Privacy Policy

[Entity Name] ABN [ABN] ("we", "us", "our", or "Platify") operates the Platify nutrition coaching platform (the "Service"). We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains what personal information we collect, how we use and disclose it, and the choices you have regarding your information. By using the Service, you consent to the practices described in this Policy.

This Policy should be read together with our Terms & Conditions and Cookie Policy.

We collect personal information in several ways, depending on how you interact with the Service. Under APP 3 (Collection of solicited personal information), we only collect information that is reasonably necessary for, or directly related to, our functions and activities.

2.1 Information You Provide Directly

Account Information

When you create an account via Google OAuth or email registration, we collect:

• Full name
• Email address
• Profile picture (from your Google account, if available)

Profile & Health Information

When you set up your nutrition profile, we collect:

• Age, gender, height, and weight
• Target weight and fitness goals (lose weight, build muscle, maintain)
• Activity level and occupation type
• Dietary preferences, allergies, and food exclusions
• Preferred cuisines and meals per day
• Timezone

Assessment Responses

When you complete the Platify nutrition assessment (Blueprint), we collect your answers to assessment questions, your score and tier classification, and any personal notes you choose to provide.

Contact Information

When you use our contact form, we collect your name, email address, message content, and any file attachments you provide (images or PDFs, up to 25 MB).

Payment Information

When you subscribe to a paid plan, your payment details (card number, billing address) are collected and processed directly by Stripe. We do not store your full payment card details. We receive and store your Stripe customer ID, subscription status, and billing period information.

Food Logging & Tracking

When you use our meal tracking features, we collect:

• Meals marked as eaten or skipped
• Foods logged manually, via barcode scanning, or photo recognition
• Scanned barcodes (GTIN/EAN codes)
• Weight logs and weekly check-in data (weight, energy level, mood, adherence rating, optional notes)
• Optional progress photos

Preferences & Feedback

We collect your ingredient substitution preferences, recipe ratings and favourites, and responses to coaching interventions (accepted, dismissed, or snoozed).

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

• Usage data: pages visited, features used, ingredient searches, meal plan interactions, and other actions within the Service (recorded as user events)
• Device information: browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access times, and referring URLs
• Performance data: page load times and application performance metrics

2.3 Information from Third Parties

We may receive information about you from third-party services:

• Google: name, email, and profile picture when you authenticate via Google OAuth
• Stripe: subscription status and payment confirmation details
• Open Food Facts: nutritional data associated with scanned food barcodes (no personal data is sent to Open Food Facts)

In accordance with APP 6 (Use or disclosure of personal information), we use your personal information only for the purposes for which it was collected, or for directly related purposes you would reasonably expect. Specifically, we use your information to:

Provide the Service

• Generate personalised meal plans based on your goals, preferences, and dietary requirements
• Provide nutrition coaching and assessment results (Blueprint)
• Calculate and display accurate nutritional information
• Process ingredient substitutions and dietary accommodations
• Track your meal adherence, weight progress, and coaching milestones

Manage Your Account

• Authenticate your identity and maintain your session
• Process subscription payments and manage billing
• Send transactional communications (account updates, billing confirmations, security alerts)

Improve the Service

• Analyse usage patterns to improve features and user experience
• Monitor application performance and fix technical issues
• Train and improve our AI models and nutritional database accuracy
• Generate aggregated, anonymised insights about nutrition trends

Communicate With You

• Respond to your enquiries and support requests
• Send coaching notifications, nudges, and milestone celebrations
• Send marketing communications (with your consent, and you may opt out at any time in accordance with the Spam Act 2003 (Cth))

Legal & Safety

• Comply with legal obligations and enforce our Terms & Conditions
• Detect, prevent, and address fraud or security issues

We recognise that some of the information we collect — including your weight, height, dietary requirements, health goals, meal tracking data, and assessment responses — may be considered sensitive information under the Privacy Act 1988 (Cth).

In accordance with APP 3.3, we only collect sensitive information with your consent. By providing this information through the Service, you consent to its collection and use for the purposes described in this Policy. Specifically:

• Health and nutrition data is used solely to generate personalised meal plans, calculate nutritional targets, track your progress, and provide coaching guidance.
• Dietary restriction and allergy data is used to ensure generated meal plans and ingredient substitutions are safe and appropriate for your needs.
• Weight and body measurement data is used to calculate caloric and macronutrient targets, track progress toward your goals, and adjust coaching recommendations.
• Weekly check-in data (mood, energy, adherence) is used to refine coaching strategies and detect when adjustments to your plan may be beneficial.

We do not use your health and nutrition data for advertising purposes or sell it to third parties. Your health data is never shared in identifiable form with business partners.

Platify uses artificial intelligence to provide its core features. We want you to understand how your data is processed by AI systems:

5.1 Meal Plan Generation

Your dietary preferences, goals, macro targets, and exclusions are sent to our AI meal generation service to create personalised recipes and meal plans. All AI-generated recipes undergo human review before being made available.

5.2 Nutrition Assessment (Blueprint)

Your assessment question responses and score are processed by AI to generate your personalised nutrition blueprint, including recommendations and coaching strategies.

