Privacy Policy
How we collect, use and protect your personal data
Last updated: June 2025
1. Who we are (Data Controller)
The data controller is We Make IT, a sole trader registered in Ireland, with a principal place of business at 32 Millbourne Drive, Ashbourne, Co. Meath, Ireland.
Contact us regarding your personal data at any time: loveeatkeepfitblog@gmail.com
2. What data we collect and why
Account data
When you register we collect your name, email address, and a bcrypt-hashed password. We also record when your email was verified. Legal basis: Art. 6(1)(b) GDPR � performance of a contract.
Health and nutrition data
The Intake Form and lesson homework may collect age, weight, height, dietary preferences, medical conditions, activity levels, and health goals. This is special-category data under Art. 9 GDPR.
We process it only on the basis of your explicit consent (Art. 9(2)(a) GDPR), given by ticking the consent checkbox on the form. You may withdraw consent at any time � this does not affect prior lawful processing.
Contact messages
Your name, email address, and message content submitted via the contact form. Legal basis: Art. 6(1)(b) (responding to your enquiry).
Analytics cookies (optional)
With your consent, we use Vercel Analytics to understand how visitors use the site. No personal identifiers are stored. Legal basis: Art. 6(1)(a) � consent, given via the cookie banner. You may withdraw consent at any time via the cookie preference link in the footer.
3. Minimum age
This service is directed at adults. In line with Section 31 of the Irish Data Protection Act 2018, you must be at least 16 years old to create an account. We do not knowingly collect data from anyone under 16.
4. Data processors (third parties)
All third-party providers act as data processors on our instructions. We do not sell your data.
| Processor | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Supabase | Database hosting | EU (Frankfurt) | EEA � no transfer |
| Vercel | Web hosting & CDN | US / EU edge | Standard Contractual Clauses |
| Resend | Transactional email | US | Standard Contractual Clauses |
| Vercel Analytics | Website analytics | US / EU edge | Consent-gated; no personal IDs stored |
5. Retention periods
- Account data � active account, or up to 3 years after last login.
- Health & nutrition data � until account deletion or consent withdrawal.
- Contact / homework emails � up to 2 years in our email inbox.
- Verification tokens � 24 hours from creation, then auto-deleted.
- Server logs � deleted by Vercel after 30 days.
6. Your rights
Under GDPR and the Irish Data Protection Act 2018, you have the right to:
- Access � request a copy of the data we hold about you.
- Rectification � ask us to correct inaccurate data.
- Erasure � request deletion of your account and data (also available in settings).
- Restriction � ask us to limit processing in certain circumstances.
- Portability � receive your data in a machine-readable format.
- Object � object to processing based on legitimate interests.
- Withdraw consent � for any consent-based processing, at any time.
To exercise any right, email loveeatkeepfitblog@gmail.com. We will respond within one month.
7. Security measures
- Passwords hashed with bcrypt (work factor 12).
- All connections encrypted via TLS 1.2 / 1.3 (HTTPS enforced).
- Database hosted in the EU (Supabase, Frankfurt).
- Rate limiting, account lockout (10 attempts ? 30 min), and CSRF origin checks on all forms.
8. Cookies
See our Cookie Policy for full details. Strictly necessary cookies operate without consent; analytics cookies require your opt-in.
9. Complaints
If you are unhappy with how we handle your data, please contact us first. You also have the right to lodge a complaint with the Irish supervisory authority:
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
www.dataprotection.ie
10. Changes to this policy
We may update this policy periodically. Material changes will be notified by email or a prominent in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.