inflamed.communityinflamed.community

Privacy

Last updated 2 May 2026.

What this page is

This is the privacy page for inflamed.community. It explains what we collect, what we deliberately do not collect, who can see it, and how to remove anything you have submitted.

It is written in plain English first, with the formal legal framing in the second half. If you only have a minute, read the next two paragraphs and you have the gist.

The short version

We do not collect names, email addresses, accounts, IP addresses, browser fingerprints, location data, or anything else that identifies you as an individual. The patient form asks about your experience with ankylosing spondylitis. Your answers are stored without any link to who you are. The dashboard shows aggregate patterns built from those answers. No individual response is ever published.

If you want a submission removed, you can do that within 48 hours of submitting it, no questions asked. The thank-you screen after the form gives you a small code. Email that code to the address at the bottom of this page and we delete the row.

What we collect

There are three places on the site where you can give us information.

The patient form. The form asks about your AS — when you were diagnosed, what medications you have tried, how the disease affects you, and so on. Some questions have a “Not sure” option because some answers genuinely are not known. The form does not ask for your name, email, location beyond country, or anything else that identifies you. Read the form before you fill it in. Skip any question you do not want to answer. Section 6 is a free-text box for anything that does not fit elsewhere — see the note further down about what we do with the text you write there.

The contribution form. Anyone can suggest a paper or resource for the research map by submitting a link or DOI. The form asks for the link, optionally the role you fill (patient, clinician, researcher, other), and optionally a sentence on why you think it should be added. None of those fields are required except the link. We do not ask for or store your email unless you choose to provide one for follow-up.

The contact email. If you email us — to request a removal, to flag an error, or for any other reason — we have your email address from the message itself. We use it to reply, and we do not add it to any list.

What we deliberately do not collect

We do not log IP addresses or User-Agent strings on the site. The web server discards them rather than writing them to disk. We have no analytics product running. There is no Google Analytics, no Plausible, no Fathom, no Meta Pixel, no Mixpanel, no Hotjar, no anything. We do not use cookies for tracking. The only cookie the site sets is a session-only one to remember your dashboard filter choices, and even that is wiped when you close the tab.

We do not use third-party fonts loaded from a CDN that would leak your IP to a foreign server. The single typeface on the site is hosted from our own server.

The Buy Me a Coffee link points off-site. If you click it, BMC sees you on their side. We see only that someone clicked, not who, and we see that as an anonymous count. We never see your card details, your name, or your donation amount as an identifier — those live with BMC.

How long we keep things

Patient form submissions and approved community contributions are kept indefinitely as part of the research record. They are anonymous and aggregated, so retention is not a re-identification risk.

Contact emails are kept for as long as is needed to respond and resolve. Routine correspondence is deleted within 12 months. Removal-request emails are kept long enough to verify the row was actually deleted, and then deleted themselves.

Who can see what

The public dashboard shows aggregate statistics and chart panels. No data point is shown if fewer than five respondents contribute to it — this prevents anyone from inferring an individual’s response by spotting a uniquely small group.

The dashboard’s underlying data lives in a Google Sheet, then later in a database, accessed by a single read-only service account with no other privileges. The editor (one person — Brett) can see individual rows. No one else can.

The research map is fully public. Every paper card on it is content the editor has approved. No data from the patient registry is shown on the map.

The free-text box (Section 6 of the form)

Section 6 asks if there is anything about your experience that does not fit in a form. People sometimes write in things that name their doctor, their hospital, or their suburb. We do not want that information and we do not display these answers verbatim anywhere on the site. Each free-text submission is run through a scrubbing pass that removes anything resembling a name, an address, a phone number, a street, a hospital name, or other identifiers. The scrubbed text is used in aggregate only — for example, to identify themes that come up across many people’s responses. If you write something in Section 6 that we cannot scrub safely, we hold it out of any aggregate use and contact no one.

If this still feels like too much risk for you, leave Section 6 blank. The rest of the form is just as useful without it.

Removing your submission

Every time you submit the form, the thank-you screen shows a randomly generated code — eight letters and digits. That code is the only thing in the world that links to your row, because we store nothing else about you.

If you want your submission removed, email the code to the address below within 48 hours of submitting. Tell us nothing else. We delete the matching row, reply to confirm, and that is the end of it. If you take longer than 48 hours, we still try, but the row may already be folded into an aggregate calculation that we cannot easily unwind.

If you lose the code, we cannot remove your submission, because we have no other way to identify which row is yours. This is a feature of the privacy architecture rather than a bug. Save the code.

Children

This site is not aimed at people under 16. Ankylosing spondylitis can present in adolescence, and we are not going to refuse contributions from young adults who have it, but if you are under 16 you should fill in the form with a parent or guardian who can read the questions with you. We do not knowingly collect data from children under 13.

Cookies

The site uses one technical cookie to remember your dashboard filter choices for the duration of a single browsing session. It is wiped when you close the tab. There are no advertising cookies, no analytics cookies, no tracking cookies of any kind. There is no cookie banner because there is nothing to consent to.

Bot protection

The patient form has a hidden field that human visitors do not see and bots fill in. Submissions where that field is filled are dropped on the server and never written to the data store. The form also tracks how long the page was open before the submit button was pressed; submissions made in less than eight seconds are flagged and held for review. We use Cloudflare Turnstile as a third layer — it does not set tracking cookies and does not require you to solve puzzles in most cases. None of these systems collect anything about you that survives past the moment of submission.

Where the data lives

The patient registry data lives on servers operated by Google (Sheets) initially and on Neon (a managed PostgreSQL provider) once response volume passes ten thousand rows. The site itself is hosted on Netlify. The literature tracker uses the Anthropic API for paper summarisation. Some of these providers are based in the United States. Where data is processed outside Australia, we ensure the data being processed contains no personal information under the Privacy Act 1988 — that is, no information that identifies an individual or could reasonably be linked to one.

Australian Privacy Act and the Australian Privacy Principles

inflamed.community is operated from Australia. The Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles apply.

Health information is a sensitive category under the Privacy Act. The architecture of this site is designed so that information collected through the patient form does not constitute personal information under the Act — that is, the information is not about an identified individual and not about an individual who is reasonably identifiable. We do this by collecting no direct identifiers (no name, no email, no precise location) and by suppressing display of any field where fewer than five respondents contribute, which limits inference attacks based on attribute combinations.

We acknowledge that ankylosing spondylitis affects roughly one in two hundred people, that combinations of attributes can in principle identify a small number of individuals in low-prevalence conditions, and that the legal threshold for “reasonably identifiable” is not a binary. The architecture is designed to keep re-identification risk low and to make it harder rather than easier over time. It is not zero. We treat the data with the care that a sensitive category warrants regardless of how it is classified.

If you are an Australian resident and you have a privacy concern about this site, you can raise it with us at the address below. If we cannot resolve it, you can refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this page

If we change this page in a way that meaningfully changes what we collect or how we handle it, the notice at the top of the page is updated and a short summary of the change is posted to the homepage.

Contact

For privacy questions, removal requests, or anything else: contact@inflamed.community.

Removal requests should include the code from your thank-you screen and nothing else. Anything beyond the code is information we did not want you to send and will be deleted on receipt.