Effective Date: March 1, 2026
Last Updated: February 28, 2026
Who We Are
Bare Your Rare is a rare disease advocacy platform operated by the Bare Your Rare Foundation, based in Grande Prairie, Alberta, Canada. Our mission is to connect people living with ultra-rare conditions to research opportunities, community support, and practical resources.
This Privacy Policy explains how we collect, use, protect, and share your personal information when you visit bareyourrare.org, use our community features, submit contact forms, or interact with our content.
We are committed to complying with Alberta's Personal Information Protection Act (PIPA) and Canada's federal Personal Information Protection and Electronic Documents Act (PIPEDA), as applicable.
Information We Collect
Information You Provide Directly
When you interact with our site, you may choose to provide us with:
Contact form submissions — your name, email address, and the contents of your message when you reach out through our Contact page.
Community account information — when you create an account on our community forum (powered by Discourse), you provide a username, email address, and any optional profile details you choose to add.
Story submissions — if you share your personal story or experience with a rare condition, you provide whatever details you choose to include. We never require you to disclose medical information.
Comments and forum posts — any content you post in community discussions.
Information Collected Automatically
When you visit our site, our servers and analytics tools may automatically collect:
Technical data — your IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
Usage data — pages visited, time spent on pages, links clicked, and general navigation patterns.
Cookies and similar technologies — small files stored on your device that help us understand how you use our site. See the Cookies & Analytics section below for details.
How We Use Your Information
We use the information we collect to:
Respond to your messages — when you reach out through our contact form, we use your name and email solely to reply to your inquiry.
Operate community features — your account information allows you to participate in discussions, post stories, and connect with other community members.
Improve the site — usage data helps us understand which content is helpful, identify technical problems, and make the site more accessible.
Share stories with your consent — if you submit a story for publication, we only publish it with your explicit permission. You may request anonymisation or removal at any time.
Ensure security — we monitor for malicious activity, spam, and unauthorized access to protect our community.
We do not sell, rent, or trade your personal information. We do not use your information for advertising or marketing purposes beyond occasional updates about Bare Your Rare content, and only if you have opted in.
Health-Related Information
Because Bare Your Rare serves people living with rare medical conditions, we want to be especially clear about how we handle health-related information.
We do not collect medical records. We are not a healthcare provider, and we do not request or store clinical data, diagnostic reports, genetic test results, or treatment records.
Story submissions are voluntary. If you choose to share details about your health journey in a story or forum post, you decide what to include. We strongly encourage you not to share information you would not want publicly visible, such as specific medication dosages, insurance details, or identifying clinical data.
Sensitive information receives extra care. Any health-related details you share with us — even voluntarily — are treated with heightened sensitivity. We will not share this information with third parties without your explicit consent, except where required by law.
You control your story. You may request edits, anonymisation, or complete removal of any published story at any time by contacting us at the address listed below.
Cookies & Analytics
Our site uses cookies — small text files stored on your device — to provide basic functionality and understand how visitors use the site.
Essential Cookies
These are required for the site to function properly. They handle things like keeping you logged into the community forum and remembering your dark/light mode preference. You cannot opt out of essential cookies and still use all site features.
Analytics Cookies
We may use privacy-focused analytics tools to understand general traffic patterns — which pages are popular, how long visitors spend reading, and where visitors come from. We do not use analytics data to identify individual people. Where possible, we use tools that anonymise IP addresses by default.
Managing Cookies
Most web browsers allow you to control cookies through their settings. You can block or delete cookies at any time, though this may affect some site features. Refer to your browser's help section for instructions.
Third-Party Services
We use a limited number of third-party services to operate Bare Your Rare. Each of these services may process some of your data under their own privacy policies:
Hostinger — our web hosting provider. Servers may be located outside Canada. Hostinger processes technical data (IP addresses, request logs) as part of normal hosting operations.
Discourse — our community forum platform. When you create a forum account, Discourse stores your username, email, posts, and profile information. Discourse may be self-hosted or cloud-hosted depending on our configuration. See the Community Forum section below.
WordPress and plugins — our content management system. Various plugins may set cookies or process data as described in their individual documentation.
