The short version
- ✅ We collect only what we need to give you a personalised wellness plan.
- ✅ We never sell your data. Ever.
- ✅ Your health information is treated as sensitive and stored securely.
- ✅ You can request, correct, or delete your data at any time.
- ✅ We use a small number of trusted third-party services — listed below.
1. Who we are
Aunty Mel is a digital wellness platform designed to support women through perimenopause and menopause. It is operated by Aunty Mel Ltd (a company registered in England and Wales).
Data controller: Aunty Mel Ltd
Contact: privacy@auntymel.app
References to “we”, “us”, or “our” in this policy mean Aunty Mel Ltd.
2. What data we collect
Account information
When you register, we collect your name and email address. If you sign in with Google, we receive your name, email address, and profile picture from Google.
Health and wellness data
To personalise your wellness plan, we collect information you voluntarily provide, including:
- Menopause stage (e.g. perimenopause, postmenopause)
- Symptoms you experience (e.g. hot flushes, sleep problems, mood changes)
- Lifestyle information (diet, exercise level, sleep quality, stress level)
- Cultural and heritage background (used to make recommendations culturally relevant)
- Daily symptom check-ins and journal entries
Important: Health information is a “special category” of personal data under UK GDPR. We process it only with your explicit consent, given during sign-up. You can withdraw this consent at any time by deleting your account.
Payment information
Payments are handled by Stripe. We never see or store your full card number. We receive a payment reference and subscription status from Stripe so we know whether your subscription is active.
Usage data
We collect basic usage information — pages visited, features used, and error logs — to improve the app. This data is anonymised where possible.
Communications
If you contact us by email or through the app, we keep a record of that correspondence to help us respond and improve our support.
3. Why we collect your data (lawful basis)
We process your data for the following purposes and on the following legal bases:
| Purpose | Lawful basis |
|---|---|
| Creating and managing your account | Contract |
| Personalising your wellness plan | Explicit consent (health data) |
| Processing your subscription payment | Contract |
| Sending transactional emails (magic links, receipts) | Contract |
| Sending wellness tips and updates (if opted in) | Consent |
| Improving the app and fixing bugs | Legitimate interests |
| Complying with legal obligations | Legal obligation |
4. Who we share your data with
We do not sell, rent, or trade your personal data. We share data only with the following trusted service providers who help us run the platform:
Resend
Transactional emails (magic links, receipts) · USA (Standard Contractual Clauses)
Privacy policy →We may also disclose your data if required by law, or to protect the safety and rights of our users or the public.
5. How long we keep your data
We keep your account and wellness data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal reasons (e.g. financial records, which we keep for 7 years in line with UK tax law).
Anonymised, aggregated usage data (which cannot identify you) may be kept indefinitely to help us improve the service.
6. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- →Right of access: Request a copy of the personal data we hold about you.
- →Right to rectification: Ask us to correct inaccurate or incomplete data.
- →Right to erasure: Ask us to delete your data ("right to be forgotten").
- →Right to restriction: Ask us to limit how we use your data in certain circumstances.
- →Right to data portability: Receive your data in a structured, machine-readable format.
- →Right to object: Object to processing based on legitimate interests or for direct marketing.
- →Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, email us at privacy@auntymel.app. We will respond within 30 days. There is no charge for most requests.
If you are unhappy with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.
7. How we protect your data
We take security seriously. Measures we use include:
- All data is encrypted in transit (TLS) and at rest
- Authentication is handled by Supabase Auth — we never store passwords
- Database access is protected by row-level security policies
- We conduct regular reviews of third-party service security
- We limit employee access to personal data on a need-to-know basis
No system is 100% secure. If we become aware of a data breach that affects your rights, we will notify you and the ICO in accordance with our legal obligations.
8. Cookies and tracking
We use a small number of essential cookies required for the app to function — specifically, a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking pixels.
You can control cookies through your browser settings, but disabling essential cookies will prevent you from staying logged in.
9. Children's privacy
Aunty Mel is designed for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us immediately at privacy@auntymel.app and we will delete it promptly.
10. Changes to this policy
We may update this policy from time to time. If we make significant changes, we will notify you by email or with a notice in the app before the changes take effect. The “last updated” date at the top of this page always reflects the current version.
11. Contact us
Questions, requests, or concerns about your privacy? We'd love to hear from you:
Aunty Mel — Privacy Team
Email: privacy@auntymel.app