data at:
https://policies.google.com/privacy/partners

To opt out of Google Analytics tracking across all websites, you can install the Google Analytics Opt-Out Browser Add-On:
https://tools.google.com/dlpage/gaoptout

5. Cookies

The Site uses only the cookies set by Google Analytics, as described in Section 2A. We do not use advertising cookies, social media tracking cookies, or any other third-party cookies.

EU/EEA Visitors:
Under the GDPR and ePrivacy Directive, we require your explicit opt-in consent before placing analytics cookies on your device. When you first visit the Site, you will be shown a cookie consent banner. You may accept or decline analytics cookies at any time. Declining will not affect your ability to use the Site.

UK Visitors:
Under the UK Data Use and Access Act 2025, analytics cookies used solely for understanding Site usage (with no profiling or advertising) do not require prior opt-in consent. However, you have the right to opt out at any time. An opt-out option is available via our cookie settings [link] or by installing the Google Analytics Opt-Out Add-On linked above.

All other visitors:
Analytics cookies are placed by default. You may opt out at any time via the Google Analytics Opt-Out Add-On or by adjusting your browser settings.

6. Data Retention

We retain your personal data only as long as necessary:

Data TypeRetention Period
Google Analytics data (user/event level)14 months (GA4 default)
Contact form submissionsUp to 24 months, then deleted
Published commentsUntil deletion is requested or content is removed
Email addresses associated with commentsUntil deletion is requested


You may request deletion of your personal data at any time — see Section 9.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to any third party.

We may share data only in the following limited circumstances:

  • Google LLC (data processor for analytics — see Section 4)
  • Legal compliance: If required by law, court order, or to protect the rights and safety of users or the public
  • Organisational continuity: If DCAGuide.org is transferred to a successor non-profit organisation, users will be notified

We do not share data with advertisers, data brokers, or any commercial third parties.

8. Data Security

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include secure hosting, HTTPS encryption, and access controls. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

If you believe your data has been compromised, please contact us immediately at [email protected]

9. Your Rights

EU/EEA and UK users have the following rights under GDPR and UK GDPR:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure (« right to be forgotten »): Request deletion of your personal data.
  • Right to restriction: Request that we limit how we process your data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is consent-based, you may withdraw at any time.
  • Right to lodge a complaint: You may complain to your national data protection authority. A list of EU/EEA authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may contact the Information Commissioner’s Office (ICO) at https://ico.org.uk.

US users (including residents of California, Washington, Colorado, Connecticut, Virginia, Nevada, Maryland, and Tennessee) have additional rights under applicable state privacy laws, which may include:

  • The right to know what personal data is collected and how it is used.
  • The right to request deletion of your personal data.
  • The right to opt out of the sale of personal data (we do not sell data).
  • For state laws with health data provisions: the right to opt out of collection of consumer health data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (EU/EEA/UK) or 45 days (US), as required by applicable law. We may ask you to verify your identity before processing your request.

10. Children’s Privacy

This Site is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has submitted personal data through this Site, please contact us at [email protected] and we will delete it promptly.

11. Health-Related Information

DCAGuide.org is a health information resource in a sensitive subject area. We do not ask you to submit health information to use the Site. However, some visitors voluntarily share personal health information in comments.

If you submit health-related information in a comment or contact form:

  • We treat it with the highest level of care.
  • We do not use it for profiling, research, or any commercial purpose.
  • You may request its deletion at any time.
  • Under US state health data laws (including the Washington My Health MY Data Act), we will not share your health-related submissions with any third party without your explicit consent.

12. Third-Party Links

The Site contains links to third-party websites, including supplier sites, research publications, and external resources. This Privacy Policy applies only to DCAGuide.org. We are not responsible for the privacy practices of linked websites and encourage you to review their policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the « Last Updated » date at the top of this page. For significant changes, we will make a reasonable effort to notify users (e.g., via a site notice). Continued use of the Site after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

For privacy-related questions, to exercise your rights, or to report a concern:

Email: [email protected]

For EU/EEA data protection enquiries, this contact also serves as the point of contact for the data controller.