Privacy & data

• We process your data only to deliver and improve Verdant.
• We never sell your data and never share it for advertising.
• You can export or delete your account and all data at any time.
• We rely on GDPR-compliant infrastructure inside the EU/EEA where possible, with standard contractual clauses for any non-EEA processor.

• Account data: name, email, authentication identifiers.
• Profile data: age, sex, height, weight, dietary preferences, goals, allergies, medical considerations you choose to disclose.
• Behavioural data: meals, hydration logs, weigh-ins, coach conversations, app interactions.
• Device data: basic technical telemetry needed to run the service (errors, performance, anonymised usage events).
• Optional uploads: meal photos, fridge photos, barcodes — processed only to return a result and not retained beyond what you save to your log.

Health-related information (weight, body composition, dietary or medical considerations) is “special category” data under GDPR Article 9. We process it only with your explicit consent given during onboarding, and only to deliver the coaching features you requested.

• Contract — to provide the coaching service you signed up for.
• Consent — for health data and any optional features.
• Legitimate interest — for security, fraud prevention, and product improvement, balanced against your rights.
• Legal obligation — to comply with tax, accounting, and lawful requests.

Verdant uses third-party AI models (e.g. Google Gemini, OpenAI) via a managed gateway to generate nutrition estimates, coaching messages, and pattern summaries. Inputs are sent for the sole purpose of returning a response and are not used to train those third-party models. AI outputs are estimates and may be wrong — see the in-app AI disclaimer.

We share data only with vetted processors who help us run the service: cloud hosting, authentication, AI gateway, error monitoring, and email delivery. Each is bound by a data processing agreement. We do not sell or rent personal data.

Payments and billing are processed by Paddle.com Market Ltd, our merchant of record. When you subscribe, Paddle receives your name, email, billing address, and payment details directly — Verdant never sees your full payment card details. Paddle acts as an independent data controller for billing, tax, and fraud prevention purposes. See Paddle’s privacy policy.

We keep your data while your account is active. If you delete your account, we erase your personal data within 30 days, except for minimal records we are legally required to retain (e.g. billing). Backups roll off within 90 days.

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data (“right to be forgotten”).
• Restrict or object to processing.
• Data portability — receive a machine-readable export.
• Withdraw consent at any time.
• Lodge a complaint with your local supervisory authority.

You can exercise the export and erasure rights yourself from Settings → Privacy. For anything else, email privacy@verdant.app.

Data is encrypted in transit (TLS) and at rest. Access is role-based, audited, and limited to staff who need it to operate the service.

Verdant is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

We’ll notify you in-app of material changes. The “Last updated” date above always reflects the current version.

Privacy enquiries: privacy@verdant.app