Privacy Policy

1. Introduction

Digital Media Advertising Limited ("we", "our", "us") operates the Holi mobile application and website. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Data Controller: Digital Media Advertising Limited
Contact: stuart@digma.io
Effective Date: 3/25/2026

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, password, date of birth
  • Health Data: Allergies, dietary preferences, health conditions, health goals, medications, supplements
  • Meal Data: Food photos, meal descriptions, nutritional analysis results, meal timestamps
  • Location Data: General location information for service personalization
  • Nutritionist Information: License numbers, specializations, bio, privacy policies, terms & conditions

2.2 Technical Information

  • Device Information: Device type, operating system, browser type, unique device identifiers
  • Usage Data: App interactions, features used, time spent, error logs
  • Cookies & Tracking: We use cookies and similar technologies for analytics and functionality
  • Analytics Data: Google Analytics data for service improvement

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Provision: To provide and maintain our nutrition tracking services
  • AI Analysis: To analyze food photos and provide nutritional insights using OpenAI
  • Personalization: To customize your experience and provide relevant recommendations
  • Communication: To send you service updates, support messages, and notifications
  • Analytics: To understand usage patterns and improve our services
  • Legal Compliance: To comply with applicable laws and regulations
  • Client-Nutritionist Matching: To facilitate connections between clients and nutritionists

4. Legal Basis for Processing (GDPR)

  • Consent: For health data processing and marketing communications
  • Contract Performance: To provide the services you've requested
  • Legitimate Interest: For analytics, service improvement, and security
  • Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

5.1 Third-Party Services

  • Supabase: Database and storage services (EU-based)
  • OpenAI: AI-powered food analysis services
  • Google Analytics: Website and app analytics
  • Email Services: For sending notifications and communications

5.2 Other Disclosures

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • In connection with a business transfer or acquisition
  • With nutritionists you choose to link with (limited to necessary information)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data encrypted at rest using AES-256 and in transit using TLS
  • Access Controls: Row Level Security (RLS) and restricted access to authorized personnel only
  • Staff Training: Regular training on data protection and privacy
  • Incident Response: Comprehensive security incident response plan
  • Regular Updates: Regular system updates and security patches

7. Data Retention

  • Active Users: Data retained for 1 year or until subscription ends
  • Account Deletion: Data removed immediately upon account deletion
  • Backups: Supabase standard backup retention applies
  • Legal Requirements: Some data may be retained longer for legal compliance

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Download your meal calendar data in CSV format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent at any time by contacting us

9. Age Restrictions

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our services.

10. International Transfers

Your data is primarily stored and processed within the EU. Any international transfers are conducted with appropriate safeguards in place, including Standard Contractual Clauses where applicable.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, in compliance with GDPR requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" above.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: stuart@digma.io
  • Company: Digital Media Advertising Limited
  • Data Protection Officer: Available upon request

14. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with applicable data protection laws.

ICO Contact: ico.org.uk