N
NutriFokus

Data Ethics &
Client Confidentiality

Last Updated: Jan 15, 2026 Malaysia PDPA Compliant

Your metabolic data, consultation notes, and dietary preferences are not "user data"—they are clinical records. This policy outlines how NutriFokus secures your information with the same rigor we apply to meal planning: strict access controls, zero excess retention, and absolute clarity on usage.

The Vault Protocol

Our governing philosophy on trust.

1. We collect only what is medically necessary

When you book a consultation, we require basic contact details (name, email, phone) and optional health history. We do not require your IC number, home address, or financial data. If you upload a photo of a meal for analysis, it is processed in-session and deleted within 24 hours.

CONSTRAINT: Database entries are anonymized after 90 days of account inactivity. Reactivation requires a new intake form.

2. Your data powers your plan, not our ads

NutriFokus does not sell, rent, or trade client data. Your allergy list, weight history, and goal metrics are used exclusively to generate your macro targets and recipe recommendations. We do not share identifiable data with third-party supplement brands or fitness trackers.

3. Encryption at rest and in transit

All web traffic is secured via TLS 1.3. Client records are stored in a segregated database instance with AES-256 encryption. Physical access to servers is restricted to authorized engineers with biometric clearance.

Information Inventory

Input: What You Provide

  • Identity: Name, email, phone number for booking coordination.
  • Health Context: Voluntary disclosure of allergies, medical conditions, activity levels.
  • Dietary Habits: Food logs, meal timing, budget constraints.
  • Communications: Notes from chat sessions or email exchanges.

Output: How We Use It

  • Plan Generation: Calculating TDEE, macro splits, and portion sizes.
  • Session Prep: Reviewing history before video consultation.
  • Compliance: Maintaining records required by Malaysian health regulations.
  • Service Improvement: Anonymized aggregate trends (e.g., "60% of clients avoid breakfast").
CRITICAL: We never process payment data. All bookings are handled via bank transfer or secure third-party gateways.
Request Data Export

Disclosure & Third Parties

Who can see your records?

  • Your Nutritionist: During active consultation cycles.
  • Technical Staff: Only for system integrity, never for content review.
  • Legal Requirement: Only upon valid court order or police request.

"We have never received a request for client data from a government agency. If we did, we would fight for client privacy within the full extent of Malaysian law."

— Data Protection Officer, NutriFokus

Software Partners

We use minimal external tools. Current processors:

Calendly Booking scheduling. Does not access health data.
Google Workspace Email correspondence. Subject to Google's privacy policy.

Your Rights & Controls

Under the Malaysian Personal Data Protection Act (PDPA) and our internal ethics, you possess absolute control over your profile.

REFERENCE: Section 29 (Right to Withdraw Consent)
1
Access
Request a complete copy of your records within 7 days.
2
Correction
Fix errors in your health history immediately.
3
Deletion
Ask us to purge your data permanently.
4
Portability
Export your meal plans to share with a doctor.

Formal Contact for Data Requests

Address:
Level 15, Menara 3, Petronas Tower
Kuala Lumpur City Centre
50088 Kuala Lumpur, Malaysia

Email:
[email protected]

Phone:
+60 3-238 45678

Hours:
Mon-Fri: 9:00-18:00

Response time: 24–48 hours during business days.
Visual Anchor: Petronas Towers District

Policy Changes

We review this policy annually. If material changes are made (e.g., new software processors), we will notify you via email at least 7 days before they take effect. The current version is always available on this page.

Cookie Policy Terms of Service Book Consultation
v2.1 • PDPA • 2026