Privacy Notice

Last updated: 5/14/2026

This Privacy Notice describes how Renan calefi ("we", "us"), operator of Plate Balance (the "Service"), collects, uses, and shares your personal data. We act as the data controller for personal data processed through the Service.

1. Data We Collect

• Account data: name, email address, password (hashed), authentication identifiers.
• Profile & health data: goals, body measurements, body photos, progress history.
• Meal data: meal photos, AI-generated nutrition estimates, notes.
• Coach relationship data: coach applications, messages, client–coach links.
• Usage & device data: IP address, browser/device identifiers, log data, telemetry.
• Support data: messages and attachments you send when contacting support.

2. Why We Process It (Purposes & Legal Basis)

• To provide the Service (account creation, meal/progress tracking, coach matching) — performance of contract.
• To process subscriptions via Paddle — performance of contract.
• Security & fraud prevention — legitimate interests / legal obligation.
• Product improvement & analytics — legitimate interests.
• Customer support — performance of contract / legitimate interests.
• Marketing communications — consent (you can withdraw at any time).

3. Sharing

We share personal data only with:

• Service providers / subprocessors — hosting (Lovable Cloud / Supabase), AI providers used to analyze meals, email and analytics tooling.
• Paddle.com — our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
• Coaches you choose to connect with, who can access the data you share with them within the Service.
• Professional advisers (legal, accounting) and authorities where required by law.

We do not sell your personal data.

4. International Transfers

Your data may be processed outside your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep personal data only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, data is deleted or anonymised. You can delete your account at any time, which removes your personal data subject to legal retention requirements.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict or object to processing, port your data, and withdraw consent. EEA/UK users may lodge a complaint with their supervisory authority. We aim to respond to requests within one month.

7. Security

We apply appropriate technical and organisational measures including encryption in transit, access controls, and row-level security on our database. No system is fully secure; please use a strong, unique password.

8. Cookies

We use essential cookies/local storage to keep you signed in and to remember preferences. We may use analytics cookies to understand usage. You can manage cookies via your browser.

9. Contact

For privacy questions or to exercise your rights, contact us through the Service.