Privacy Policy

Glpverdict (“we”, “us”) operates glpverdict.com, an independent, affiliate-funded editorial site reviewing GLP-1 telehealth providers and medications. We are the data controller for personal data processed through this site. For privacy requests, contact [email protected] or use the self-service tools linked below.

We practice privacy-by-default. A full inventory of what we track (and the larger list of what we deliberately do not) lives on our What we track page. In summary, we process:

• Affiliate click events — an anonymous click ID, source page, position, country, and a salted session hash, to attribute conversions and compensate our editorial work. No name, email, or health data is attached. Legal basis: legitimate interest.
• Optional submissions you provide — newsletter signups, lead-magnet requests, provider/medication reviews, patient stories, Q&A, price alerts, and refill reminders. Only what you type, plus a salted IP hash for spam control. Legal basis: consent.
• Aggregate diagnostics — sampled Web Vitals, search queries, and 404 paths, to fix performance and content gaps. No user identifier. Legal basis: legitimate interest.

Tools you use to calculate weight loss, dose, eligibility, or cost run entirely in your browser — those inputs are never sent to or stored on our servers.

We set a small number of strictly-necessary first-party cookies (e.g. the first-click affiliate attribution cookie for a referral you initiate, and your cookie-consent choice). Non-essential, analytics-flavored cookies are set only after you accept via the cookie banner; declining leaves them off. You can change your choice any time via the “Do Not Sell or Share My Personal Information” control in the footer. We do not run third-party advertising trackers or browser fingerprinting.

We do not sell your personal information. We share data only with processors that run the site:

• Our hosting provider (self-managed VPS) and content CMS (Sanity).
• Affiliate networks, which receive an anonymous click/sub-ID when you choose to visit a provider through one of our referral links — never your identity.
• An email service provider, only if you opt into newsletters or transactional messages.

We disclose data if required by law (e.g. a valid legal request).

Affiliate attribution cookies expire after 30 days. Aggregate diagnostics are retained in de-identified form. Submissions you provide are kept until you ask us to delete them or they are no longer needed for the purpose collected. Erasure tokens expire after 1 hour and are single-use.

Under the GDPR (EEA/UK) and the CCPA/CPRA (California) you can access, correct, delete, port, or restrict processing of your data, and object to processing based on legitimate interest. We honor these regardless of where you live. To exercise them:

• Request deletion of your data (self-service, email-verified).
• Export or delete everything tied to you.
• View and revoke individual consents.

You also have the right to lodge a complaint with your local data-protection authority.

This site is intended for adults. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

We may update this policy as the site evolves. Material changes will be reflected by the “last updated” date above. Continued use after an update constitutes acceptance.