inflamed.communityinflamed.community

Privacy

Last updated 4 May 2026.

The short version

We don’t collect names, email addresses, accounts, IP addresses, browser fingerprints, location data, or anything else that identifies you. The patient form asks about your experience with AS. Answers are stored without any link to who you are. The dashboard shows aggregate patterns. No individual response is ever published.

If you want a submission removed, you can within 48 hours: the thank-you screen gives you a code; email it to the address at the bottom of this page and we delete the row.

What we collect

Four places.

The patient form asks about your AS, diagnosis, medications, symptoms, and stores the answers. It never asks for your name, email, or location beyond country. Section 6 is a free-text box; see the note further down.

The contribution form lets anyone suggest a paper for the research map. Only the link is required. The optional email is used to reply and then deleted.

The community-tips form lets anyone share something that helped them, a stretch, a sleep trick, a product. Tips are always published anonymously. Name and email are optional and used only so the editor can reply if needed, they are never displayed publicly. Upvotes are tracked by a per-browser cookie, not by you.

The notification list is opt-in only. If you submit your email at /subscribe, we store the email and a random unsubscribe token. The editor batches infrequent updates by hand. Every email carries a one-click unsubscribe link. No third-party email tools, no tracking pixels.

The contact email lands in our inbox like any email. We use it to reply and we don’t add it to a list.

What we don’t collect

No IP addresses, User-Agent strings, browser fingerprints, or location data. No analytics. No third-party fonts loaded from a CDN that would leak your IP. The Buy Me a Coffee link points off-site; if you click it, BMC sees you on their side, not us.

Error tracking

If a page or form throws an unexpected error, a minimal report goes to a third-party error-tracking service (Sentry). The report contains the error message and a stack trace pointing to the line of code that broke. It does NOT include your IP, your email, cookies, request bodies, or anything you typed into a form, we configure the SDK to strip those before the event leaves your browser.

We use error reports to fix bugs. We don’t use them to understand who you are or what you do on the site. If error tracking is not configured (no DSN set), the SDK is dormant and no requests are made.

How long we keep things

Patient-form submissions, approved paper contributions, and approved community tips are kept indefinitely as part of the public research record, they’re anonymous, so retention doesn’t expose anyone. Submissions that are declined are deleted within 30 days. Submitter emails attached to contribution and tip rows are kept only as long as needed to reply and then deleted. Contact emails are deleted within 12 months of resolution.

Who can see what

The public dashboard shows aggregate stats. No data point is shown if fewer than five people contributed to it. The editor, one person, operating as Big Wella, is the only human who can see individual rows.

The free-text box (Section 6 of the form)

If you write something there, one person reads it. We strip names, addresses, hospitals, and similar before any aggregate use. Free-text answers are never displayed verbatim. If you’d rather not write anything, leave it blank, the rest of the form is just as useful.

Removing your submission

The thank-you screen gives you an eight-character code. That code is the only thing that links to your row. To remove, email the code to the address below within 48 hours. We delete the row, reply to confirm, done.

After 48 hours we still try, but the row may have been folded into an aggregate calculation we can’t easily unwind. If you lose the code we can’t find your row, that’s a feature of the privacy architecture, not a bug. Save the code.

Children

This site is not aimed at people under 16. AS can present in adolescence; if you’re under 16 we ask that a parent or guardian fills the form in with you. We don’t knowingly collect data from children under 13.

Cookies

Only technical cookies, and only on pages where they do something useful for you. None of them carry any name, email, or identifier we can match to you across sites.

No advertising or tracking cookies. No third-party cookies. No cookie banner because there is nothing to consent to.

Where the data lives

The platform infrastructure runs partly on services based in the United States. The architecture is designed so that information collected through the patient form does not constitute personal information under the Privacy Act 1988, that is, the information is not about an identified individual and not about an individual who could reasonably be identified.

Australian Privacy Act

inflamed.community is operated from Australia. The Privacy Act 1988 (Cth) and the Australian Privacy Principles apply. Health information is a sensitive category and we treat it as such regardless of how the legal threshold for “reasonably identifiable” is read.

If you have a privacy concern about this site, raise it with us at the address below. If we can’t resolve it, you can refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this page

If we change this page in a way that meaningfully changes what we collect or how we handle it, the notice at the top of the page is updated.

Contact

For privacy questions, removal requests, or anything else: contact@inflamed.community. Removal requests should include the code from your thank-you screen and nothing else.