Privacy Policy
Last updated: April 2026
VitRank ("we", "us") respects your privacy. This policy explains which personal data we process, why, and what your rights are under the EU General Data Protection Regulation (GDPR) and the Dutch Implementing Act (UAVG).
1. Who we are
VitRank is an independent supplement comparison website operated from the Netherlands. We are not a seller — we link to third-party shops.
For privacy questions or to exercise your rights, contact us via our contact page.
2. What data we process
We deliberately keep data collection to a minimum:
- Cart and language: stored only in your browser (localStorage). Never sent to us.
- Analytics (only with consent): Google Analytics 4 with IP anonymization, no Google Signals, no advertising features. Stores cookies
_gaand_ga_*for up to 14 months. - Click tracking: when you click an affiliate link we may log the destination shop, timestamp and a non-identifying referral token to measure earnings — never your IP, name or email.
- Server logs: standard request logs (IP, user agent, URL) kept by our hosting provider for security and abuse prevention, max 30 days.
We do not run a newsletter, do not have user accounts on the public site, and do not sell or share data with advertisers.
3. Legal basis (Art. 6 GDPR)
- Necessary cookies & server logs: legitimate interest (Art. 6(1)(f)) — keeping the site secure and functional.
- Google Analytics: your explicit consent (Art. 6(1)(a)). You can withdraw it any time via the .
- Affiliate click tracking: legitimate interest in measuring whether our service generates revenue, with no profile created about you.
4. Where data is stored & subprocessors
We use the following processors to operate the service. Each is bound by a Data Processing Agreement under Art. 28 GDPR:
| Processor | Purpose | Region / safeguards |
|---|---|---|
| Supabase (Lovable Cloud) | Database, file storage, server functions | EU — Frankfurt, Germany |
| Cloudflare | Hosting, CDN, edge runtime, DDoS protection | Global edge; EU data residency where possible |
| Google Analytics 4 | Anonymous traffic statistics (consent only) | EU/US — EU-US Data Privacy Framework |
| Affiliate networks (Awin, Bol Partner, Amazon EU) | Click attribution for affiliate revenue | EU; their own privacy policies apply on the destination shop |
We do not share data with advertisers. We do not use processors for ad personalization.
5. Your rights
Under the GDPR you have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Have data erased
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl)
Email us via the contact page and we'll respond within 30 days.
UK visitors: the UK GDPR gives you equivalent rights. You can also lodge a complaint with the Information Commissioner's Office (ICO, ico.org.uk).
California (CCPA/CPRA): we do not sell or share your personal information for cross-context behavioural advertising. Therefore no "Do Not Sell or Share" link is required.
6. International transfers
Where personal data is transferred outside the EEA (e.g. to Google Analytics), we rely on the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses (SCCs) as a safeguard under Art. 46 GDPR.
7. Changes
We may update this policy. Material changes will be announced on the homepage. The "last updated" date above always reflects the current version.