Privacy Policy

Version 1.0 — effective from 1 May 2025

1. Data controller

The controller of your personal data is DietCoach ("Controller"), reachable at jacgre1981@gmail.com. The Controller determines the purposes and means of processing your personal data in connection with the DietCoach service available at dietcoach.app.

2. Data we collect

When you use the diet plan generation service, we collect the following data:

  • Contact data: e-mail address (used as a unique identifier for your plan and to prevent duplicate free plans).
  • Health-related data: gender, age, height, weight, physical activity level, dietary goal, dietary preferences, excluded products and intolerances.
  • Technical data: IP address (stored only as a SHA-256 hash, used solely for abuse prevention — rate limiting).
  • Consent records: timestamps and version identifiers of accepted legal documents.

3. Legal basis for processing

  • Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)Health-related data (gender, age, weight, height, activity level) constitutes special category data under Art. 9 GDPR. We process it solely on the basis of your explicit consent given at the time of form submission.
  • Legitimate interest (Art. 6(1)(f) GDPR)IP address hashing for rate limiting to prevent automated abuse of the free plan generation feature.
  • Contract performance (Art. 6(1)(b) GDPR)Processing your e-mail address and payment information to fulfil paid plan packages.

4. How we use your data

  • To calculate your personalised calorie and macronutrient targets using the Mifflin-St Jeor equation.
  • To generate a 7-day diet plan tailored to your parameters and preferences.
  • To allow you to retrieve and download your plan during its validity period.
  • To prevent misuse of the free plan feature (one free plan per e-mail address).
  • We do not use your data for profiling, automated decision-making, or marketing purposes.

5. Data retention

  • Free plans: data associated with your plan is retained for 3 days from generation, after which it expires and is eligible for deletion.
  • Paid plans: plan data is retained for 12 months from the date of purchase.
  • IP hashes for rate limiting are retained for 24 hours from the start of the rate-limit window.
  • Consent records are retained for as long as the associated plan data exists, to demonstrate lawful processing.

6. Data sharing

We do not sell, rent or trade your personal data. We share data only with the following trusted processors:

  • Supabasedatabase and authentication infrastructure (data stored in the EU).
  • Lemon Squeezypayment processing for paid plan packages (e-mail and payment data only).
  • Vercelhosting and serverless function execution (processes request data transiently).

All processors are bound by data processing agreements and are required to maintain appropriate security measures.

7. Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of accessrequest a copy of the data we hold about you.
  • Right to rectificationrequest correction of inaccurate data.
  • Right to erasurerequest deletion of your data ('right to be forgotten').
  • Right to restrictionrequest restriction of processing under certain conditions.
  • Right to data portabilityreceive your data in a structured, machine-readable format.
  • Right to withdraw consentwithdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaintlodge a complaint with the Polish supervisory authority (UODO — uodo.gov.pl).

To exercise any of these rights, contact us at jacgre1981@gmail.com. We will respond within 30 days.

8. Cookies and tracking

DietCoach does not use advertising trackers or third-party analytics. We use only essential session cookies required for the application to function correctly (authentication state, locale preference). No cookie consent banner is shown because no non-essential cookies are used.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. IP addresses are stored only as one-way SHA-256 hashes. All data is transmitted over HTTPS. Access to the database is restricted by row-level security policies.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated effective date. We encourage you to review this policy periodically.

11. Contact

For any questions or requests regarding your personal data, please contact us at: jacgre1981@gmail.com

Polityka prywatności — DietCoach