Chick logoChick
Start Chick
HomeFeaturesHow It WorksAI GuideReal LifeTestimonialsFAQContact
Track foodSnapshotLoggingNutrientsProteinFood Scan
Plan the dayCalendarDay PlanningGrocery ListTasksSocial PlanningSleep
See progressTrainingWeightReportsTriggersProgressProfile & Targets
Start Chick
Privacy and data

Privacy Policy

This Privacy Policy explains how Chick handles personal data. Chick uses personal information to provide a connected health, nutrition, planning, and AI-guidance experience, so the policy is designed to be clear about what is collected and why.

Last updated: 9 May 2026Part of Chick legal termsPolicy version: 2026-05-09-v12
Download PDFLegal Centre

Who is responsible for your data

Last updated: 9 May 2026. The Chick website, app, and related services are operated by HOSSEINI NASAB LTD, a private limited company registered in England under company number 14644256. Its registered office is 55a Warwick Road, Beaconsfield, England, HP9 2PL. For data protection purposes, HOSSEINI NASAB LTD is the controller of personal data unless stated otherwise.

Privacy questions and rights requests can be sent to privacy@chick.health or through the Contact page.

This Policy applies to the Chick website, app, account features, AI features, food logging, photo and voice features, nutrition and fitness features, planning tools, support, emails, and related services.

The information we may collect

We collect information you provide directly, information generated by your use of Chick, and information needed to run, secure, improve, and support the service.

  • Account and login information, such as name, email address, login provider ID, authentication data, account status, settings, and support communications.
  • Consent and preference records, such as terms acceptance, health/wellness consent, marketing consent, optional product analytics consent, accepted document versions, timestamps, and related audit or reset history.
  • Profile and target information, such as age range or date of birth where provided, sex or gender where provided, height, weight, goals, activity level, dietary preferences, allergies or avoidances where provided, target calories, target protein, and custom nutrient preferences.
  • Food, nutrition, and wellness information, such as meals, photos, voice notes, food descriptions, calories, protein, vitamins, minerals, custom nutrients, grocery lists, scans, social meal plans, weight entries, exercise entries, sleep information, tasks, calendar entries, reports, triggers, and progress information.
  • Uploaded content, such as food photos, packaging photos, exercise screenshots, handwritten lists, calendar screenshots, audio, text notes, and feedback.
  • Usage, device, and technical information, such as pages visited, features used, timestamps, IP address, browser or device type, session cookies, diagnostics, logs, error reports, security events, and approximate location inferred from technical data.
  • Payment and subscription information, if paid features are used. Payment card details are normally processed by payment providers, not stored directly by Chick, unless clearly stated otherwise.

Health and special category data

Chick is designed to help users understand food, calories, protein, nutrients, weight trends, activity, sleep, daily planning, grocery choices, social eating, triggers, and progress patterns. Chick is intended to support learning, direction, reflection, and better everyday decisions. It is not a medical service, but some information you choose to enter may reveal health-related information, including weight, eating patterns, allergies or avoidances, activity, sleep, goals, progress, photos, voice notes and related lifestyle context.

For UK users, where this information is special category data under UK GDPR, Chick relies on a UK GDPR Article 6 lawful basis for the relevant purpose and a separate Article 9 condition. For the core app features that need health and wellness information, we rely on explicit consent under Article 9(2)(a). We collect that consent through a clear active step that is separate from marketing consent.

You can withdraw explicit health/wellness consent. Because Chick's core service depends on processing this information, withdrawing required health/wellness consent may mean we have to disable core features or close/delete the account after confirmation, subject to any information we must keep for legal, security or dispute reasons.

You should not enter health information about another person unless you have a lawful right to do so.

How we use information

We use personal data to provide, secure, maintain, personalise, and improve Chick.

  • To create and manage accounts, authentication, sessions, security, and support.
  • To record, manage, and evidence your legal acceptance, health/wellness consent, marketing consent, optional product analytics consent, age confirmation, and related consent history.
  • To log food, estimate calories, protein, nutrients, portions, and other wellness information.
  • To provide AI features, including text interpretation, image understanding, audio transcription, planning, reports, daily guidance, food scan, grocery suggestions, trigger insights, and progress summaries.
  • To personalise guidance based on your profile, goals, recent logs, trends, preferences, and context.
  • To process subscriptions, payments, invoices, refunds, trials, and billing support.
  • To detect, prevent, and investigate abuse, fraud, security issues, bugs, and unauthorised access.
  • To improve the product, fix errors, test features, measure performance, and understand how people use Chick.
  • To comply with legal obligations and enforce our terms.

