Under-Control

For Pros Are you a registered dietician? Join our practice and grow your client list. Sign up
(555) 555-5555 Sign In

Privacy Policy

Last updated: May 13, 2026

Under-Control (“we”, “us”, “our”) is a clinical-nutrition platform that connects clients with licensed dieticians for personalized consultations. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your information.

1. Who we are

Under-Control is the data controller responsible for the personal information described in this policy. You can contact us at privacy@under-control.com.

2. Information we collect

We collect the following categories of information:

  • Identity and contact data: name, email address, phone number, time zone.
  • Health and nutrition data you provide voluntarily during your consultation: dietary goals, medical history, medications, allergies, lifestyle information. This is collected only with your explicit consent and is treated as sensitive personal data.
  • Booking and account data: consultation dates, dietician selected, session notes (visible to you and your dietician).
  • Payment data: we do not store full card numbers. Payment card details are collected and processed directly by Stripe, our payment processor. We receive only a token, the last four digits, the card brand, and the billing country for our records.
  • Technical data: IP address, browser type and version, device type, pages visited, referring URL. Collected via cookies and standard server logs.

3. How we use your information

  • To provide and personalize the consultation service you’ve requested.
  • To process payments through Stripe and issue receipts.
  • To communicate with you about your bookings, plan changes, and account.
  • To comply with legal, tax, and regulatory obligations.
  • To detect fraud and protect the security of our platform.
  • To improve the service through aggregated, anonymized analytics. You can opt out of analytics cookies at any time.

4. Legal bases for processing

We process your personal information on the following legal bases:

  • Performance of a contract: when we deliver consultations and process payments you’ve booked.
  • Consent: for sensitive health information you choose to share, and for non-essential cookies. You can withdraw consent at any time.
  • Legitimate interest: for fraud prevention, security, and improving the service.
  • Legal obligation: for tax records, accounting, and lawful requests from authorities.

5. Sharing with third parties

We share data with the following categories of recipients only as needed to provide the service:

  • Stripe, Inc. — payment processing. Stripe handles your card details directly under its own privacy terms. See Stripe’s privacy notice at https://stripe.com/privacy.
  • Your assigned dietician — receives the information necessary to deliver your consultation.
  • Hosting and infrastructure providers — store data on our behalf under written data-processing agreements.
  • Email and communication providers — deliver booking confirmations and service notifications.
  • Legal and regulatory authorities — when required by law.

We do not sell your personal information.

6. International transfers

Some of our processors (including Stripe) operate outside your country. Where data is transferred internationally, it is protected by appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or by an adequacy decision.

7. How long we keep your data

  • Account and contact data: for the lifetime of your account plus 24 months after deletion, for legitimate-interest follow-up.
  • Consultation and clinical notes: retained as long as required by applicable healthcare or professional record-keeping rules in your jurisdiction (typically 5–10 years), then securely deleted.
  • Payment records: retained for the period required by tax and accounting law (typically 7 years).
  • Marketing data: until you unsubscribe.

8. Your rights

Depending on your location (GDPR, UK GDPR, CCPA / CPRA, and similar laws), you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your data, subject to lawful retention obligations.
  • Restrict or object to specific processing.
  • Portability — receive a copy of your data in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@under-control.com. We respond within 30 days.

9. Cookies

We use strictly necessary cookies for site functionality and, with your consent, analytics and preference cookies. You can manage cookie preferences from our cookie banner at any time, or by clearing cookies in your browser.

10. Security

We use industry-standard administrative, technical, and physical safeguards including TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls, and regular backups. No system is perfectly secure; if we become aware of a personal-data breach affecting you, we will notify you and the relevant authority within the timeframes required by law.

11. Children

Our service is intended for adults. Children’s nutrition consultations are booked by a parent or legal guardian on the child’s behalf; the parent/guardian remains the contracting party and is responsible for the child’s information shared with us.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to you by email or via a prominent notice on the site at least 14 days before they take effect.

13. Contact us

Under-Control
Email: privacy@under-control.com
Phone: (555) 555-5555