Privacy Policy — Australia

1. Who We Are

mealPlan.fit is operated by Simple Apps, a business registered in India. We are the entity responsible (data controller) for personal information collected from Australian users. We do not currently have a registered business presence in Australia.

Privacy contact: support@simpleapps.world

2. How This Policy Fits

If you are an Australian resident, this addendum governs how we collect, use, store and disclose your personal information. Our main Privacy Policy contains the full list of data categories and processing purposes and applies alongside this document.

3. APP 1 — Open and Transparent Management

We maintain this publicly accessible policy and review it at least annually. Questions or complaints may be directed to our privacy contact above and will be acknowledged within 7 days and substantively responded to within 30 days.

4. APP 2 — Anonymity and Pseudonymity

You can browse our public content (homepage, marketing pages, public recipes) without identifying yourself. Account creation, subscription, and access to the practice management features require identification so we can secure your data and deliver the service.

5. APP 3, 4, 5 — Collection of Information

We collect personal information directly from you when you create an account, subscribe, or use the service. Categories are listed in our main Privacy Policy and include: account details, professional information, client-record data you enter, and usage data. We notify you of collection at the point of collection through our signup forms and this policy.

We do not knowingly collect personal information about third parties without your authority. If you enter client data on behalf of your clients, you are responsible for ensuring you have the client's consent to do so.

6. APP 6 — Use and Disclosure

We use personal information only for the primary purposes of providing the service (account management, client management features, meal planning, billing, support) and for secondary purposes reasonably related to that service where you would expect it (e.g., security, analytics, product improvement).

We do not sell personal information. We do not share client health data with third parties except where required by law or necessary to deliver the service (e.g., hosting infrastructure).

7. APP 7 — Direct Marketing

We only send you marketing communications if you have opted in. Every marketing email contains an unsubscribe link that is honoured within 5 business days. Transactional emails (receipts, security notifications, service updates) are not marketing and cannot be unsubscribed from while you hold an account.

8. APP 8 — Cross-Border Disclosure (Important)

Your personal information is stored and processed outside Australia. Specifically:

• India — Simple Apps operations, support, and administrative access
• United States — Google Cloud Firestore (primary database, us-east1 region), Firebase services, OpenAI API (AI features)
• Other jurisdictions — where service providers such as Stripe, Razorpay, Typesense (search), and email/SMS providers operate

By using mealPlan.fit, you consent to this cross-border disclosure. We take reasonable steps to ensure overseas recipients comply with the Australian Privacy Principles, including through contractual arrangements with major processors (Google, OpenAI, Stripe). However, once information is disclosed overseas, it may become subject to foreign laws that differ from Australian privacy law.

9. APP 10 — Data Quality

We take reasonable steps to keep personal information accurate, complete, and up to date. You can update most of your information directly from your account settings. If you need help, contact support@simpleapps.world.

10. APP 11 — Data Security

We protect personal information using industry-standard measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls within our team
• Hosted on Google Cloud infrastructure with automatic backups
• Logging and monitoring of administrative access

Data breach notification: we comply with the Notifiable Data Breaches (NDB) scheme. If we become aware of an eligible data breach that is likely to result in serious harm, we will notify affected Australian individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and in any event within 72 hours of becoming aware where required.

11. APP 12 — Access to Your Information

You may request a copy of the personal information we hold about you. Submit a request to support@simpleapps.world or via our privacy request form. We will respond within 30 days. There is no fee for reasonable requests.

12. APP 13 — Correction

If any personal information we hold about you is inaccurate, incomplete, or out of date, you may correct it yourself in your account or request correction by emailing us. We will make corrections within a reasonable time and, where relevant, notify third parties to whom we disclosed the information.

13. Retention and Deletion

We retain personal information for as long as your account is active. After account closure, we retain certain records (invoices, clinical records you chose to export, audit logs) for up to 7 years where required by law or to support your professional record-keeping obligations as an Australian Accredited Practising Dietitian (APD) or equivalent. You may request earlier deletion, which we will action except where retention is legally required.

14. Complaints

If you believe we have breached the APPs, please contact us first at support@simpleapps.world. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

15. Updates to This Policy

We may update this policy from time to time. Material changes will be notified via email to active account holders. The “Last updated” date at the top of this page reflects the most recent revision.