Resar
Scoring methodologyReview policyConflicts disclosedNot medical advice

Privacy

Privacy policy.

Resar explains what personal information we collect when you use our marketplace, how we use it, who we share it with, and the choices you have.

Effective July 4, 2026 · Last updated July 4, 2026 · Trust center

Who we are

Resar operates an evidence-backed health product marketplace at resar.vercel.app and related domains. For privacy questions or requests, contact resarlinks@gmail.com.

Information we collect

We collect information in these categories:

  • Account data: name, email address, password hash (for email sign-up), profile image (if you use Google sign-in), role, and onboarding preferences.
  • Authentication data: session tokens managed through NextAuth; OAuth identifiers when you sign in with Google.
  • Product request data: Amazon URLs you submit, associated product records, submission timestamps, and moderation outcomes.
  • Marketplace activity: goal-match queries, compare/stack selections, evidence-watch subscriptions, and page analytics events when enabled.
  • User-generated content: shopper reviews, ratings, and related moderation notes.
  • Technical data: IP address, browser type, device information, timestamps, and security logs needed to operate and protect the service.
  • Communications: verification emails, welcome messages, and support correspondence.

Information we do not collect

Resar is not a healthcare provider. We do not intentionally collect medical records, diagnoses, prescriptions, lab results, or insurance information.

Do not submit protected health information or emergency medical details in reviews, support messages, or product requests.

How we use information

  • Create and secure your account, including email verification.
  • Provide marketplace features: search, scoring, recommendations, compare, and stack tools.
  • Process product review requests and show you private evidence pages until admin publication.
  • Moderate reviews and AI summaries for quality and safety.
  • Operate admin tools, audit trails, and fraud prevention.
  • Send transactional emails (verification, security, service updates).
  • Improve relevance of recommendations and measure product performance.
  • Comply with law, enforce our Terms, and protect users and the platform.

Legal bases (EEA/UK visitors)

Where GDPR or UK GDPR applies, we rely on: contract (providing the service you request), legitimate interests (security, analytics, product improvement, fraud prevention), consent (where required for optional communications), and legal obligation.

Cookies and similar technologies

Resar uses essential cookies and local storage for authentication sessions, security, and appearance preferences (such as dark mode).

We do not use third-party advertising cookies. If we add optional analytics later, we will update this policy and provide appropriate controls.

How we share information

We do not sell your personal information. We share data only with service providers that help us run Resar:

  • Hosting and infrastructure (e.g., Vercel).
  • Database providers (e.g., PostgreSQL/Supabase).
  • Email delivery (e.g., Resend).
  • Authentication providers (e.g., Google OAuth).
  • AI inference providers (e.g., Groq) for summaries and recommendations — product metadata and research candidates are sent server-side; API keys are never exposed to browsers.
  • Research index APIs (PubMed, Crossref, OpenAlex, Semantic Scholar) receive search queries derived from product context, not your account profile.
  • Affiliate retailers (e.g., Amazon) when you click outbound purchase links — standard referrer/attribution data may apply.
  • Law enforcement or regulators when required by valid legal process.

Retention

  • Account data is kept while your account is active.
  • AI search logs and recommendation queries are retained to audit model behavior and improve relevance, then deleted or aggregated on a rolling basis.
  • Moderation records and admin audit logs are retained for integrity and security.
  • Backups may persist for a limited period after deletion.

Security

We use industry-standard measures including encrypted transport (HTTPS), hashed passwords, server-side secrets, role-based admin access, and rate limiting.

No method of transmission or storage is 100% secure. Report suspected vulnerabilities to resarlinks@gmail.com.

Your rights and choices

  • Access and export: download a copy of your account data from Account settings.
  • Correction: update your name and onboarding preferences in your account.
  • Deletion: delete your account from Account settings or email resarlinks@gmail.com from your registered address.
  • Email verification: required for full account features; you may stop using the service at any time.
  • Marketing: we do not send promotional email without consent.
  • California residents (CCPA/CPRA): right to know, delete, correct, and opt out of sale/share — we do not sell personal information.
  • EEA/UK residents: right to access, rectify, erase, restrict, port, and object; right to lodge a complaint with your supervisory authority.

Children

Resar is not directed to children under 16. We do not knowingly collect personal information from children. Contact us to request deletion if you believe a child provided data.

International transfers

Resar is operated from the United States. If you access the service from other regions, your information may be processed in the U.S. or where our providers operate. We use appropriate safeguards where required.

Changes to this policy

We may update this policy as features or laws change. Material updates will be posted here with a revised “Last updated” date. Continued use after changes means you accept the updated policy.

Questions about this policy?

Contact Resar at resarlinks@gmail.com. For account data requests, visit your account settings.