Privacy Policy

Last updated: 19 March 2026

1. Who We Are

Nootropica ("we", "us", "our") operates the website nootropica.co.uk. We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: info@nootropica.co.uk

2. Data We Collect

We collect the following personal data when you use our site:

  • Account information - name and email address when you register.
  • User-generated content - benefit ratings, overall ratings, comments, favourites, and stacks you create.
  • Technical data - IP address, browser type, device information, and pages visited (collected automatically via server logs and Cloudflare).
  • Quiz responses - your answers to the nootropics quiz. These are processed in your browser and are not stored on our servers.

3. Legal Basis for Processing

  • Contract - processing your account data is necessary to provide you with our services (account creation, ratings, comments, stacks).
  • Legitimate interests - we process technical data to maintain site security, prevent abuse, and improve our services.
  • Consent - where required, we will ask for your explicit consent before processing data for any other purpose.

4. How We Use Your Data

  • To create and manage your account.
  • To display your ratings, comments, and stacks on the site.
  • To send essential service emails (e.g. password resets).
  • To monitor and improve site performance and security.

5. Data Sharing

We do not sell your personal data. We share data only with the following third parties who help us operate the site:

  • Cloudflare - DNS, CDN, and DDoS protection. Cloudflare may process your IP address and technical data. See Cloudflare's Privacy Policy.
  • Email provider - for transactional emails such as password resets and account notifications.

Your data is processed within the UK and EEA. If any data is transferred outside these regions, appropriate safeguards are in place.

6. Cookies

We use essential cookies only (session management and CSRF protection). For full details, see our Cookie Policy.

7. Data Retention

  • Account data - retained for as long as your account is active. If you delete your account, your personal data will be removed within 30 days.
  • Ratings and comments - retained for as long as your account is active. Anonymised aggregate data may be retained after account deletion.
  • Server logs - retained for up to 90 days for security and debugging purposes.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • HTTPS encryption on all pages.
  • Password hashing using industry-standard algorithms.
  • Regular security updates and monitoring.
  • Access controls limiting who can view personal data.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - ask us to correct inaccurate or incomplete data.
  • Erasure - ask us to delete your personal data ("right to be forgotten").
  • Portability - request your data in a structured, commonly used, machine-readable format.
  • Restriction - ask us to limit how we process your data.
  • Objection - object to processing based on legitimate interests.

To exercise any of these rights, email us at info@nootropica.co.uk. We will respond within 30 days.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. We encourage you to review this page periodically.