Privacy Notice

Last updated: June 22, 2026

This Privacy Notice describes how Zarais ("we", "us") collects, uses, and shares personal data when you use the MyFitPlan service. Zarais is the data controller for personal data processed through the Service.

1. Data we collect

• Account data: name, email, login credentials.
• Profile and fitness data: body metrics, goals, preferences, dietary restrictions, workout logs, progress photos you choose to upload.
• Support messages: content of correspondence with our team.
• Usage and device data: pages visited, features used, device identifiers, IP address, browser type.

2. Why we use it

• To create and operate your account (contract performance).
• To generate and personalize your meal and workout plans (contract performance).
• To provide customer support (legitimate interests).
• To secure the Service and prevent fraud or abuse (legitimate interests, legal obligation).
• To improve the Service through aggregated analytics (legitimate interests).
• To send service emails and, where you have opted in, marketing emails (consent).

3. Who we share it with

• Service providers and subprocessors that help us operate the Service (hosting, databases, analytics, email delivery, customer support tooling).
• Paddle.com, our Merchant of Record, which handles payments, subscription management, tax compliance, and invoicing.
• Professional advisers (legal, accounting) under confidentiality obligations.
• Authorities where required by law or to protect rights, safety, and property.

4. International transfers

Your data may be processed outside the country where you live. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting, or reporting obligations. When data is no longer needed, we delete or anonymize it.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. UK/EEA users also have the right to complain to a supervisory authority. We respond to verified requests within one month.

To exercise a right, email privacy@zarais.com.

7. Security

We use appropriate technical and organizational measures, including encryption in transit, access controls, and audit logging, to protect personal data. No system is perfectly secure, but we work to maintain industry-standard protections.

8. Cookies

We use strictly necessary cookies to keep you signed in and to operate the Service. We may also use limited analytics cookies to understand aggregate usage. You can manage cookies through your browser settings.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

10. Changes and contact

We may update this Notice from time to time. Material changes will be communicated via the Service or by email. For privacy questions, contact privacy@zarais.com.