Privacy Policy

1. Introduction

Felly Medical Aesthetics Ltd ("we", "our", or "us") operates CalorieNaija, a digital health food diary application. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Name and email address
• Age, gender, and physical measurements (height, weight)
• Health goals and dietary preferences
• Health conditions (if voluntarily provided)

2.2 Health and Nutrition Data

When you use the Service, we collect:

• Meal logs and food entries
• Photos of meals (if you use the photo scanning feature)
• Nutritional intake data (calories, macronutrients, sodium)
• Progress tracking information

2.3 Usage Data

We automatically collect:

• Device information (type, operating system, browser)
• IP address and location data
• Usage patterns and feature interactions
• Error logs and performance data

2.4 Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full payment card details. We receive only limited information such as the last four digits of your card and expiry date for display purposes.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Calculate personalised calorie and nutrition recommendations
• Analyse food photos and provide nutritional information
• Track your progress towards health goals
• Send you service-related notifications and updates
• Process subscription payments
• Improve and optimise the Service
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

• Contract Performance: To provide the Service you've signed up for
• Consent: When you voluntarily provide health information or photos
• Legitimate Interests: To improve our Service and prevent fraud
• Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

5.1 Service Providers

• Stripe: Payment processing
• Cloud hosting providers: Data storage and application hosting
• Analytics providers: Service improvement and performance monitoring

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Staff training on data protection

However, no method of transmission over the internet is 100% secure. Whilst we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Aggregated and anonymised data may be retained indefinitely for statistical and research purposes.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time

To exercise these rights, please contact us at [email protected]. We will respond within one month.

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences
• Analyse usage patterns
• Improve Service performance

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the Service.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

11. Children's Privacy

CalorieNaija is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after such changes constitutes acceptance of the updated policy.

13. Contact Us and Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):