Embedded content — pages may include embedded videos, social media feeds, or other external content. These third-party embeds may collect data about your visit under their own privacy policies.
We review our third-party services periodically and choose providers that demonstrate reasonable commitment to data protection.
Community Forum (Discourse)
Our community forum is powered by Discourse, a discussion platform that requires a user account to participate. When you register, you provide:
A username (which will be publicly visible), an email address (which is kept private by default), and an optional profile bio and avatar.
Public content: Forum posts, replies, and any profile information you choose to make public are visible to other community members and may be indexed by search engines. Think carefully before posting personal health details in public threads.
Private messages: Discourse supports private messaging between users. These messages are stored on the forum server and are accessible to forum administrators for moderation purposes only.
Account deletion: You may request deletion of your Discourse account and associated content by contacting us. Some posts may be anonymised rather than deleted to preserve the integrity of community discussions, in accordance with Discourse's standard practices.
Data Security
We take reasonable measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
SSL/TLS encryption for all connections to our site (HTTPS). Password hashing for community forum accounts. Regular security updates for WordPress, plugins, and server software. Access controls that limit who can view personal data to site administrators only.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that poses a real risk of significant harm, we will notify affected individuals and the relevant privacy commissioner as required by law.
Data Retention
Contact form messages are retained only as long as needed to respond to your inquiry, and are deleted within 12 months unless ongoing correspondence requires otherwise.
Community forum data (account info, posts) is retained for as long as your account is active. If you delete your account, your personal data is removed or anonymised within 30 days.
Published stories remain on the site until you request their removal or modification.
Analytics data is retained in aggregate form and does not identify individuals. Raw log data is purged according to our hosting provider's retention schedule.
Your Rights
Under Alberta's Personal Information Protection Act (PIPA) and Canada's PIPEDA, you have the right to:
Access — request a copy of the personal information we hold about you. We will respond within 30 days of receiving your request.
Correction — request that we correct inaccurate or incomplete personal information.
Withdrawal of consent — withdraw your consent for us to collect, use, or disclose your personal information. Note that withdrawing consent may affect your ability to use certain features (for example, deleting your forum account means you can no longer post).
Deletion — request that we delete your personal information where it is no longer necessary for the purpose it was collected. Some information may be retained where required by law.
Complaint — if you believe we have not handled your personal information appropriately, you have the right to file a complaint. We encourage you to contact us first so we can try to resolve the issue. If you are not satisfied with our response, you may file a complaint with:
Office of the Information and Privacy Commissioner of Alberta
Phone: 780-422-6860
Toll Free: 1-888-878-4044
Website: oipc.ab.ca
Office of the Privacy Commissioner of Canada
Phone: 1-800-282-1376
Website: priv.gc.ca
Children's Privacy
We understand that rare conditions affect people of all ages, including children. We do not knowingly collect personal information from anyone under the age of 13 without parental or guardian consent.
If a parent or guardian wishes to submit a story on behalf of a child, they may do so through our contact form. We will work with the family to determine what information is appropriate to share publicly.
If we learn that we have collected personal information from a child under 13 without proper consent, we will delete that information promptly.
Cross-Border Data Transfers
Bare Your Rare is based in Alberta, Canada. However, some of the third-party services we use (such as hosting providers and Discourse) may store or process data on servers located outside Canada, including in the United States or European Union.
When your data is transferred outside Canada, it may be subject to the laws of that jurisdiction. We take reasonable steps to ensure our service providers maintain appropriate data protection standards, but we cannot guarantee that foreign laws will provide the same level of protection as Canadian law.
By using our site, you acknowledge that some data processing may occur outside Canada. If you have concerns about cross-border transfers, please contact us before submitting personal information.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will update the "Last Updated" date at the top of this page.
For material changes that affect how we handle your personal information, we will make reasonable efforts to notify registered community members by email or through a notice on the site.
We encourage you to review this policy periodically. Continued use of the site after changes are posted constitutes your acknowledgement of the updated policy.
Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your information is handled, please contact:
Privacy Officer
Bare Your Rare Foundation
Grande Prairie, Alberta, Canada
Email: privacy@bareyourrare.org
You may also reach us through our Contact page. Please do not include sensitive personal or medical information in your initial contact — we will follow up securely.