⚖️ Legal Document

Privacy Policy

We believe privacy is a fundamental right. This policy explains exactly what data we collect, why, and how you can control it.

🌍 Applies Globally 📖 ~8 min read

Compliance & Standards

NutriMeal Planner is designed with privacy-by-default. We comply with international data protection laws:

✅ GDPR – EU/EEA ✅ CCPA – California ✅ PDPA – Pakistan ✅ PIPEDA – Canada ✅ LGPD – Brazil ✅ POPIA – South Africa
🔒
Privacy-by-Design: Your BMI, age, weight, and height data is processed entirely in your browser. This sensitive health data is never sent to our servers and is never stored beyond your current session.
1

Who We Are

NutriMeal Planner ("we", "us", "our", "the Service") is a free, browser-based nutrition and meal planning application available at nutrition.kanzulilm.com.

For the purposes of applicable data protection legislation, NutriMeal Planner acts as the Data Controller for personal data we collect through the Service.

DetailInformation
Service NameNutriMeal Planner
Websitenutrition.kanzulilm.com
HostingCloudflare Pages
Contact Emailprivacy@kanzulilm.com
DPO Contactprivacy@kanzulilm.com
2

What Data We Collect

2.1 Data You Enter Directly (Health Data)

When you use the BMI & Calorie Calculator, you may enter:

  • Age, gender, weight (kg), height (cm)
  • Activity level preference
  • Dietary preferences (vegetarian, high-protein, low-carb)
🛡️
This data stays on your device. All calculations happen in your browser using JavaScript. No health data is transmitted to, stored on, or processed by our servers at any time.

2.2 Data Stored Locally (localStorage)

With your implicit consent by using the Service, we store the following data only in your browser's localStorage (on your device):

Data TypePurposeDuration
Saved favourite recipes (IDs + names)Personalization – quick access to saved recipesUntil manually deleted
Usage streak (last visit date + count)Engagement – motivational streak counterUntil manually deleted
Shopping list checkbox statesUX – remember which items are checked offSession only

You can clear all locally stored data at any time by clearing your browser's localStorage (Settings → Privacy → Clear browsing data) or by using your browser's developer tools.

2.3 Automatically Collected Data (Analytics)

We may collect the following anonymous, aggregated technical data through our hosting provider (Cloudflare):

  • Country-level geolocation (not city or IP address)
  • Browser type and operating system (generic)
  • Pages visited and time on page
  • Referral source (how you found the site)
  • Device type (mobile/desktop/tablet)
ℹ️
Cloudflare's analytics are cookieless and privacy-preserving. No individual user is tracked or profiled. We receive only aggregated statistics. See Cloudflare's Privacy Policy.

2.4 Advertising Data (Google AdSense)

We display advertisements through Google AdSense to keep the service free. Google may collect data to serve personalised ads. See Section 5 for full details.

2.5 Data We Do NOT Collect

  • ❌ No name, email address, or password
  • ❌ No account registration or login required
  • ❌ No precise location data or GPS coordinates
  • ❌ No payment or financial information
  • ❌ No photographs, voice recordings, or biometric data
  • ❌ No social media account data
  • ❌ No exact IP address stored by us
3

How We Use Your Data

We use the limited data we collect solely for the following purposes:

PurposeData UsedLegal Basis
Providing the meal planning serviceDietary preferences, ingredient selectionsLegitimate interest / Contract
Saving your favourite recipesRecipe IDs (local only)Consent (implicit)
Streak tracking for engagementVisit date (local only)Consent (implicit)
Improving the serviceAnonymous aggregate analyticsLegitimate interest
Displaying relevant advertisementsGoogle AdSense cookies (by Google)Consent (where required)
Legal complianceMinimal data as required by lawLegal obligation
⚠️
We never sell, rent, or trade any data to third parties. We do not use your data for profiling, automated decision-making, or any purpose beyond those listed above.
4

Cookies & Tracking Technologies

4.1 First-Party Cookies

NutriMeal Planner does not set any first-party cookies. We use browser localStorage instead of cookies for saving preferences, which means this data is never transmitted with HTTP requests.

4.2 Third-Party Cookies (Google AdSense)

Google AdSense may set the following cookies to serve personalised advertisements:

Cookie NamePurposeDuration
NIDAd targeting preferences6 months
ANIDAd personalisation13 months
IDEConversion tracking13 months
1P_JARAd frequency capping1 month
DSIDSigned-in user targeting2 weeks
__gadsAd engagement metrics13 months

4.3 Service Worker (PWA)

As a Progressive Web App, we use a Service Worker to cache assets for offline use. The Service Worker does not track users or collect any personal data. It only caches static files (HTML, CSS, JavaScript) to improve performance.

4.4 Your Cookie Choices

5

Third-Party Services & Processors

We carefully select third-party services and ensure they meet high privacy standards. We do not share personal health data with any third party.

ServicePurposeData SharedPrivacy Policy
Cloudflare Pages Website hosting & CDN IP address (processed, not stored by us), request metadata View ↗
Google AdSense Advertising (keeps service free) Browsing behaviour (by Google, not by us) View ↗
Google Fonts Typography (Inter, Noto Nastaliq Urdu) IP address sent to Google for font delivery View ↗
Tailwind CSS CDN CSS framework IP address to CDN provider View ↗
ℹ️
We are working towards self-hosting Google Fonts and Tailwind CSS to eliminate external font requests entirely. This will be implemented in a future update.
6

Data Storage & Security

6.1 Where Data Is Stored

The vast majority of your data (health metrics, preferences, favourites) is stored exclusively on your device using browser localStorage. We have no access to this data.

