🚀 Founding Member Launch: Get 50% Off Lifetime + Concierge Migration. Only 50 spots. Claim Spot

Legal

Privacy Policy

Last updated: April 2026

1. Introduction

MealCircle, Inc. ("MealCircle", "we", "us", or "our") operates a clinical nutrition tracking and analytics platform accessible at mealcircle.co and through our mobile applications. This Privacy Policy explains how we collect, use, disclose, and protect information about users of our platform — including nutrition practitioners ("Practitioners") and their patients ("Patients").

By using MealCircle, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

Account Information

When you register, we collect your name, email address, practice name, credentials, and billing information. Practitioners may also provide profile photos and professional bio information for their public profile pages.

Health and Nutritional Data (PHI)

Patients may log meal data, biometric measurements (weight, body fat %, blood glucose, blood pressure), progress photos, and other health-related information. This information constitutes Protected Health Information (PHI) under HIPAA. It is collected only through Practitioner-initiated interactions and is accessible only to the Practitioner and their authorized team members.

Usage Data

We collect log data including IP addresses, browser type, pages visited, features used, and timestamps. This helps us improve the platform and diagnose technical issues.

Cookies and Tracking

We use cookies and similar tracking technologies to maintain session state, remember preferences, and analyze usage patterns. You can control cookies through your browser settings. Disabling cookies may affect some platform functionality.

3. How We Use Your Information

  • To provide, operate, and maintain the MealCircle platform
  • To process transactions and send billing-related communications
  • To send service updates, security alerts, and support messages
  • To analyze usage patterns and improve platform features
  • To comply with legal obligations, including HIPAA requirements
  • To enforce our Terms of Service and protect against fraud or abuse

We do not use PHI for any purpose other than providing services to the Practitioner who holds that patient relationship.

4. How We Share Your Information

We do not sell, rent, or trade your personal information or PHI to any third party for marketing purposes. We may share information in limited circumstances:

  • Service Providers: We use third-party vendors (cloud hosting, payment processing, analytics) who process data on our behalf under strict data processing agreements.
  • Business Associates: Vendors who handle PHI are required to sign Business Associate Agreements (BAAs) compliant with HIPAA.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger or acquisition, your information may be transferred to the acquiring entity.

5. HIPAA and Protected Health Information

MealCircle operates as a Business Associate under HIPAA for Practitioners who are Covered Entities. We maintain a comprehensive HIPAA compliance program including:

  • PHI encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Immutable PHI access audit trail
  • Role-based access control limiting PHI to authorized users
  • BAAs available for Practice and Clinic plan customers
  • 72-hour breach notification procedures

Practitioners are responsible for maintaining their own HIPAA compliance obligations as Covered Entities. MealCircle supports this but does not replace the Practitioner's compliance obligations.

6. Data Retention

We retain account information for as long as your account is active and for a reasonable period thereafter for legal and business purposes. PHI is retained as required by applicable healthcare regulations (typically 6–7 years). Upon account deletion requests, we remove PHI within 30 days. Encrypted backups are purged within 60 days of the deletion request.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Data Portability: Request your data in a portable format.
  • Opt-out: Opt out of non-essential marketing communications.

To exercise any of these rights, contact us at privacy@mealcircle.co.

8. Children's Privacy

MealCircle is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or by posting a prominent notice on our website. Continued use of MealCircle after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

For privacy-related inquiries, contact our Privacy Officer at:

MealCircle, Inc.

Email: privacy@mealcircle.co