mealPlan.fitFor Professionals

Privacy Policy

Last updated: March 20, 2026

mealplan.fit ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management platform for nutrition professionals.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (via Google Sign-in)
  • Phone number (via OTP verification)
  • Name (from your Google account or as provided)
  • Profile photo (optional)

1.2 Professional Information

For nutrition professionals, we collect:

  • Clinic/practice name
  • Qualifications and certifications
  • Specialties and experience
  • Clinic address and contact information
  • Social media links
  • Profile and cover images

1.3 Client Data

Professionals may store their clients' information on our platform, including:

  • Names and contact details (including WhatsApp numbers)
  • Health information (weight, height, vitals, blood pressure)
  • Medical conditions, allergies and medical history
  • Lab reports and blood test results
  • Clinical consultation notes
  • Dietary preferences and restrictions
  • Diet plans, meal plans and nutrition data
  • Recipes and food preferences
  • Appointment history

Note: Professionals are the data controllers for their clients' data. We process this data on behalf of Professionals as a data processor.

1.4 Usage Data

We automatically collect:

  • Device information (browser type, operating system)
  • IP address and general location
  • Pages visited and features used
  • Time spent on the platform
  • Error logs and performance data

1.5 Payment Information

Payment processing is handled by Razorpay. We do not store complete credit card numbers or banking details. We receive and store transaction IDs, payment status, and subscription details.

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Create accounts, enable features, process diet plans, generate meal plans and recipes
  • AI-Powered Processing: Analyse lab reports, summarise clinical notes, generate customised recipes and meal plan templates using artificial intelligence tools (see Section 4 for details on AI sub-processors)
  • Search and Retrieval: Index client records to enable efficient search across the platform
  • Process Payments: Handle subscriptions and billing through Razorpay
  • Communicate: Send diet plans, portal access links, service updates, and support responses via email and WhatsApp
  • Improve the Service: Analyze usage patterns, fix bugs, develop new features
  • Ensure Security: Detect fraud, prevent abuse, protect user data
  • Legal Compliance: Meet legal obligations under applicable laws including the Digital Personal Data Protection Act, 2023 and respond to lawful requests

3. Data Storage and Security

Infrastructure: Your data is stored on Google Cloud Platform (Firebase) with servers primarily located in Asia. Google Cloud maintains industry-leading security certifications including ISO 27001, SOC 2, and GDPR compliance.

Security Measures: We implement:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication via Google Sign-in and OTP verification
  • Access controls and role-based permissions
  • Regular security audits and monitoring
  • Firestore security rules to protect data access

Data Breach: In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law.

4. Third-Party Services and Sub-Processors

To deliver our services, we use the following third-party sub-processors. Your data is shared with these services only to the extent necessary for service delivery, and each is bound by their own data protection obligations:

4.1 Infrastructure and Storage

Firebase / Google Cloud Platform (Google LLC)

Authentication, database storage, file storage, cloud functions, and hosting. All client data is stored on Google Cloud infrastructure with encryption at rest and in transit.

Typesense Cloud (Typesense Inc.)

Search indexing service for efficient retrieval of client records. Indexes client names, contact details, and subscription status to enable fast search within the platform.

4.2 AI Processing

Google Gemini AI (Google LLC)

AI-powered processing including: recipe generation, meal plan template creation, lab report analysis, clinical note summarisation, and related outputs. Health data, lab report values, and dietary information may be sent to Google's AI services for processing. Google's AI API terms state that data sent via the API is not used to train their models.

Anthropic Claude AI (Anthropic PBC)

AI-powered lab report extraction and analysis. Lab report images and health parameters may be sent to Anthropic's API for data extraction. Anthropic's API terms state that data sent via the API is not used to train their models.

Important: When you use AI-powered features (such as lab report scanning or recipe generation), relevant health data is transmitted to and processed by the AI services listed above. By using these features, you consent to this processing. AI-generated outputs should always be reviewed by a qualified professional before use.

4.3 Payments

Razorpay (Razorpay Software Pvt. Ltd.)

Payment processing for subscriptions. We do not store complete credit card numbers or banking details. Transaction IDs, payment status, and subscription details are retained.

4.4 Communications

Resend (Resend Inc.)

Transactional email delivery for sending diet plans, portal access links, and service communications. Client email addresses, names, and diet plan content are shared with Resend for email delivery.

4.5 Analytics and Marketing

Google Ads (Google LLC)

Conversion tracking to measure the effectiveness of our advertising campaigns. Tracks page visits and signup events on our landing page. Enabled only with your cookie consent.

Meta Pixel (Meta Platforms Inc.)

Advertising conversion tracking on our landing page to measure campaign performance. Tracks page views and user interactions. Enabled only with your cookie consent for marketing cookies.

Each third-party service has its own privacy policy. We encourage you to review their policies. We do not control how these third parties process data beyond the scope of our agreements with them.

5. Data Sharing

We do NOT sell your personal data to third parties.

We may share data only:

  • With Service Providers: Third parties that help us operate the Service (as listed above)
  • For Legal Reasons: To comply with laws, regulations, legal processes, or government requests
  • To Protect Rights: To enforce our Terms, protect our rights, or ensure safety
  • With Consent: When you explicitly authorize us to share your information
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service.

  • Account Data: Retained until you delete your account
  • Client Data: Retained until deleted by the Professional or account deletion
  • Payment Records: Retained for 7 years as required by Indian tax laws
  • Usage Logs: Retained for up to 2 years for security and analytics

After account deletion, we may retain anonymized, aggregated data for analytics purposes.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format (JSON)
  • Restriction: Request limitation of data processing
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, visit Settings → Privacy & Data in your account, or contact us at support@simpleapps.world.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand how you use the Service (Google Analytics)
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through our cookie consent banner or your browser settings.

9. Applicable Data Protection Laws

We process personal data in accordance with applicable Indian data protection laws, including:

  • Digital Personal Data Protection Act, 2023 (DPDP Act): We act as a data processor on behalf of Professionals (who are data fiduciaries for their clients' data). We process data solely as instructed by the Professional and implement reasonable security safeguards as required under the Act.
  • Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

Professionals using our platform are responsible for ensuring they have obtained all necessary consents from their clients for the collection and processing of personal data, including for AI-powered features, in compliance with the DPDP Act, 2023.

10. Children's Privacy

The Service is intended for nutrition professionals and is not directed at children under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data is primarily stored in Google Cloud servers in Asia. If you access the Service from outside India, your data may be transferred to and processed in India. By using the Service, you consent to this transfer.

Google Cloud provides appropriate safeguards for international data transfers through standard contractual clauses and compliance certifications.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the following person has been designated as the Grievance Officer for the purpose of addressing any concerns or grievances related to data processing:

Grievance Officer

Name: Gaurav Gupta

Email: support@simpleapps.world

Address: 4a, Maharana Pratap Enclave, Pitampura, New Delhi - 110034

Grievances will be acknowledged within 24 hours and resolved within 30 days of receipt.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

SimpleApps.World (mealplan.fit)

4a, Maharana Pratap Enclave, Pitampura, New Delhi - 110034

Email: support@simpleapps.world

For data protection inquiries or to exercise your privacy rights, please include "Privacy Request" in the subject line.