Authorised admin or support personnel may view limited consent metadata where needed for compliance, support, audit, safety, or account administration. Consent reports are designed not to show private food logs, weight records, photos, voice recordings, AI prompts, or private health details.

AI processing

Chick may send relevant text, images, audio, nutrition context, user profile information, and recent logs to AI service providers so that AI features can work. For example, Chick may process a meal description, a food photo, a voice note, a product scan, or recent trend data to create an estimate or explanation.

AI providers and models may change over time. We aim to send only what is reasonably needed for the feature, but the information sent may include personal data and health-related context where needed to provide the feature.

Where Chick uses external AI infrastructure providers, those providers process information to deliver the requested AI feature under our provider agreements. We do not sell user health data to AI providers.

AI outputs may be inaccurate. The Privacy Policy explains data handling; the AI, Health, Nutrition and Fitness Disclaimer explains the practical limitations of the outputs.

Our lawful bases

We use different lawful bases for different processing activities. The main lawful bases we expect to rely on are below.

PurposeMain lawful basisSpecial category condition, if relevant
Creating and managing your account, login sessions, app access, saved settings and core app features.Contract performance, because the processing is needed to provide Chick to you.Where health/wellness information is needed for core features, explicit consent under Article 9(2)(a).
Food logging, nutrition estimates, profile targets, weight/progress tracking, photo/voice features, planning tools, reports and personalised AI guidance.Contract performance for the service, plus consent where we ask for optional choices.Explicit consent under Article 9(2)(a) where the information reveals health-related or other special category data.
Recording terms acceptance, required health/wellness consent, age confirmation, cookie choices and optional marketing/product analytics preferences.Legal obligation where we need evidence of compliance, and legitimate interests in operating a safe, accountable service.Explicit consent records are kept as evidence of the Article 9(2)(a) condition where relevant.
Security, fraud prevention, abuse prevention, debugging, uptime monitoring, audit logs and protecting Chick, users and legal rights.Legitimate interests and, where required, legal obligation.We try to avoid using special category data for this purpose unless it is necessary and proportionate.
Responding to support, privacy requests, complaints, legal claims or regulator requests.Legitimate interests, legal obligation, and where needed contract performance.Only if the request or dispute involves health/wellness information.
Sending optional marketing messages.Consent. You can withdraw marketing consent at any time.We do not use health/wellness details for marketing consent decisions.
Optional analytics or product improvement where enabled.Consent or legitimate interests depending on the technology and context. Non-essential cookies or similar technologies are only used where the required consent has been obtained.Approved analytics events should not include food names, weight values, photos, voice recordings, AI prompts or detailed health/wellness content.
Billing, subscriptions, refunds and payment-related support when paid features are introduced.Contract performance, legal obligation and legitimate interests.Not normally applicable.

We do not rely on broad consent for everything. Where we rely on legitimate interests, those interests include running, securing, improving and defending Chick in a way that is balanced against your rights.

How long we keep information

We keep personal data only for as long as reasonably needed for the purpose it was collected, unless a longer period is needed for legal, security, tax, accounting, backup, dispute or enforcement reasons. The retention periods below are the current working retention rules for Chick.

Type of informationUsual retention period
Account and login recordsFor as long as your account is active. After account closure or verified deletion request, we aim to delete or anonymise ordinary account data within 30 days unless we need to keep limited records for legal, security, dispute or accounting reasons.
Profile, targets, food logs, nutrition records, activity, weight, sleep, planning records, reports and other wellness contentFor as long as your account is active so the app can show history, trends and progress. After account deletion, we aim to delete or anonymise this data within 30 days unless a limited exception applies.
Retained food-scan images and related upload metadataFor as long as the related account and scan history remain active. When the related scan or account is deleted, the retained image should be deleted from private object storage as part of the deletion process, subject to backup limits and legal exceptions.
Temporary uploads, such as temporary voice recordings or temporary image-analysis filesOnly for the time needed to process the request, then deleted or made unavailable from temporary processing storage unless you deliberately save the result into your account history.
AI prompts, AI inputs, AI outputs and generated explanations saved in your accountFor as long as needed to provide the relevant feature, history, report or support record. If saved to your account, they follow the same retention period as the related account content.
Consent, legal acceptance, age confirmation, cookie preference and privacy request recordsFor as long as your account is active and normally up to 6 years afterwards where needed to evidence compliance, handle disputes, enforce terms or respond to legal/regulatory questions.
Support, complaint and rights-request communicationsNormally up to 6 years after the matter is closed, unless a shorter or longer period is appropriate for the specific request, dispute or legal duty.
Security logs, audit logs, fraud/abuse prevention records and technical diagnosticsUsually up to 12 months, but serious security, abuse, fraud or legal incidents may be kept for up to 6 years where needed.
Marketing consent and suppression recordsUntil you withdraw consent or unsubscribe. Suppression records may be kept afterwards so we know not to contact you again.
Payment, invoice, tax and accounting records when paid features are introducedNormally up to 6 years after the relevant transaction or accounting period, unless the law requires a different period.
BackupsBackups are kept for disaster recovery and overwritten or deleted on the backup cycle. If data is deleted from the live system, it may remain in backups for a limited period until those backups expire, and is not normally restored except for disaster recovery, security or legal reasons.

