Last updated: April 26, 2026

Privacy Policy

This is a summary policy for the Ghizayat website. Have it reviewed by a qualified lawyer before public launch — particularly for compliance with Pakistan's Personal Data Protection Bill, the UK GDPR, EU GDPR, and US state laws (CCPA, HIPAA where applicable).

1. What we collect

Account data: name, email, phone, country, timezone
Health data: medical history, current medications, food diary, lab results, weight, body composition (only with your explicit consent)
Communication data: messages with your dietitian, support emails, WhatsApp conversations
Payment data: handled by Stripe / SafePay — we do not store full card numbers
Technical data: IP address, browser, device, basic analytics (via PostHog)

2. How we use it

To deliver your nutrition program and personalised meal plan
To communicate with you about your program, follow-ups, and updates
To process payments
To improve our service (anonymised analytics only)
To comply with legal obligations

3. Who has access

Only you and your assigned dietitian can see your health data. Internal staff access is restricted to operational necessity. We do not sell, rent, or share your data with third parties for marketing.

4. Where it's stored

Encrypted at rest on Supabase (AWS-backed) servers in [region — to be locked]. Backups are encrypted. Database access is restricted by row-level security.

5. Your rights

You have the right to:

Access a copy of your data
Correct any inaccuracy
Request deletion (subject to legal retention obligations)
Withdraw consent for data processing
Lodge a complaint with your country's data authority

6. Cookies

We use minimal cookies — session cookies for authentication and an anonymous analytics cookie (PostHog). No third-party advertising trackers.

7. Contact

For privacy questions, email privacy@ghizayat.com. We respond within 7 business days.

This policy will be updated periodically. Material changes will be communicated by email at least 30 days before they take effect.