5.3 Nutrition Coaching Agent

The coaching agent analyses your meal tracking data, adherence patterns, and progress to generate personalised nudges, coaching messages, and target adjustments.

5.4 Food Recognition

If you use the photo scanning feature, your food photos are sent to an AI vision service for recognition. The photos themselves are not permanently stored — only the recognition results (food name, estimated quantity) are retained.

5.5 Third-Party AI Services

Our AI features are powered by Google Gemini. When your data is processed by these services, it is subject to their respective privacy policies and data processing terms. We send only the minimum information required to provide the feature (e.g., dietary preferences for meal generation, not your full account profile).

In accordance with APP 6, we do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers

We use trusted third-party service providers to operate the Service. These providers are contractually obligated to protect your information and may only use it for the purposes we specify:

6.2 Anonymised & Aggregated Data

We may share anonymised, aggregated data with business partners, researchers, or other third parties for purposes such as industry research, nutritional trend analysis, and product development. This data is fully de-identified and cannot be used to identify you personally. Examples include aggregated usage statistics, popular cuisine trends, and general nutritional patterns across our user base.

6.3 Legal Requirements

We may disclose your personal information if required to do so by law, regulation, legal process, or enforceable government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6.4 Business Transfers

If [Entity Name] is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

In accordance with APP 8 (Cross-border disclosure of personal information), we inform you that some of our service providers are located outside Australia. Your personal information may be transferred to and processed in:

• United States: Google (authentication, AI services, analytics), Stripe (payment processing), Vercel (hosting and file storage), Resend (email delivery), Upstash (caching)
• Australia (ap-southeast-2): Neon PostgreSQL (primary database)

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information. Our third-party providers maintain industry-standard security certifications and data processing agreements.

By using the Service, you acknowledge and consent to the transfer of your personal information to these countries.

In accordance with APP 11.2, we retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Active Accounts

While your account is active, we retain all information necessary to provide the Service, including your profile, meal plans, tracking history, preferences, and user events.

Account Deletion

When you request account deletion, we will:

• Promptly delete or de-identify all personal information that is not required to be retained by law
• Retain records required for legal, tax, or regulatory purposes for the minimum period mandated by applicable law (for example, financial records may be retained for up to 7 years in accordance with the Income Tax Assessment Act 1997 (Cth) and Corporations Act 2001 (Cth))
• Permanently delete cached data (Redis session data expires automatically after 24 hours)

Anonymised Data

Anonymised, aggregated data that cannot identify you may be retained indefinitely for research, analytics, and service improvement purposes.

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights regarding your personal information:

Right of Access (APP 12)

You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. In most cases, access will be provided free of charge, though we may charge a reasonable fee for providing the information in a specific format.

Right of Correction (APP 13)

You have the right to request that we correct any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to correction requests within 30 days.

Right to Delete

You may request deletion of your account and associated personal information at any time by contacting us at legal@platify.com.au. Deletion is subject to the retention periods described in Section 8.

Right to Opt Out of Marketing

You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email, or by contacting us. Your preference will be updated promptly.

Right to Withdraw Consent

Where we rely on your consent to process personal information (such as sensitive health data), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that withdrawing consent for health data processing may affect our ability to provide certain features of the Service.

To exercise any of these rights, please contact us at legal@platify.com.au. We may need to verify your identity before processing your request.

In accordance with APP 11.1, we take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
• Encryption at rest: Your data is stored in encrypted databases hosted by Neon (PostgreSQL) with industry-standard encryption
• Authentication security: Passwords are hashed using bcrypt; OAuth tokens are securely stored and never exposed to client-side code
• Access controls: Administrative access is restricted to authorised personnel via email whitelist
• Payment security: Payment card data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor — we never store your full card details
• Session management: Sessions use JWT tokens with expiration and secure cookie attributes (HttpOnly, Secure)

While we take reasonable precautions, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your personal information.

We use cookies and similar tracking technologies to operate and improve the Service. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

In summary, we use:

• Essential cookies: Required for authentication and session management (NextAuth session cookie)
• Analytics cookies: Google Analytics and Microsoft Clarity for understanding how the Service is used
• Performance cookies: Vercel Speed Insights for monitoring application performance

The Service is not intended for persons under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18 without appropriate consent, we will take steps to delete that information promptly.

If you believe a child under 18 has provided us with personal information, please contact us at legal@platify.com.au.

We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or legal requirements. If we make material changes, we will notify you by:

• Posting the updated Policy on this page with a revised effective date;
• Sending you an email notification (for material changes); or
• Displaying a notice within the Service.

We encourage you to review this Policy periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

• Email: legal@platify.com.au

We will respond to your enquiry within 30 days in accordance with the Australian Privacy Principles.

In accordance with APP 1.4, if you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us at legal@platify.com.au. We will:

• Acknowledge your complaint within 7 days;
• Investigate the matter and provide a written response within 30 days; and
• Take appropriate action to resolve the complaint where we find it to be justified.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Online: www.oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001