ShapeAI LogoShapeAI.co.uk

Privacy Policy

Last updated: August 26, 2025

Who we are

We are PREPARING BUSINESS LTD ("Shape AI", "we", "us"). We provide AI-assisted meal planning and nutrition content at shapeai.co.uk.

What this policy covers

This policy explains how we collect, use, share and protect your personal data when you use our website, create an account, purchase token top‑ups, generate plans/PDFs, contact support, or interact with our communications.

Personal data we collect

  • Account & identity: name, email, password (hashed), country, timezone, language.
  • Contact: messages to support, feedback form data (name, email, phone, message).
  • Purchase & billing: token orders (amount, currency, VAT), payment method metadata from our PSP (last4, brand, expiry month/year, transaction IDs). We do not store full card numbers.
  • Usage: plan IDs, generation timestamps, tokens balance/usage, device & log data (IP, user‑agent, referrer, events).
  • Nutrition & preferences (may include special category health data): diet types, allergens/intolerances, exclusions, cuisines, goals (weight/height/age/activity), GLP‑1 mode, other preferences you provide.
  • Cookies & similar tech: strictly necessary cookies; consent‑based analytics/marketing cookies; SDKs and pixels as described in our Cookie Policy.

Why we process data & legal bases

  • Provide the service (create account, generate content, deliver PDFs, support): performance of a contract.
  • Payments & fraud prevention: legal obligation and legitimate interests.
  • Analytics, A/B tests, marketing: consent via the cookie banner (for non‑essential cookies/SDKs).
  • Nutrition/health‑related inputs: explicit consent (you can withdraw at any time in Settings or by contacting us). If you withdraw consent, some features may not work.
  • Security & abuse prevention: legitimate interests.

Automated decision‑making & profiling

We use machine‑learning models to suggest meal plans and shopping lists based on your inputs. Output quality can vary. We do not make decisions with legal or similarly significant effects without human review.

How we share data

  • Processors (on our instructions): cloud hosting, database, email service, analytics (only with consent), payment service provider (PSP), error monitoring, LLM/AI vendors (to process your prompts and generate plans), and PDF generation/rendering tools.
  • When required by law or to protect rights, safety or security.
  • Business transfers: if we undergo a reorganisation, merger or sale.

International transfers

Some processors may be outside the UK. Where required, we use an appropriate transfer mechanism and risk assessment (e.g. UK IDTA / UK addendum to SCCs). See the “Subprocessors & Data Locations” page.

How long we keep data (retention)

  • Account & billing records: for as long as you have an account and as required by tax/accounting law (typically 6 years in the UK).
  • Tokens & plans metadata: for account history and audit, until deletion request.
  • Health‑related inputs: until you delete them or withdraw consent.
  • Logs: typically 90 days (security), aggregated analytics longer (if consented).

Your rights (UK GDPR)

Access; rectification; erasure; restriction; portability; objection (incl. to direct marketing); withdraw consent at any time. You can exercise rights via info@shapeai.co.uk. You also have a right to complain to the ICO (ico.org.uk) if you are unhappy with how we use your data.

Children

Our service is not directed to children. You must be 16+ (or older if required by your country). We do not knowingly collect personal data from children.

Contact & DPO

Data controller: PREPARING BUSINESS LTD.
DPO/Privacy contact: info@shapeai.co.uk · +44 7822016497.

Changes to this policy

We will post updates on this page and, where appropriate, notify you in‑app or via email.