Some retention automation and account lifecycle tools are still being improved. Until every automated control is live, deletion and privacy requests are handled through careful operational processes.

Sharing information

We do not sell your personal data. We share personal data only where needed to run, secure, support, improve or legally protect Chick, or where the law requires it.

We use service providers to help run, secure, support and maintain Chick. We describe provider categories rather than publishing every operational vendor name in this public policy. This gives users meaningful transparency without exposing unnecessary operational detail.

Current provider categories include:

  • Application hosting and managed infrastructure providers.
  • Database hosting and session/cache infrastructure providers.
  • Private object storage providers for retained food-scan images and upload metadata.
  • Authentication and login infrastructure providers.
  • AI, transcription, image, audio and model-processing providers.
  • Error monitoring, debugging, uptime, security diagnostics and abuse-prevention providers.
  • Email delivery and communication providers.
  • Professional advisers, insurers, auditors, legal representatives, regulators, courts, law enforcement or public authorities where needed.
  • Buyers, investors, successors or restructuring parties if Chick is involved in a merger, acquisition, financing, asset sale, reorganisation or similar transaction, subject to appropriate safeguards where required.

International transfers

Chick is operated from the United Kingdom, but some service providers may process or access personal data in other countries. This may include providers in the categories described above, such as hosting, private storage, email delivery, support, security and AI infrastructure providers.

Where data protection law requires safeguards for an international transfer, we use appropriate measures such as adequacy decisions, approved transfer terms, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or other lawful safeguards.

If you use Chick from outside the United Kingdom, your information may be processed in the United Kingdom and in other countries where Chick or its service providers operate.

Security

We use technical and organisational measures designed to protect personal data, such as access controls, secure authentication practices, encrypted connections where appropriate, logging, monitoring, and provider security controls.

No service is completely secure. You are responsible for keeping your account, email, devices, passwords, and login providers secure.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, transfer your data, withdraw consent, complain to a regulator, and not be subject to certain automated decisions without safeguards.

These rights may be limited by law, security, identity verification, technical feasibility, legal claims, and the need to protect other people. To exercise rights, contact us using the details above.

If you are in the UK, you may have the right to complain to the Information Commissioner's Office. If you are in the EEA, you may contact your local data protection authority.

If you are in another location, you may have similar privacy rights under local law. We will handle privacy requests according to the law that applies to your request and to Chick.

Children

Chick is intended for adults aged 18 or over. We do not knowingly allow children to create accounts. If we discover that a child has created an account, we may suspend or delete the account and related data where appropriate.

Chick is not designed to provide weight loss, nutrition, or fitness guidance for children without professional oversight.

Cookies and similar technologies

We use strictly necessary cookies and similar technologies for essential site and app functions, login sessions, security and remembering choices. Optional analytics or marketing cookies or similar technologies are only used where the required consent has been obtained. More information is in the Cookie Policy, where you can also change your cookie choices.

Changes to this Policy

We may update this Policy as Chick changes. We will update the date and, where appropriate, provide additional notice or seek consent if required by law. Continued use after an update means the updated Policy applies to future use, subject to mandatory law.

Contact

Questions, privacy requests or cookie questions should be sent to privacy@chick.health or through the Contact page.

Legal centre

Other Chick legal pages.

These pages work together to explain the rules, privacy choices, AI limitations, subscriptions, and safe use of Chick.

Terms of UseThe main contract for using Chick, including AI limits, accounts, acceptable use, changes, liability limits, and user responsibilities. Privacy PolicyHow we collect, use, share, store, and protect personal data through Chick, including health and wellness information used by AI features. AI, Health, Nutrition & Fitness DisclaimerThe clearest explanation of AI estimates, nutrition uncertainty, non-medical use, user responsibility, and intended purpose. Subscription, Billing & Refund PolicyRules for subscriptions, trials, renewals, cancellations, refunds, price changes, and payment issues. Acceptable Use PolicyWhat users must not do, including unsafe health use, security abuse, AI misuse, infringement, and professional misuse. Cookie PolicyHow cookies and similar technologies may be used on Chick for login, security, preferences, analytics, diagnostics, and improvement.