GDPR Compliance

Last updated: March 7, 2026

Eatomate is committed to protecting your privacy rights under the General Data Protection Regulation (GDPR).

Your RightsExercise RightsLawful BasisLodge ComplaintContact DPO

Your GDPR Rights

Right to Access

You have the right to request a copy of all personal data we hold about you. This includes your account information, meal logs, nutrition history, and reconciliation data.

Right to Rectification

You can correct inaccurate personal data at any time through your account settings. For data you cannot edit yourself, contact us and we'll update it within 30 days.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. Your account is immediately anonymized and you'll have a 30-day grace period to cancel the deletion. After 30 days, your personal data is permanently deleted, except:

  • Financial records required by law (7 years retention)
  • Data needed to resolve active disputes

Right to Data Portability

You can export your data in machine-readable format (JSON) through your account settings. This includes all meals, nutrition data, and recipes. Transfer to another service is your responsibility.

Right to Object

You can object to processing your data for specific purposes:

  • Usage Analytics: Opt out in Settings → Privacy
  • Marketing Emails: Unsubscribe link in every email
  • Analytics: Disable in cookie settings

Right to Restriction of Processing

You can request we stop processing your data (but retain it) while we verify accuracy disputes or assess objections. Contact our DPO to request restriction.

How to Exercise Your Rights

Self-Service (Account Settings)

  • Export Data: Settings → Privacy → "Export My Data"
  • Delete Account: Settings → Account → "Delete Account"
  • Update Personal Info: Settings → Profile

Contact DPO (For Complex Requests)

For rights that require manual processing (restriction, objection, etc.), email our Data Protection Officer:

dpo@eatomate.co.uk

We will respond to GDPR requests within 30 days as required by law. If we need more time, we'll notify you with an explanation.

Lawful Basis for Processing

We process your data under the following lawful bases:

  • 1.
    Contract Performance: Processing meal scans, nutrition calculations, and reconciliation is necessary to provide the Service you subscribed to.
  • 2.
    Consent: Usage analytics require your explicit opt-in consent.
  • 3.
    Legitimate Interest: Security monitoring, fraud prevention, and product improvements where they don't override your rights.
  • 4.
    Legal Obligation: Tax records, financial reporting, and compliance with UK law.

Right to Lodge a Complaint

If you believe we have violated your GDPR rights, you have the right to lodge a complaint with your local supervisory authority:

UK: Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

We encourage you to contact us first so we can address your concerns directly.

Contact Our Data Protection Officer

For all GDPR-related inquiries:

Data Protection Officer

dpo@eatomate.co.uk

Registered Address

71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom