1. Introduction

MealStack, operated by Workfile ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our nutrition practice management platform. This policy applies to practitioners (dietitians, nutritionists, health professionals) and their clients who interact with the Platform.

2. Data We Collect

Practitioner Data

Account information (name, email, credentials), practice details (clinic name, specializations), billing information, and usage data (features used, login activity).

Client Data (entered by practitioners)

Personal details (name, contact, date of birth, gender), health information (medical conditions, allergies, medications, body measurements), dietary preferences, lifestyle data, and meal plan history. This data is classified as Sensitive Personal Data under applicable Indian law.

Client Data (entered directly by clients)

Through intake forms and the client portal: personal details, health history, dietary preferences, food diary entries, progress photos, and messages to practitioners.

3. How We Use Data

Providing and improving the Platform's nutrition practice management features
Generating meal plans, nutrition calculations, and AI-powered suggestions
Enabling client portal access and communication between practitioners and clients
Processing payments and managing subscriptions
Sending service-related notifications (not marketing)
Maintaining security and preventing fraud

4. AI Features & Data Processing

When AI features are enabled (requires separate consent), we send anonymized client data (age, gender, dietary preferences, nutrient targets, restrictions) to AI service providers for generating meal suggestions. Names, contact information, and identifying details are never sent to AI providers. AI providers do not retain data after processing. You can disable AI features at any time in Settings.

5. Data Storage & Security

Data is stored on secure servers with encryption at rest and in transit. We use industry-standard security measures including TLS encryption, secure authentication, and access controls. Media files are stored on Cloudflare R2 with CDN delivery. Database backups are encrypted and retained according to our data retention policy.

6. Data Sharing

We do not sell personal data. We share data only with: (a) service providers necessary to operate the Platform (hosting, payment processing, email delivery), (b) AI service providers when AI features are enabled, and (c) as required by law or legal process. All service providers are bound by data processing agreements.

7. Data Controller & Processor Roles

Practitioners are the data controllers for their client data. MealStack acts as a data processor, processing client data on behalf of practitioners according to their instructions. Practitioners are responsible for obtaining appropriate consent from their clients and complying with applicable data protection laws.

8. Your Rights (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023, you have the right to: access your personal data, request correction of inaccurate data, request erasure of your data, withdraw consent for data processing, and file complaints with the Data Protection Board of India. To exercise these rights, contact us at privacy@workfile.io.

9. Data Retention

We retain practitioner account data for the duration of the account plus 90 days after deletion. Client data is retained as long as the practitioner's account is active. When a practitioner deletes a client record, the data is permanently removed within 30 days. Consent audit logs are retained for 7 years for compliance purposes.

10. Cookies & Analytics

We use essential cookies for authentication and session management. We may use analytics tools to understand Platform usage patterns. We do not use advertising cookies or trackers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform and may require re-acceptance.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@workfile.io.