Data Deletion Request

Australian Privacy Act 1988 (APP 11.2): Organisations are required to take reasonable steps to destroy or de-identify personal information once it is no longer needed for the purpose for which it was collected, unless an exception applies.

GDPR Article 17 (Right to Erasure): As a best-practice benchmark, we align with the European General Data Protection Regulation's right to erasure, which provides individuals with the right to have their personal data erased in certain circumstances.

Our commitment: Regardless of the specific legal requirements in your jurisdiction, Hi Krissy is committed to honouring data deletion requests. As a health and wellness platform handling sensitive personal information, we take your data rights seriously and will process valid deletion requests promptly.

Account and profile data: Your name, email address, date of birth, gender, and account preferences.

Health and wellness data: Meal plans, exercise programs, check-in data, body measurements, dietary preferences, allergies, and medical conditions you have shared with us.

Onboarding data: Health assessment responses, wellness goals, fitness level, and lifestyle information provided during onboarding.

Chat history: Conversations with Virtual Krissy, including questions, responses, and any health information shared during chats.

Uploaded content: Photos, documents, and any other files you have uploaded to the platform.

Usage and analytics data: App interactions, device information, session logs, and platform usage patterns.

Payment and billing data: Transaction history, subscription records, and billing details (note: full payment card information is held by our payment processor, Stripe, not by us directly).

Partial deletion — specific data categories: You can request deletion of specific categories of data while keeping your account active. For example, you may wish to delete your chat history only, your meal plan history only, or your check-in data only. This allows you to continue using the platform while removing data you no longer want us to hold.

Full deletion — entire account and all associated data: You can request complete deletion of your account and all data associated with it. This is a comprehensive removal of your presence on our platform, subject to the exceptions outlined below.

Account closure: If you request full deletion, your account will be permanently closed and you will no longer be able to log in.

Permanent data loss: All personalised programs, meal plans, exercise programs, check-in history, and progress data will be permanently lost and cannot be recovered.

Subscription cancellation: Any active subscriptions will be cancelled. You will not be charged further, but no refund will be provided for the current billing period.

Irreversible action: Once the 14-day grace period has passed and deletion processing is complete, this action cannot be reversed. If you wish to use Hi Krissy again in the future, you will need to create a new account and start from scratch.

Health information — mandatory retention (adults): Under Section 25(1)(a) of the HRIP Act, we are required to retain health information for a minimum of 7 years from the last occasion on which a health service was provided to you. This includes meal plans, exercise programs, check-in data, body measurements, health assessment responses, and conversations with Virtual Krissy. If your deletion request falls within this retention period, the affected health information will be securely archived and retained until the legal obligation expires, after which it will be permanently deleted.

Health information — mandatory retention (minors): Under Section 25(1)(b) of the HRIP Act, if you were under 18 when using our services, your health information must be retained until you reach 25 years of age, or for 7 years from the last service provided—whichever is longer.

Financial and billing records: Transaction and billing records are retained for 7 years from the date of the transaction, as required under the Corporations Act 2001 (Cth) Section 286 and Australian Taxation Office record-keeping obligations.

De-identified and aggregated data: Data that has been anonymised and aggregated in a way that cannot identify you may be retained for analytics and service improvement purposes.

Legal proceedings: Data required for active legal proceedings, disputes, or regulatory investigations may be retained until those matters are resolved.

Backup systems: Data in backup systems may take up to 90 days to be fully purged as part of our regular backup rotation cycle. During this period, backed-up data is not accessible for normal use and will be deleted in the ordinary course of backup cycling.

Third-party processors: Data held by third-party processors (such as Stripe for payment information) is subject to their own data retention and deletion policies. We will notify relevant third parties of your deletion request, but their processing timelines may differ from ours.

Disposal records: When health information is deleted, we are required under Section 25(2) of the HRIP Act to maintain a disposal log recording your name, the period covered by the information, and the date of disposal.