Privacy Policy

Device and usage information: Your IP address, browser type, operating system, device identifiers, pages viewed, features used, dates and times of access, and referring URLs.

Cookies and similar technologies: We use cookies and similar technologies to remember your preferences, analyse platform usage, and improve our services. You can manage cookie preferences through your browser settings.

Providing our services: To create and deliver your personalised meal plans, exercise programs, and supplement recommendations through our AI-powered platform. This includes using your health information to generate recommendations tailored to your specific needs, goals, and circumstances.

Facilitating health tests: To order blood tests, DNA tests, or other diagnostic tests on your behalf through our third-party test providers, and to receive and incorporate your results into your personalised plans.

AI-powered recommendations: Our platform uses artificial intelligence to analyse your information and generate personalised health and wellness recommendations. The AI system is based on the professional expertise of Kristen Witt, a qualified physiotherapist and nutritionist. Your personal and health information is processed by our AI to create customised meal plans, exercise routines, supplement suggestions, and ongoing adjustments based on your progress and check-in data.

Periodic check-ins: To conduct regular check-ins that track your progress, health status, energy levels, and mood, and to adjust your plans accordingly.

Account management: To create and manage your account, process your subscription payments, and communicate with you about your account and our services.

Improving our services: To analyse usage patterns, conduct research, and improve the quality and effectiveness of our platform and recommendations.

Customer support: To respond to your inquiries, provide technical support, and resolve any issues you experience.

Legal compliance: To comply with applicable laws, regulations, and legal processes, and to protect our rights and the rights of others.

AI-generated content: The meal plans, exercise programs, supplement recommendations, and health insights provided through our platform are generated by an AI system. While this AI is based on the expertise of a qualified physiotherapist and nutritionist, the recommendations are produced through automated processing of your personal information.

Not medical advice: The recommendations provided by Hi Krissy do not constitute medical advice, diagnosis, or treatment. Our services are designed to support general health and wellness goals and should not replace professional medical care. Always consult with a qualified healthcare provider before making significant changes to your diet, exercise routine, or supplement intake, particularly if you have existing health conditions or are taking medications.

Human oversight: While our AI operates autonomously to generate recommendations, our team monitors system performance and can review outputs. If you have concerns about any recommendation you receive, please contact us.

Your right to request review: You may request human review of any AI-generated recommendation via our contact form.

Third-party test providers: When you order blood tests, DNA tests, or other diagnostic tests through our platform, we share necessary information with our partner pathology laboratories and testing providers to facilitate the tests and receive your results. These providers are bound by their own privacy obligations and professional standards.

Payment processor: We use Stripe to process subscription payments. When you make a payment, Stripe collects and processes your payment information in accordance with its own privacy policy, available at stripe.com/privacy. We do not store your full payment card details.

Cloud service providers: Your data is stored on Microsoft Azure servers located in Australia. Microsoft may have limited access to data for system maintenance and support purposes. Microsoft's data handling practices are governed by their Data Processing Addendum and applicable privacy commitments.

Professional advisers: We may share information with our legal, accounting, and other professional advisers where necessary to obtain their services.

Legal requirements: We may disclose information where required by law, regulation, court order, or other legal process, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity.

With your consent: We may share your information for other purposes with your explicit consent.

We will never sell your personal or health information to third parties for marketing purposes.

Active accounts: We retain your information for the duration of your subscription and account activity.

After account closure: Following account closure or subscription cancellation, we retain health information in accordance with NSW legal requirements—a minimum of 7 years from the date of your last interaction with our services, or if you were under 18 when using our services, until you reach 25 years of age.

Anonymised data: We may retain anonymised, aggregated data that cannot identify you for analytical and research purposes indefinitely.

Deletion requests: You may request deletion of your personal information, subject to our legal retention obligations. See "Your Rights" below.

Microsoft/Azure: Microsoft personnel in other countries may access data for system maintenance and support.

Stripe: Payment information is processed by Stripe, which operates globally and may process or store data in the United States or other countries.

Before any overseas disclosure, we take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles or are subject to substantially similar privacy protections.

Access: You may request access to the personal information we hold about you. We will respond to access requests within 30 days. In some circumstances, we may charge a reasonable fee to cover administrative costs.

Correction: You may request correction of any personal information that is inaccurate, incomplete, out-of-date, or misleading. You can update much of your information directly through your account settings.

Withdrawal of consent: Where we rely on your consent to process sensitive information (including health information), you may withdraw your consent at any time. Note that withdrawing consent may affect our ability to provide some or all of our services to you.

Request human review of AI decisions: You may request human review of any significant decision made by our AI system that affects you.

Deletion: You may request deletion of your personal information, subject to our legal retention obligations.

Complaints: You have the right to complain about how we handle your personal information (see "Complaints" below).

To exercise any of these rights, please contact our Privacy Officer via our contact form.

Users aged 15-17: If you are aged 15 to 17, you may use our services and provide consent to the collection and use of your information. We design our privacy notices to be clear and accessible for younger users.

Parental involvement: While parental consent is not required for users aged 15 and over, we encourage younger users to discuss their use of our platform with a parent or guardian.

If we become aware that we have collected personal information from a child under 15 without appropriate consent, we will take steps to delete that information promptly.

Subscription billing: Your subscription is billed on a recurring basis (monthly or annually, depending on your chosen plan) through our payment processor, Stripe.

Cancellation: You may cancel your subscription at any time through your account settings. Upon cancellation, your subscription will remain active until the end of your current paid period and will not automatically renew. You will continue to have access to your account and data until the end of your paid period.

Data after cancellation: Following cancellation, we retain your information in accordance with our data retention policy and legal obligations as described above.

Managing cookies: You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our platform.

Analytics: We use analytics services to understand platform usage. These services may collect information about your use of our platform and other websites.

Notification of changes: We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date, and where appropriate, by email or through in-app notification.

Your continued use: Your continued use of our platform after any changes indicates your acceptance of the updated policy. We encourage you to review this policy periodically.