Privacy Policy

Overview
Information We Collect
How We Collect Information
How We Use Your Information
Third-Party Services
Data Storage & Security
Data Retention
Your Rights
Cookies & Analytics
Children's Privacy
International Data
Changes to This Policy
Contact

Plain English summary: We collect your email, password, meal preferences, diary entries, and weight logs to provide you with a personalised meal planning service. We don't sell your data. We use Supabase to store it securely and Anthropic's AI to generate your recipes. Stripe handles payments — we never see your card number.

1. Overview

Fork Fit (forkfit.health) is operated by Jake Chisholm ABN 87 687 307 491 trading as Fork Fit ("we", "us", "our").

This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using Fork Fit, you consent to the practices described in this policy.

2. Information We Collect

Account Information

Email address
Password (stored in hashed form by Supabase — we cannot read your password)

Questionnaire & Preference Data

Daily calorie goal
Health and fitness goals
Body weight (if provided)
Dietary requirements and restrictions
Cooking skill level and time preferences
Budget preferences
Cuisine preferences
Ingredient exclusions

Usage Data

Meal plans generated and saved
Food diary entries (meals logged, dates, calorie and macro data)
Weight log entries (dates, weights)
Shopping list selections
Locked meals and phase history

Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed exclusively by Stripe. We do not receive, store, or have access to your full card details. We may receive limited information from Stripe such as the last four digits of your card, card brand, and transaction status for billing administration.

Technical Information

Browser type and version
Device type
IP address
Pages visited and time spent

3. How We Collect Information

We collect information:

Directly from you — when you create an account, complete the onboarding questionnaire, log meals, record your weight, or contact us
Automatically — through your use of the service (e.g. technical data, usage patterns)
From third-party services — limited data from Stripe (payment status) and Supabase (authentication events)

4. How We Use Your Information

Purpose	Data Used
Generate personalised meal plans	Questionnaire answers, dietary preferences, calorie targets
Provide food diary and weight tracking	Diary entries, weight logs
Generate shopping lists	Selected meals and serving sizes
Provide calorie adjustment advice	Weight logs, calorie targets, health goals
Process payments	Email, subscription status (via Stripe)
Send service-related communications	Email address
Improve and develop the service	Aggregated and anonymised usage data
Comply with legal obligations	Account data, transaction records

    We will never: sell your personal information to third parties, use your data for advertising purposes, or share your individual health or dietary data with anyone without your explicit consent.
  

5. Third-Party Services

Fork Fit uses the following third-party services to operate:

Service	Purpose	Data Shared
Supabase	Authentication, database, and file storage	Email, password (hashed), all user-generated data (meal plans, diary entries, weight logs, shopping lists)
Anthropic (Claude AI)	AI recipe and meal plan generation	Questionnaire answers (dietary preferences, calorie targets, ingredient exclusions). No personal identifiers (name, email) are sent to Anthropic.
Stripe	Payment processing	Email, payment card details (handled directly by Stripe)
Vercel	Website hosting	IP address, browser data (standard web hosting logs)

Each third-party service operates under its own privacy policy. We encourage you to review them:

6. Data Storage & Security

Your data is stored on Supabase servers in the Asia-Pacific (Southeast Asia) region. We implement the following security measures:

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
Passwords are hashed using industry-standard algorithms — we cannot read or recover your password
Row Level Security (RLS) policies ensure users can only access their own data
API keys and secrets are stored as environment variables, never in client-side code
Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified)

While we take reasonable steps to protect your data, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

Active accounts: Your data is retained for as long as your account is active
Cancelled subscriptions: Data is retained in read-only mode for 30 days after cancellation, then may be permanently deleted
Deleted accounts: We will delete your personal data within 30 days of account deletion request, except where we are required by law to retain it
Payment records: Transaction records may be retained for up to 7 years to comply with Australian tax and financial reporting obligations

8. Your Rights

Under the Australian Privacy Act, you have the right to:

Access — request a copy of the personal information we hold about you
Correction — request that we correct any inaccurate or incomplete information
Deletion — request deletion of your personal data (subject to legal retention requirements)
Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act

To exercise any of these rights, contact us at jakechisholm@live.com.au. We will respond within 30 days.

9. Cookies & Analytics

Fork Fit uses minimal cookies necessary for the service to function:

Authentication cookies — to keep you signed in (set by Supabase)
Local storage — to store non-sensitive preferences (e.g. trial start date)

We do not currently use third-party analytics, advertising cookies, or tracking pixels. If this changes, we will update this policy and notify you.

10. Children's Privacy

Fork Fit is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. International Data

While Fork Fit is an Australian service, some of our third-party providers (Supabase, Anthropic, Stripe, Vercel) may process data in other countries, including the United States. By using Fork Fit, you consent to the transfer of your data to these jurisdictions.

We take reasonable steps to ensure that overseas recipients of your data comply with privacy standards comparable to the Australian Privacy Principles.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last updated" date at the top of this page
For material changes, we will notify you via email or an in-app notice
Continued use of the service after changes constitutes acceptance

13. Contact

If you have any questions or concerns about this Privacy Policy, or wish to make a complaint, please contact:

Fork Fit — Privacy Enquiries
Jake Chisholm
Email: jakechisholm@live.com.au
Website: forkfit.health

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

Contents