Privacy Policy
We collect only what helps us give you better nutrition guidance. Here is exactly what we track, why we track it, and how we keep it secure.
Data We Collect When You Book or Browse
To arrange a consultation or respond to a question, we need basic contact details. When you book a nutritionist session via our booking form, we ask for your name, email address, and phone number. This lets us confirm appointments and send preparation notes. If you choose to share dietary preferences, medical goals, or allergies ahead of time, we store that information securely so your nutritionist can prepare tailored advice. We do not ask for sensitive medical records unless you choose to provide them.
Website usage data is collected automatically: pages visited, time spent, and basic device information (browser, operating system). This helps us improve site performance and fix bugs. We use a minimal analytics setup that anonymizes IP addresses and does not track you across other sites. No advertising cookies are used. If you opt in to our cookie banner, it is strictly for remembering your preference and basic site functionality.
- Contact info: Name, email, phone for booking and support.
- Appointment details: Goals, dietary needs, allergies (if provided).
- Technical data: Anonymized page views, errors, device type.
- Communications: Notes if you email us (stored to resolve issues).
How We Use Your Information
We use your data to book your session, confirm logistics, and share preparation materials. Your contact details are used only for appointment-related communication and direct follow-ups you request. Technical data helps us identify site issues—like broken forms on mobile devices—so we can fix them quickly.
We never sell or rent personal information. If we use a third-party processor (e.g., email delivery for confirmations), they act under strict data processing agreements and cannot use your data for their own purposes.
Purposes
- Service delivery: scheduling and session preparation
- Support: responding to inquiries and resolving issues
- Improvement: fixing bugs and optimizing performance
- Compliance: meeting legal and regulatory requirements
Sharing and Security
No Sale, No Sharing
We do not sell, trade, or rent personal data to advertisers or data brokers. The only external sharing is for core operations (email delivery, secure hosting), under contracts that limit how your data is used.
Encryption in Transit
All booking forms and contact pages use HTTPS. Sensitive data is stored using industry-standard encryption. We regularly review access permissions and update software to patch vulnerabilities.
Retention Policy
We keep appointment notes for 12 months after your last session. Marketing emails are retained until you unsubscribe. You can request deletion anytime; we respond within 3 business days.
Legal Exceptions
We may disclose data if required by law, such as a valid court order or regulatory request. We will notify you unless prohibited.
Staff Access
Only assigned nutritionists and essential support staff can access your appointment details. All staff are trained on confidentiality and data hygiene.
Incident Response
If a breach occurs, we will notify affected users promptly and guide you on steps to protect your account.
Your Rights & Controls
You control your data. We provide simple tools to access, correct, or delete it.
Access and Correction
Ask for a copy of the data we hold about you. If anything is inaccurate, we will correct it promptly.
Deletion
Request deletion of your records. We will remove appointment history and contact details, except where we must retain them for legal reasons.
Marketing Preferences
Unsubscribe via any email footer or contact us to opt out of tips and updates. We will never send promotional content without consent.
Data Portability
If you switch providers, we can provide your information in a commonly used, machine-readable format.
Withdraw Consent
Where processing is based on consent (e.g., optional dietary preferences), you can withdraw it anytime without affecting your booking.
How We Evaluate This Policy
Assumptions
- Users value minimal data collection tied to tangible service.
- Most users access via mobile; clarity and comfort are key.
- Consent should be reversible without service penalty.
Constraints
- Retain records for 12 months post-session (clinical continuity).
- Cannot deliver service without contact details.
- Limited resources for complex privacy tooling.
What Would Change Our Mind
- Regulatory updates (e.g., Malaysian PDPA amendments).
- User feedback indicating policy clarity issues.
- Security incident prompting stronger retention controls.
Questions Investors Should Ask
What data is strictly required to deliver consultations?
Name and contact info to schedule and confirm. Health details are optional and user-provided.
How is consent managed and revoked?
Consent is explicit for optional data; users can opt out via email or unsubscribe links without losing core service.
What third parties process data?
Email delivery and secure hosting providers only, under data processing agreements with limited purposes.
What is the data retention policy?
Appointment notes for 12 months post-session; marketing data until unsubscribed; technical logs for operational needs.
How do you handle minors?
We do not knowingly collect data from minors without parental/guardian consent.
What happens in a breach?
We notify affected users, take immediate remediation, and report to relevant authorities as required.
Do you sell data or run ads?
No. We do not sell data or use advertising tracking.
Contact Us
Questions about this policy or your data? Reach us directly.
Sihat Balans
12 Jalan Ampang, Kuala Lumpur, 50450
Phone: +60 3-2026 8888
Email: [email protected]
Hours: Mon–Fri, 9:00–18:00
Response Time
We respond to privacy inquiries within 3 business days. If you request access or deletion, we will confirm completion within 5 business days.