This policy explains what personal data the plated app collects, why we collect it, how it is stored, and the rights you have over it. plated is a nutrition and macro tracking app operated by Fraser Analytics.
1. Who we are
plated is operated by Fraser Analytics ("we", "us", "our"), based in Newcastle, United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Fraser Analytics is the data controller for the personal data described in this policy.
If you have any questions about this policy or how your data is handled, you can reach us at robbie@fraseranalytics.com .
2. What data we collect
We collect only the data needed to run the app and provide its features:
Account information
- Your email address and authentication details, used to create and secure your account.
- An optional username and profile details if you choose to use the social features that let you connect with other users.
Nutrition and food data
- The foods and meals you log, including quantities, serving sizes, and the associated macro and nutrient values (calories, protein, carbohydrates, fat, saturated fat, salt, fibre, and sugar).
- Barcodes you scan and any custom foods you create.
- Photos of food or nutrition labels, if you choose to use photo-based features. These may be processed to estimate nutritional content (see section 5).
- Your personal nutrition goals and targets.
Connected health data (optional)
- If you connect your WHOOP account, we access recovery, sleep, cycle, and related metrics so the app can show correlations between your nutrition and your recovery. This is only collected with your explicit consent and can be disconnected at any time (see section 4).
Technical data
- Basic information needed to operate the service reliably, such as authentication tokens and app diagnostic information. We do not use this to build advertising profiles.
3. How and why we use your data
We use your data to provide and improve the app's core functions. Under UK GDPR we rely on the following legal bases:
| What we do | Legal basis |
|---|---|
| Run your account and store your food logs, goals, and custom foods | Performance of our contract with you (providing the app you signed up for) |
| Access and display your WHOOP health data | Your explicit consent |
| Process food or label photos to estimate nutrition | Your consent, given when you use the feature |
| Connect with other users and share or copy logs | Your consent, given when you use the social features |
| Keep the service secure and working correctly | Our legitimate interests in operating a reliable, secure app |
We do not sell your personal data, and we do not use it for third-party advertising.
4. Health data and WHOOP
Nutrition information and data from WHOOP (such as recovery and sleep) can reveal information about your health. Under UK GDPR this is special category data , which is subject to stronger protections.
- We only access your WHOOP data if you actively choose to connect your WHOOP account and grant permission through WHOOP's own secure authorisation screen.
- You choose which categories of WHOOP data to share at the point of connection.
- You can disconnect WHOOP at any time, from within the app or from your WHOOP account settings. Once disconnected, we stop receiving new data from WHOOP.
- We use this data solely to provide the nutrition-and-recovery features within plated. We do not share it with third parties for their own purposes.
WHOOP is an independent company and its handling of your data is governed by its own privacy policy.
5. Who we share data with
We use a small number of trusted service providers ("processors") to run the app. They process data only on our instructions and are bound by appropriate data protection terms. They are:
| Provider | Purpose |
|---|---|
| Supabase | Secure hosting of your account, database, and stored files (such as food photos) |
| Open Food Facts | Looking up product and nutrition information from barcodes and searches |
| WHOOP | Providing your recovery and sleep data, only if you connect your account |
| Anthropic | Processing food or nutrition-label photos to estimate nutritional content, only if you use photo features |
Some of these providers, or their infrastructure, may be located outside the UK. Where data is transferred internationally, we rely on appropriate safeguards recognised under UK data protection law (such as the UK International Data Transfer Agreement or an adequacy decision) to keep your data protected.
We may also disclose data where we are legally required to do so, for example in response to a valid legal request.
6. Where your data is stored
Your account data and content are stored using Supabase infrastructure hosted on Amazon Web Services in the eu-west-2 (London) region. This means your primary data is held within the United Kingdom. Limited processing may occur elsewhere where a provider listed in section 5 operates outside the UK, subject to the safeguards described above.
7. How long we keep your data
We keep your personal data for as long as your account is active. If you delete your account, we delete or anonymise your associated data within a reasonable period, except where we are required to retain certain information to meet legal obligations. You can request deletion at any time (see section 8).
8. Your rights
Under UK data protection law you have the right to:
- Access the personal data we hold about you.
- Rectify data that is inaccurate or incomplete.
- Erase your data ("right to be forgotten").
- Restrict or object to certain processing.
- Withdraw consent at any time, where we rely on your consent (such as WHOOP connection or photo features). Withdrawing consent does not affect processing carried out before you withdrew it.
- Data portability — receive a copy of the data you provided in a portable format. plated also offers CSV export of your logs from within the app.
To exercise any of these rights, email robbie@fraseranalytics.com . We will respond within the timeframes required by law (normally within one month).
If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO) , at ico.org.uk . We would appreciate the chance to address your concerns first.
9. Security
We take reasonable technical and organisational measures to protect your data. Access to your data is protected by authentication, and database access is governed by row-level security so that users can only reach data they are permitted to see. Connections to our services are encrypted in transit. No system can be guaranteed to be completely secure, but we work to protect your information appropriately.
10. Children
plated is not directed at children. The app is intended for users aged 13 and over. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
11. Changes to this policy
We may update this policy from time to time to reflect changes to the app or to legal requirements. When we make material changes, we will update the "last updated" date at the top of this page and, where appropriate, notify you within the app.
12. Contact us
Fraser Analytics
Newcastle, United Kingdom
Email:
robbie@fraseranalytics.com