Privacy Policy

Last updated: 2026-05-01 — DRAFT

1. Who we are

DietPlan is operated by [LEGAL ENTITY], registered in Greece. We are the data controller for the personal data described below.

2. What we collect

• Account data — name, email, role (dietitian/client), preferred language, timezone.
• Health-related data — meal plans you create or follow, items ticked (eaten/partial/skipped), notes, optional meal photos, weight logs.
• Usage data — error reports (Sentry), authentication events.

3. Why we process it (legal basis)

Performance of contract (providing the service you signed up for); legitimate interests (security, abuse prevention, product improvement); your consent for optional features (e.g. meal photos). Health-adjacent data is processed only as needed to deliver the functionality you and your dietitian use.

4. Where it's stored

EU data residency. Database and storage are hosted on Supabase (Frankfurt, eu-central-1). Email delivery via Resend. Hosting via Vercel. Error monitoring via Sentry. Optional shopping-list categorization sends only food-item names (no personal identifiers) to Google Gemini.

5. Retention

Account and plan data are retained while the account is active. On account deletion, data is removed within 30 days, except where retention is required by law. Meal photos default to 90-day retention (configurable later).

6. Your rights (GDPR)

You can access, export, rectify, delete, or object to processing of your data at any time. Most rights are exposed directly in Settings (export + delete). For others, contact us. You may also lodge a complaint with the Hellenic Data Protection Authority.

7. Cookies

We use only essential cookies for authentication and language preference. No advertising or third-party analytics cookies are set in the MVP.

8. Changes

Material changes are communicated via email or in-app notice. Continued use after notification constitutes acceptance.

9. Contact

Privacy enquiries / data subject requests: privacy@dietplan.example.