Back to Home
GET MY DIET PLAN

Privacy Policy - Kukta AI

Last updated: October 29, 2025

TL;DR - Key Points

  • We collect health data to provide personalized nutrition services
  • We comply with GDPR and Hungarian data protection laws
  • We share data only with licensed dietitians you choose to consult
  • We use strong security measures to protect your information
  • You control your data - access, update, or delete anytime
  • We don't sell your data to third parties
  • Health data is processed only for service provision
  • We're transparent about what we collect and why

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

  • Account information: Name, email address, password, language preferences
  • Profile data: Age, gender, dietary preferences, health goals
  • Health information: Allergies, medical conditions, dietary restrictions
  • Shopping data: Meal plans, shopping lists, purchase history
  • Communication data: Messages with dietitians, support requests

1.2 Health Data (Special Category Data)

As a nutrition platform, we process health-related data including:

  • Dietary preferences and restrictions
  • Medical conditions affecting nutrition
  • Allergies and food intolerances
  • Weight, height, BMI, and body measurements (neck, waist)
  • Activity levels and health goals
  • Diabetes type and medications
  • Consultation notes with dietitians
  • Progress tracking and health metrics

1.3 Technical Information

We automatically collect:

  • Device information and IP addresses
  • Usage patterns and platform interactions
  • Cookies and similar tracking technologies
  • Performance and error logs
  • Analytics data (via PostHog)
  • Error tracking and monitoring data (via Sentry)
  • Platform integration data (for iframe embedding)

2. Legal Basis for Processing

2.1 GDPR Compliance

We process your data based on:

  • Consent: For health data and marketing communications
  • Contract performance: To provide our nutrition services
  • Legitimate interests: For platform security and improvement
  • Legal obligation: For tax and regulatory compliance

2.2 Health Data Processing

Health data is processed under:

  • Explicit consent for nutrition services
  • Vital interests for health and safety
  • Legitimate interests for service improvement (anonymized)

3. How We Use Your Information

3.1 Service Provision

  • Generate personalized meal plans and shopping lists
  • Connect you with licensed dietitians via marketplace
  • Provide AI-powered nutrition recommendations
  • Process payments directly between clients and dietitians via secure payment infrastructure (Stripe Connect)
  • Manage subscriptions and virtual credits
  • Facilitate dietitian consultations and program purchases
  • Hold escrow funds to protect both parties during service delivery
  • Manage virtual credit system for platform usage
  • Provide iframe integration for grocery platforms

3.2 Platform Operations

  • Maintain and improve our services
  • Ensure platform security and prevent fraud
  • Provide customer support
  • Comply with legal obligations

3.3 Communication

  • Send service-related notifications
  • Provide updates about your nutrition programs
  • Share marketing communications (with consent)
  • Respond to your inquiries

4. Information Sharing

4.1 With Licensed Dietitians

We share your health and dietary information with dietitians you choose to consult, including:

  • Health goals and dietary restrictions
  • Meal plan preferences and history
  • Communication records
  • Progress tracking data
  • Body measurements and health metrics
  • Program requests and consultation details
  • Payment information for marketplace transactions

4.2 With Service Providers

We share data with trusted partners who help us operate our platform:

  • Supabase: Database and authentication services
  • Stripe: Payment processing infrastructure (Stripe Connect) enabling direct payments between clients and dietitians, and marketplace transactions
  • OpenAI: AI-powered meal planning
  • Vercel: Hosting and content delivery
  • PostHog: Analytics and user behavior tracking
  • Sentry: Error tracking and performance monitoring

4.3 Legal Requirements

We may disclose information when required by:

  • Hungarian law enforcement
  • Court orders or legal processes
  • Regulatory authorities
  • Protection of our rights and users' safety

4.4 With Grocery Platform Partners

When you use our service through grocery platform integrations:

  • We share anonymized nutrition preferences and shopping behavior
  • Platform partners receive aggregated insights about healthy food trends
  • Your personal data remains under our control and protection

