Privacy Policy

Privacy Policy 

Effective Date:  24  March 2025
Last Updated: 26 October 2025

1. Who we are
Mable Well (“we”, “us”, “our”) is operated by [Your Name], sole trader, trading as Mable Well, of [Business Address], United Kingdom. We are registered with the Information Commissioner’s Office under registration number [ICO-REG-NUMBER]. Contact us at [email address] for any privacy queries.

2. What personal data we collect
To provide our AI-powered nutrition guidance service via WhatsApp and our website, we may collect:

• Your name (if provided)
  
  

• Your WhatsApp phone number
  
  

• Your nutrition and food-related preferences (e.g., dietary choices, allergies, goals) – this is not used for medical diagnosis
  
  

• Conversation/chat history to remember your preferences and assist your guidance
  
  

• Basic device or browser metadata when you visit our website (e.g., IP address, browser type, cookies)
  
  

We do not collect or store medical diagnoses or similar “special category” health data.

3. Why we collect your data & our lawful basis
We use your personal data for the following purposes:

• Contract: To provide the paid service you subscribe to (e.g., to send personalised meal ideas, reminders).
  
  

• Legitimate interests: To improve the quality of our service, ensure service security, and prevent abuse — our interests are balanced with your rights.
  
  

• Consent: For non-essential cookies or analytics tracking (only used where you have given explicit consent).
  
  

4. How we use it
We will use your information to:

• Send personalised meal suggestions and food-related tips.
  
  

• Offer reminders and habit-building nudges tailored to your goals.
  
  

• Improve Mable Well’s capabilities and responsiveness.
  
  

• Manage subscriptions, payments and customer support.
  We will never use your data for automated decisions about medical diagnosis or treatment.
  
  

5. Sharing your data with third parties
We do not sell your personal data. We may share your data with trusted processors, including:

• Twilio (for WhatsApp Business API messaging)
  
  

• Stripe or PayPal (for payment processing)
  
  

• Secure analytics tools (where you have consented)
  We have data-processing agreements in place with these providers. If any data is transferred outside the UK/EEA, we ensure appropriate safeguards such as Standard Contractual Clauses.
  
  

6. Data storage & security
We store your data securely, restrict access to authorised personnel only, and apply standard technical and organisational safeguards. In the event of a data breach we will follow our incident-response plan and notify you and the ICO where required.

7. Retention of your data
We only retain your personal data for as long as necessary for the purposes we collected it for, and to comply with legal or regulatory obligations:

• Account and subscription data: duration of subscription + 6 years (for tax/audit requirements)
  
  

• Conversation history: [e.g., 24 months] after your last activity, then it will be securely deleted or anonymised.
  
  

• Cookie/consent logs: retained [specify period, e.g., 2 years]
  You can request earlier deletion of your data at any time.
  
  

8. Your rights
You have the following rights under UK-GDPR:

• Access the personal data we hold about you
  
  

• Rectify inaccurate or incomplete data
  
  

• Erase your personal data (“right to be forgotten”), subject to legal obligations
  
  

• Restrict or object to processing
  
  

• Data portability (for data you provided, in certain cases)
  
  

• Withdraw any consent you have given
  To exercise these rights, please email us at [email address]. We aim to respond within one month of your request.
  If you are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
  
  

9. Age requirement
Our service is intended for individuals aged 18 and over. By using our service, you confirm you are 18 or older. We do not knowingly collect personal data from children under 18; if we become aware of such data, we will delete it promptly.

10. Cookies and website analytics
On our website we use:

• Essential cookies (required for site functionality)
  
  

• Non-essential cookies (analytics, performance) only if you choose to enable them
  You can set your browser to refuse cookies and use our cookie-preference banner to adjust your choices. For full details of each cookie, please see our [Cookie Policy].
  
  

11. No affiliation with NHS or professional healthcare body
We are not affiliated with, endorsed by, or employed by the NHS or any government health service. Our guidance is for general wellness only and should not replace professional medical advice.

12. Changes to this policy
We may update this policy from time to time. The “Last Updated” date at the top will change when we do. If we make any material changes, we will notify you via the website and/or email. Continued use of our service after updates indicates your acceptance of the revised policy.

13. Contact us
If you have questions or concerns about this policy or how we handle your data, please contact us at:
Email: [email address]
Postal address: [Business Address]