Privacy Policy

1. Who We Are

GlobyMarissa operates a health and wellness app offering meal planning, calorie tracking, step tracking, progress monitoring, wellness journaling, weekly meal plans, and cookware recommendations.

2. Information We Collect

  • Account data: name, email address, and hashed password

  • Health profile: age, height, weight, dietary preferences, and fitness goals

  • Activity data: food logs, calorie entries, step counts, and progress check-ins

  • Journal entries: text you write in the wellness journal — private by default

  • Progress photos: images you choose to upload to track your journey

  • Device & usage data: device type, OS version, IP address, and app usage analytics

  • Authentication data: if you sign in with Google or Apple, we receive your name and email from that provider

3. How We Use Your Information

  • Provide and personalise the app — meal plans, calorie targets, progress charts

  • Process and manage your account and subscription

  • Send transactional notifications you opt into (reminders, renewal alerts)

  • Improve the product using aggregated, anonymised usage trends

  • Authenticate your identity and protect against fraud

  • Respond to support requests and comply with applicable law

We do not use your data for advertising targeting.

4. Health Data

Calorie logs, step counts, body measurements, progress photos, and journal entries are treated as sensitive health data:

  • Encrypted at rest (AES-256) and in transit (TLS)

  • Not shared with third parties for marketing or research without your explicit consent

  • Journal entries are never used to train AI models without your opt-in

  • You can delete all health data at any time from account settings

GlobyMarissa is a wellness tool, not a medical service. Nothing in the app constitutes medical advice. Consult a qualified healthcare professional before making significant changes to your diet or exercise routine.

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Service providers: cloud hosting, analytics, and support tools — bound by confidentiality agreements

  • Payment processors: Stripe, Apple, or Google receive only data needed to process payment

  • Health integrations: Apple Health or Google Fit — only with your explicit permission

  • Legal requirements: when required by law, court order, or to protect user safety

6. Data Retention

  • Account and profile data: retained while your account is active

  • Health and activity data: retained until you delete it or close your account

  • Billing records: retained for 7 years as required by law

  • On account deletion, personal data is permanently removed within 30 days

7. Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data, and to withdraw consent at any time. Submit requests to privacy@globymarissa.com — we respond within 30 days.

8. Security

  • All data transmitted over HTTPS/TLS

  • Data at rest encrypted with AES-256

  • Passwords hashed with bcrypt — never stored in plain text

  • Production systems protected by MFA and restricted access

9. Children's Privacy

GlobyMarissa is intended for users aged 16 and older. We do not knowingly collect data from children under 13. Contact privacy@globymarissa.com if you believe a child has registered.

10. Changes to This Policy

Material changes will be notified by email or in-app notice at least 14 days before taking effect. The current version is always available at globymarissa.com/privacy.

11. Contact