4.5 We Do NOT Sell Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

5.1 Technical Measures

  • Encryption: All data encrypted in transit and at rest
  • Access controls: Role-based access to personal data
  • Regular audits: Security assessments and penetration testing
  • Secure infrastructure: Hosted on enterprise-grade platforms

5.2 Organizational Measures

  • Staff training: Data protection awareness for all employees
  • Data minimization: Collect only necessary information
  • Retention policies: Automatic deletion of expired data
  • Incident response: Procedures for data breach notification

6. Data Retention

6.1 Retention Periods

  • Account data: Until account deletion or 3 years of inactivity
  • Health data: Until account deletion or 7 years (medical records)
  • Communication data: 3 years from last interaction
  • Payment data: 7 years (tax compliance requirements)
  • Marketplace transactions: 7 years (financial record keeping)
  • Analytics data: 2 years (anonymized after 1 year)

6.2 Data Deletion

  • Right to erasure: Delete your data within 30 days of request
  • Automatic deletion: Expired data removed automatically
  • Secure deletion: Data permanently removed from all systems

7. Your Rights (GDPR)

7.1 Access and Portability

  • Right to access: Get a copy of all your personal data
  • Data portability: Export your data in a machine-readable format
  • Right to rectification: Correct inaccurate information

7.2 Control and Deletion

  • Right to erasure: Delete your account and all associated data
  • Right to restrict processing: Limit how we use your data
  • Right to object: Opt out of certain data processing

7.3 Consent Management

  • Withdraw consent: Stop health data processing anytime
  • Marketing opt-out: Unsubscribe from promotional emails
  • Cookie preferences: Manage tracking and analytics

8. International Transfers

8.1 Data Location

Your data is primarily stored in:

  • EU servers: Supabase (Ireland) for main data
  • US services: OpenAI, Stripe, PostHog, Sentry (with adequate safeguards)
  • Hungary: Local processing and compliance

8.2 Transfer Safeguards

  • Adequacy decisions: EU-US Privacy Framework
  • Standard contractual clauses: For non-adequate countries
  • Data processing agreements: With all service providers

9. Cookies and Tracking

9.1 Essential Cookies

  • Authentication: Keep you logged in
  • Security: Prevent fraud and abuse
  • Preferences: Remember your settings

9.2 Analytics Cookies

  • Usage tracking: Understand how you use our platform (PostHog)
  • Performance monitoring: Improve our services
  • Error tracking: Fix technical issues
  • User behavior: Optimize user experience and features

9.3 Marketing Cookies

  • Personalization: Show relevant content
  • Advertising: Measure campaign effectiveness
  • Social media: Enable sharing features

10. Children's Privacy

10.1 Age Restrictions

  • Minimum age: 16 years (Hungarian law)
  • Parental consent: Required for users under 16
  • No collection: We don't knowingly collect data from children

10.2 Special Protections

  • Enhanced security: Additional safeguards for minors
  • Limited processing: Minimal data collection for children
  • Parental rights: Parents can access and delete child data

11. Changes to This Policy

11.1 Notification Process

  • Email notification: For significant changes
  • Platform notice: In-app notifications
  • Version tracking: Clear change history

11.2 Continued Use

  • Acceptance: Continued use constitutes acceptance
  • Opt-out: You can delete your account if you disagree
  • Grandfathering: Previous consent remains valid

12. Contact Information

12.1 Data Protection Officer

For privacy-related questions and requests:

Questly Kft.

  • Email: peter@kukta.ai
  • Address: 1065 Budapest, Révay utca 6. Fsz. 7. ajtó, Hungary
  • Phone: +36-20-352-0364

12.2 Supervisory Authority

You can also contact the Hungarian data protection authority:

  • Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
  • Website: https://naih.hu
  • Address: 1055 Budapest, Falk Miksa utca 9-11.

This Privacy Policy reflects our commitment to protecting your personal data and complying with GDPR and Hungarian data protection laws.

GET MY DIET PLAN