Legal

Privacy Policy

Last updated: 22 May 2026 · Effective: 22 May 2026

Plait Health Limited ("Plait Health", "we", "us") respects your privacy. This policy explains what data we collect when you use the Plait Health iOS app (the "App"), how we use it, and your rights. We do not sell your health data. Ever.

1. Who we are

Plait Health is a nutrition app for people managing chronic health conditions, built and operated by Plait Health Limited. Contact: privacy@plaithealth.app.

2. Data we collect

We collect the minimum data needed to make the App useful for you. Specifically:

• Account data — your email address (for sign-in and account recovery).
• Health data you choose to provide — conditions, allergies, medications, life-stage (e.g. pregnancy, menopause), symptoms, dietary preferences, and the markers you track (blood pressure, weight, blood glucose, sleep, custom).
• Meals you log — food entries, photos you scan, and notes you add.
• App usage — anonymous events such as which screens you visit and how often you use specific features. Used to improve the App. Never tied to your identity in third-party analytics.
• Purchase data — subscription status (active / trial / expired), product identifiers, and renewal dates. Apple processes the actual payment; we never see your card details.

3. How we use your data

We use your data strictly to:

• Personalise meal plans, AI scanner warnings, and tracking insights to your specific conditions.
• Authenticate you when you sign in.
• Send you in-app notifications you have opted into (meal reminders, weekly summaries).
• Provide customer support when you contact us.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with our legal obligations.

We do not use your health data for advertising, profiling for marketing, or sale to any third party.

4. Where your data is stored

Your data is stored encrypted at rest in Supabase (PostgreSQL, hosted on AWS infrastructure). Row-level security ensures only your authenticated account can access your records. Photos you scan are stored in a private bucket and accessed only via short-lived signed URLs.

5. Third-party processors

We use a small number of carefully chosen processors. Each is bound by a Data Processing Agreement.

• Supabase Inc. — authentication, database, storage, edge functions.
• Anthropic, PBC — the AI model that powers the food scanner. Photos you submit are sent to the model for analysis; Anthropic does not retain them for training under our enterprise agreement.
• Apple Inc. — payments, subscription management, push notifications, App Store distribution.
• RevenueCat, Inc. — subscription state synchronisation. Receives anonymous product identifiers, not your health data.

6. Sharing

We do not share, rent, lease, or sell your personal or health data to any third party for marketing, advertising, or analytics. We may disclose data only when:

• You ask us to (e.g. exporting your data, sharing a doctor-ready PDF report).
• It is required by law, court order, or to protect rights, property, or safety.
• Plait Health is involved in a merger, acquisition, or asset sale — in which case you will be notified before your data is transferred and given a meaningful opportunity to delete it.

7. Your rights

You have the right to:

• Access — request a copy of all your data.
• Correct — update or correct anything that's wrong.
• Delete — wipe your account and all associated data with one tap in Settings → Privacy → Delete account. The action is permanent and immediate.
• Restrict or object — limit how we use your data, including opting out of analytics.
• Portability — receive your data in a machine-readable format.

Email privacy@plaithealth.app to exercise any of these. We aim to respond within 30 days.

8. Children

Plait Health is rated 13+ on the App Store and is not designed for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We take security seriously. Passwords are bcrypt-hashed server-side. Authentication tokens are stored in Apple Keychain via iOS Secure Enclave. All API traffic is TLS-encrypted. Database access is governed by row-level security policies. No system is perfectly secure — if you discover a vulnerability, please email security@plaithealth.app.

10. International transfers

Plait Health is operated from New Zealand. Your data may be transferred to and processed in other jurisdictions (notably the United States, where our processors host infrastructure). Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to this policy

If we make material changes, we will notify you in-app at least 30 days before they take effect. Minor clarifications may be made at any time; the "Last updated" date at the top will reflect the change.

12. Contact

Privacy questions: privacy@plaithealth.app
Security: security@plaithealth.app
General support: torofn49@gmail.com

← Back to Plait Health