OptimealHealth ← Back to home

Privacy Policy

Last updated: March 2025 · GDPR compliant

1. Data Controller

The data controller for personal data collected through the site is OptiMealHealth. Contact: privacy@optimealhealth.com

2. Data Collected

Data	Purpose	Legal Basis	Retention
Email address	Account creation, communication	Contract performance	Account duration + 3 years
Password (hashed)	Secure authentication	Contract performance	Account duration
Profile data (BMI, allergies, goals)	Personalised coaching	Consent	Account duration
AI conversation history	Coaching continuity	Legitimate interest	12 months
Payment data (Stripe)	Subscription management	Contract performance	Managed by Stripe
Connection logs	Security, fraud prevention	Legitimate interest	6 months

3. Data Sharing

Your data is never sold to third parties. It may be shared with:

• Groq Inc. (AI processing) — privacy policy: groq.com/privacy
• Stripe Inc. (secure payments) — privacy policy: stripe.com/privacy
• OVHcloud (data hosting) — servers located in Europe

4. Cookies

The site uses a strictly necessary session cookie (optimeal_token) for authentication. No advertising or third-party tracking cookies are used.

5. Your Rights (GDPR)

Under GDPR, you have the right to: access, rectify, erase, port your data, object to processing, and request restriction of processing.

To exercise these rights: privacy@optimealhealth.com. Response within 30 days.

6. Security

We implement appropriate technical measures: bcrypt password hashing, HTTPS connections, JWT authentication, restricted database access.

7. International Transfers

Groq Inc. and Stripe Inc. are US companies. Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.