# Fork Fit — Privacy Policy

> Effective date: 31 March 2026 · Last updated: 31 March 2026
> Canonical HTML version: https://www.forkfit.health/privacy.html

**Plain English summary**: We collect your email, password, meal preferences, diary entries, and weight logs to provide a personalised meal planning service. We don't sell your data. We use Supabase to store it securely and Anthropic's AI to generate your recipes. Stripe handles payments — we never see your card number.

## 1. Overview

Fork Fit (forkfit.health) is operated by Jake Chisholm, ABN 87 687 307 491, trading as Fork Fit ("we", "us", "our").

This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the **Australian Privacy Act 1988 (Cth)** and the **Australian Privacy Principles (APPs)**.

By using Fork Fit, you consent to the practices described in this policy.

## 2. Information we collect

### Account information
- Email address
- Password (stored in hashed form by Supabase — we cannot read your password)

### Questionnaire and preference data
- Daily calorie goal
- Health and fitness goals
- Body weight (if provided)
- Dietary requirements and restrictions
- Cooking skill level and time preferences
- Budget preferences
- Cuisine preferences
- Ingredient exclusions

### Usage data
- Meal plans generated and saved
- Food diary entries (meals logged, dates, calorie and macro data)
- Weight log entries (dates, weights)
- Shopping list selections
- Locked meals and phase history

### Payment information
Payment details (credit card numbers, billing addresses) are collected and processed exclusively by **Stripe**. We do not receive, store, or have access to your full card details. We may receive limited information from Stripe such as the last four digits of your card, card brand, and transaction status for billing administration.

### Technical information
- Browser type and version
- Device type
- IP address
- Pages visited and time spent

## 3. How we collect information

- **Directly from you** — when you create an account, complete onboarding, log meals, record weight, or contact us
- **Automatically** — through your use of the service (technical data, usage patterns)
- **From third-party services** — limited data from Stripe (payment status) and Supabase (authentication events)

## 4. How we use your information

| Purpose | Data used |
|---|---|
| Generate personalised meal plans | Questionnaire answers, dietary preferences, calorie targets |
| Provide food diary and weight tracking | Diary entries, weight logs |
| Generate shopping lists | Selected meals and serving sizes |
| Provide calorie adjustment advice | Weight logs, calorie targets, health goals |
| Process payments | Email, subscription status (via Stripe) |
| Send service-related communications | Email address |
| Improve and develop the service | Aggregated and anonymised usage data |
| Comply with legal obligations | Account data, transaction records |

**We will never** sell your personal information to third parties, use your data for advertising, or share your individual health or dietary data with anyone without your explicit consent.

## 5. Third-party services

| Service | Purpose | Data shared |
|---|---|---|
| **Supabase** | Authentication, database, file storage | Email, password (hashed), all user-generated data |
| **Anthropic (Claude AI)** | AI recipe and meal plan generation | Questionnaire answers (dietary preferences, calorie targets, exclusions). No personal identifiers sent. |
| **Stripe** | Payment processing | Email, card details (handled directly by Stripe) |
| **Vercel** | Website hosting | IP address, browser data (standard logs) |

Each operates under its own privacy policy:
- https://supabase.com/privacy
- https://www.anthropic.com/privacy
- https://stripe.com/au/privacy
- https://vercel.com/legal/privacy-policy

## 6. Data storage and security

Your data is stored on **Supabase** servers in the **Asia-Pacific (Southeast Asia) region**.

- All data in transit is encrypted via TLS (HTTPS)
- Passwords hashed using industry-standard algorithms (we cannot read or recover your password)
- Row Level Security (RLS) ensures users can only access their own data
- API keys and secrets stored as environment variables, never in client-side code
- Payment data handled exclusively by Stripe (PCI-DSS Level 1 certified)

While we take reasonable steps to protect your data, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

## 7. Data retention

- **Active accounts**: data retained while your account is active
- **Cancelled subscriptions**: read-only retention for 30 days, then may be permanently deleted
- **Deleted accounts**: personal data deleted within 30 days of request, except where law requires retention
- **Payment records**: retained up to 7 years for Australian tax and financial reporting obligations

## 8. Your rights

Under the Australian Privacy Act, you have the right to:

- **Access** — request a copy of personal information we hold about you
- **Correction** — request correction of inaccurate or incomplete information
- **Deletion** — request deletion of your personal data (subject to legal retention requirements)
- **Complaint** — lodge a complaint with the [OAIC](https://www.oaic.gov.au/privacy/privacy-complaints) if you believe we've breached the Privacy Act

To exercise these rights, contact `jakechisholm@live.com.au`. We respond within 30 days.

## 9. Cookies and analytics

Fork Fit uses minimal cookies necessary for the service to function:

- **Authentication cookies** — keep you signed in (set by Supabase)
- **Local storage** — store non-sensitive preferences (e.g., trial start date)

We do **not** currently use third-party analytics, advertising cookies, or tracking pixels. If this changes, we'll update this policy and notify you.

## 10. Children's privacy

Fork Fit is not intended for users under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

## 11. International data

While Fork Fit is an Australian service, some third-party providers (Supabase, Anthropic, Stripe, Vercel) may process data in other countries including the United States. By using Fork Fit, you consent to this transfer.

We take reasonable steps to ensure overseas recipients comply with privacy standards comparable to the Australian Privacy Principles.

## 12. Changes to this policy

We may update this Privacy Policy from time to time:

- We update the "Last updated" date at the top
- For material changes, we notify you via email or in-app notice
- Continued use after changes constitutes acceptance

## 13. Contact

**Fork Fit — Privacy Enquiries**
Jake Chisholm
Email: jakechisholm@live.com.au
Website: https://www.forkfit.health

If you're not satisfied with our response, you may lodge a complaint with the [Office of the Australian Information Commissioner](https://www.oaic.gov.au).

## See also

- [Terms of Service](/terms.md)
- [Homepage](/index.md)
- [Original HTML version](/privacy.html)