Anonymous analytics data is processed by Cloudflare on servers globally, with primary infrastructure in the European Union and United States.

6.2 Security Measures

  • HTTPS/TLS 1.3 – All connections are encrypted in transit
  • HTTP Strict Transport Security (HSTS) – Prevents downgrade attacks
  • Content Security Policy (CSP) – Prevents XSS attacks
  • Cloudflare DDoS Protection – Infrastructure-level security
  • No server-side data storage – Health data never reaches servers
  • No database – No central store of user data that could be breached
  • Regular security audits – Code reviewed for vulnerabilities

6.3 Data Breach Protocol

In the unlikely event of a data breach affecting any personal data we hold (e.g., analytics), we will:

  • Notify relevant supervisory authorities within 72 hours (GDPR requirement)
  • Notify affected users without undue delay if high risk to their rights
  • Document the breach and our response in accordance with Article 33 GDPR
7

Data Retention

Data CategoryRetention PeriodDeletion Method
Health data (BMI inputs)Not retained – session only, never storedAutomatic on page close
Saved favourites (localStorage)Until you manually delete themClear browser data or in-app removal
Usage streak (localStorage)Until you clear browser storageClear browser localStorage
Anonymous analyticsAggregated data: up to 2 yearsAutomatic by Cloudflare
Server logsUp to 30 days (Cloudflare)Automatic deletion by Cloudflare
Ad interaction dataPer Google's retention policiesGoogle account settings
8

Your Rights & Choices

Depending on your jurisdiction, you have the following rights regarding your personal data:

👁️
Right to Access
Request a copy of personal data we hold about you
✏️
Right to Rectify
Correct inaccurate or incomplete personal data
🗑️
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
🚫
Right to Object
Object to processing of your data for certain purposes
📦
Right to Portability
Receive your data in a machine-readable format
⏸️
Right to Restrict
Request restriction of processing in certain circumstances
🤖
Automated Decisions
We do NOT use automated decision-making or profiling
↩️
Withdraw Consent
Withdraw consent at any time without affecting prior processing

How to Exercise Your Rights

Since we store almost no personal data on our servers, most of your rights can be exercised directly:

We will respond to all rights requests within 30 days (or 45 days where permitted by law with notice). There is no charge for exercising your rights.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

  • EU/EEA: Your national Data Protection Authority (list here)
  • UK: Information Commissioner's Office (ico.org.uk)
  • Pakistan: Personal Data Protection Authority (PDPA)
  • California: California Privacy Protection Agency (cppa.ca.gov)
9

Children's Privacy

⚠️
NutriMeal Planner is not directed at children under the age of 13 (or 16 in the EU/EEA under GDPR). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at privacy@kanzulilm.com. We will promptly delete any such information.

Children aged 13–17 may use NutriMeal Planner with parental consent. The BMI calculator results are informational only and parents should consult a paediatrician for children's health advice.

This Service complies with:

  • COPPA – US Children's Online Privacy Protection Act
  • GDPR Article 8 – Children's consent requirements
  • UK GDPR Age Appropriate Design Code
10

International Data Transfers

NutriMeal Planner operates globally. When you use our Service, your data (primarily anonymous analytics) may be processed in countries outside your own, including:

  • United States – Cloudflare headquarters; Google infrastructure
  • European Union – Cloudflare EU data centres
  • Other countries – Via Cloudflare's global CDN network

Safeguards for EU/EEA Users

For transfers of personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Cloudflare: EU Standard Contractual Clauses (SCCs) + EU-US Data Privacy Framework
  • Google: Google's Data Processing Terms include EU SCCs
11

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Displaying a prominent notice on the website for 30 days
  • Updating the "Last Updated" date at the top of this page
  • Showing an in-app notification for significant changes

Your continued use of NutriMeal Planner after changes become effective constitutes acceptance of the updated policy.

Change History

  • Version 1.2 – Added PWA Service Worker section; updated third-party table; added data breach protocol; expanded rights section.
  • Version 1.1 – Added LGPD (Brazil) and POPIA (South Africa) compliance; expanded international transfers section.
  • Version 1.0 – Initial publication of Privacy Policy.
12

Contact Us

We take privacy seriously and respond to all enquiries promptly. For any questions, concerns, or to exercise your data rights:

🥗 NutriMeal Planner Privacy Team

Response time: within 2 business days for general queries; within 30 days for formal rights requests.

⏱️
For urgent data protection matters (e.g., suspected unauthorised access to your data), please mark your email subject line as "URGENT – Data Protection" for prioritised handling.
اردو

پرائیویسی پالیسی – اردو خلاصہ

نیوٹری میل پلانر آپ کی پرائیویسی کا مکمل احترام کرتا ہے۔ آپ کی صحت سے متعلق معلومات جیسے وزن، قد اور عمر صرف آپ کے براؤزر میں محفوظ ہوتی ہیں اور ہمارے سرورز تک کبھی نہیں پہنچتیں۔ ہم کسی بھی تیسرے فریق کو آپ کا ڈیٹا فروخت نہیں کرتے۔ اگر آپ کو کوئی سوال ہو تو ہم سے رابطہ کریں: privacy@kanzulilm.com