PFLPFL

Legal

Privacy Notice

Last updated: 14 June 2026

1. Who we are

The data controller is Greg Dalton, trading as "PFL" (sole trader, United Kingdom). Contact: hello@pfldiet.com.

2. Data we collect

  • Account data: email, password (hashed), display name.
  • Profile and preferences: daily macro targets, favourite recipes, meal plans, dietary filters.
  • Subscription data: plan, status, billing period, customer ID issued by Paddle.
  • Support correspondence: emails you send to us.
  • Technical data: IP address, browser, device, log data, basic usage telemetry.

3. How we use it

  • To create your account and provide the Service (contract).
  • To process subscriptions and grant access to paid features (contract).
  • To send transactional emails (contract).
  • To secure the Service, prevent fraud, and debug issues (legitimate interests).
  • To improve recipes, content, and features based on aggregate usage (legitimate interests).
  • To comply with legal obligations (legal obligation).

4. Who we share it with

  • Paddle — our Merchant of Record, for payment processing, billing, tax compliance, invoicing, and customer support relating to purchases.
  • Hosting and infrastructure providers — Supabase (database, authentication), Cloudflare (CDN/runtime), Resend or similar (transactional email).
  • Professional advisers — accountants and lawyers, where strictly necessary.
  • Authorities — where required by law.

We do not sell your personal data and do not use it for cold marketing.

5. International transfers

Some of our providers process data outside the UK/EEA. Where they do, transfers rely on appropriate safeguards (e.g. UK/EU Standard Contractual Clauses, adequacy decisions).

6. Retention

Account and content data is kept while your account is active and for a reasonable period afterwards. Billing records are retained for as long as required by tax and accounting law (typically 6 years). When data is no longer needed, we delete or anonymise it.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, to withdraw consent, and to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk). We respond within one month of a valid request. Email hello@pfldiet.com.

8. Security

We use appropriate technical and organisational measures, including encryption in transit, hashed passwords, row-level access controls, and least-privilege access for our team.

9. Cookies

We use only essential cookies and local storage required to keep you signed in and to deliver the Service. We do not use marketing or advertising cookies.