Privacy Notice

Last updated 28 June 2026.

This notice explains what personal data Nutritional (“the app”) collects, why, how long it is kept, and the rights you have over it. The app is a private, invitation-only nutrition tracker.

Who is responsible for your data

The data controller is Thomas Charman, who operates this app as an individual. You can reach the controller for any privacy matter — including access, export, correction, deletion, or a complaint — through the contact form. We do not publish a direct email address; the form delivers your message privately.

What data we collect and where it comes from

• Your email address and name, provided by Google when you sign in with your Google account (Single Sign-On). We receive only your verified email and display name.
• Waitlist email address, if you ask to join the waitlist from the access-denied screen.
• The data you enter in the app: food logs, body weights, calorie and nutrient targets, saved meals, and meal plans. Some of this can reveal information about your health.
• Privacy requests you submit through the contact form (the email you give us and your message).

Why we use it, and our lawful bases

• Letting the right people in (access control). We compare your Google-verified email against an authorised-user list to operate a private app and prevent unauthorised access. Lawful basis: our legitimate interests in securing the app.
• Providing the tracking features. We store the food, weight, target, meal and plan data you enter because that is the service you are asking the app to perform. Lawful basis: performance of the service you request.
• Health-related data. Your food logs, weights, targets and plans may reveal information about your health, so we treat them as special category data. We rely on your explicit consent (UK GDPR Article 9(2)(a)), which we ask for the first time you use the app. You can withdraw consent at any time by asking us to delete your data; withdrawal does not affect processing carried out before you withdrew.
• Waitlist. If you join the waitlist, we keep your email to consider you for access. Lawful basis: your consent, given by choosing to join.

Who we share it with

We do not sell your data or use it for advertising or profiling. The app relies on a small number of service providers acting on our behalf:

• Google — for sign-in (Single Sign-On) and for delivering contact-form messages to us by email.
• Our hosting and database — the app and its PostgreSQL database run on a private server we control.

Where a provider processes data outside the UK, we rely on the provider’s standard data-protection terms and safeguards.

How long we keep it

• App data (food, weight, targets, meals, plans) — kept until you ask us to delete it or your account is closed.
• Account email and name — kept while your account is active; removed when the account is deleted.
• Waitlist email — kept until you are invited or your request is declined.
• Privacy requests — kept as a record of how we handled your request (accountability), separate from your account.
• Backups — encrypted database backups are kept on a short rolling cycle; deleted data ages out of that cycle and is not restored into live use.

Your rights

You have the right to:

• ask for a copy of the personal data we hold about you (access);
• export your data in a machine-readable format — signed-in users can download all of their data as JSON or CSV from the account menu (portability);
• have inaccurate data corrected;
• have your data deleted (erasure);
• withdraw consent for health-data processing at any time.

To exercise any of these, use the contact form. We may need to verify your identity first, and we will respond within one month.

Complaints

If you are unhappy with how we handle your data, please tell us first through the contact formso we can put it right. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint.