Privacy Policy

At Forzafed, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This policy applies to all users globally. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Data Controller

Forzafed is operated by David Scorer, based in Newcastle Upon Tyne, United Kingdom. We operate the service available at forzafed.com and are the data controller responsible for your personal information.

For privacy-related enquiries, contact us at: hello@forzafed.com

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name
• Business name (optional)
• Password (stored encrypted)

2.2 Client Health Information

When you generate nutrition plans for your clients, we collect:

• Client name
• Age, gender, height, weight
• Fitness goals and activity level
• Dietary preferences and restrictions
• Medical conditions and allergies
• Weekly food budget

Important: This information is classified as "special category data" under GDPR (health data). We process it only with your explicit consent as a nutrition professional acting on behalf of your clients.

2.3 Payment Information

When you subscribe to a paid plan:

• Payment card details (processed and stored by Stripe, not by us)
• Billing address
• Subscription tier and billing history

2.4 Usage Information

We automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and features used
• Number of plans generated
• Audit logs of account activity

2.5 Branding Assets

If you customize your plan branding:

• Logo image (optional)
• Brand colour preferences

3. Legal Basis for Processing (GDPR)

We process your personal information under the following legal bases:

• Contract Performance: To provide our service, process payments, and fulfil our obligations to you (account data, usage tracking).
• Explicit Consent: For processing client health data, which you provide when generating nutrition plans.
• Legitimate Interests: To improve our service, prevent fraud, and maintain security (usage analytics, audit logs).
• Legal Obligation: To comply with tax, accounting, and data protection laws.

4. How We Use Your Information

We use your information to:

• Create and manage your account
• Generate AI-powered nutrition plans for your clients
• Process subscription payments
• Provide customer support
• Send service-related emails (receipts, plan updates)
• Improve our service quality and user experience
• Detect and prevent fraud or abuse
• Comply with legal obligations

We will never:

• Sell your personal information to third parties
• Use your client health data for marketing
• Share nutrition plans with anyone except you

5. Third-Party Service Providers

We share your information with trusted third-party processors who help us operate our service:

All processors are contractually bound to process your data only as instructed and to maintain appropriate security measures.

6. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States.

For transfers from the UK/EU to the USA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Processor commitments to GDPR-equivalent protections

We ensure all international transfers meet the requirements of UK GDPR, EU GDPR, and other applicable data protection laws.

7. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide our service
• Required by law (e.g., tax records: 6 years)

Upon account deletion:

• Personal data is deleted within 30 days
• Client health data is permanently deleted
• Anonymised usage analytics may be retained
• Legal/financial records retained as required by law

8. Your Rights

You have the following rights regarding your personal information:

8.1 Rights Under GDPR/UK GDPR (UK/EU Users)

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for health data processing
• Right to Lodge a Complaint: Complain to your data protection authority

8.2 Rights Under CCPA (California Users)

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at: hello@forzafed.com

We will respond within:

• GDPR requests: 30 days (may extend to 60 days for complex requests)
• CCPA requests: 45 days (may extend to 90 days)

You may also delete your account directly from the Settings page in your dashboard.

9. Cookies and Tracking

We use essential cookies to:

• Keep you signed in
• Remember your preferences
• Prevent fraud and abuse

We do not use:

• Third-party advertising cookies
• Social media tracking pixels
• Cross-site tracking

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using our service.

10. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Row-level security policies on database tables
• Regular security audits and updates
• Rate limiting to prevent abuse
• Audit logging of account activity
• Password hashing with industry-standard algorithms

However, no system is 100% secure. If you suspect unauthorized access to your account, contact us immediately at hello@forzafed.com.

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last updated" date
• Sending an email to your registered email address
• Displaying a prominent notice in the dashboard

Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

14. Supervisory Authority

If you are in the UK/EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your country's data protection authority - Find your DPA