Privacy Policy

1. About this policy

Prokol Health (ABN 33 972 014 877), trading as Prokol ("we", "us", "our"), operates the Prokol platform — a nutrition coaching, food logging, and health tracking application available at prokol.io and via mobile app ("the Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By creating an account or using the Service you consent to the practices described in this policy. If you do not agree, please do not use the Service.

2. Who we collect information from

We collect personal information from:

• Individual users who create an account to track their own nutrition, workouts, and health data.
• Coaches who use the platform to manage clients, create meal plans, and communicate with clients.
• Coached clients who are invited to the platform by a coach.
• Organisation administrators who manage a white-label deployment of the platform.

3. What information we collect

We collect the following categories of personal information:

3.1 Account information

• Email address and password (hashed)
• Name and profile details you choose to provide
• Account type (individual, coach, or coached client)

3.2 Health and nutrition data

• Age, sex, height, body weight, and body composition measurements
• Dietary preferences and restrictions
• Food logs, meals, and macro/calorie targets
• Workout and activity logs
• Menstrual cycle data (if provided)
• Progress photos (if uploaded)
• Check-in responses and goal notes

3.3 Communications

• Messages exchanged between coaches and clients within the platform
• Notes and annotations made by coaches about client progress

3.4 Usage and technical data

• Device type, browser, and operating system
• IP address and approximate location
• Pages visited and features used within the Service
• Log data including errors and timestamps

3.5 Payment data

Payments are processed by Stripe. We do not store full card numbers. We receive and store subscription status, plan type, and Stripe customer/subscription identifiers.

4. How we use your information

We use personal information to:

• Provide, operate, and improve the Service
• Calculate nutritional targets, macros, and progress metrics
• Enable coaches to manage and communicate with their clients
• Send transactional emails (account confirmation, password reset, subscription notices)
• Send service-related notifications (trial reminders, coach invites)
• Process subscription payments via Stripe
• Respond to support requests
• Comply with legal obligations
• Detect and prevent fraud or abuse

We do not sell your personal information or use it for advertising purposes.

5. How we share your information

We share personal information only in the following circumstances:

5.1 With your coach

If you are a coached client, your food logs, check-ins, progress data, messages, and health metrics are visible to your assigned coach(es). You accept this when accepting a coaching invite.

5.2 Service providers

We use the following third-party service providers who process data on our behalf:

• Supabase — database and authentication hosting (data stored in Australian or US-East AWS regions)
• Stripe — payment processing
• Resend — transactional email delivery
• Vercel — application hosting

Each provider is bound by data processing agreements and their own privacy policies.

5.3 Legal requirements

We may disclose information where required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of Prokol Health, our users, or the public.

5.4 Business transfers

In the event of a merger, acquisition, or sale of all or part of our business, user data may be transferred. We will notify affected users by email and/or prominent notice on the Service.

6. Security

We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords, row-level security on all database tables, and access controls. Health data is treated as sensitive information under the APPs.

No method of transmission over the internet is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

7. Data retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

Backup copies may persist for up to 90 days before being overwritten.

8. Your rights

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or out-of-date information
• Request deletion of your account and associated data
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

To exercise these rights, contact us at info@prokol.io. We will respond within 30 days. Account deletion can also be initiated directly from Settings → Account → Delete Account.

9. Cookies and tracking

We use cookies and similar technologies to maintain your login session and remember your preferences. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from logging in or using the Service.

10. Children

The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by prominent notice within the Service at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact us