ESEN
Book Consultation
Privacy

Privacy Policy

How Healthy Munching collects, uses, shares, and protects personal data across the site, forms, bookings, digital products, and communications.

Last updated: May 13, 2026

Controller and contact

Healthy Munching is operated by Ana Sofía Aguirre from Germany. For privacy questions or to exercise privacy rights, contact us at asaguirre16@gmail.com.

This policy explains how we collect and use personal data when you visit this site, submit forms, book consultations, buy digital products, join waitlists, or interact with our contact channels.

Data we may collect

  • Contact and identity details, such as name, email, country, phone number, preferred language, and messages you voluntarily send.
  • Service-related data, such as consultation preferences, booking history, purchased products, client access, and follow-up communications.
  • Form and waitlist data, including consents, stated interests, and responses needed to handle your request.
  • Health or nutrition information only when you voluntarily share it in a private consultation or intake context. Public forms should not be used to send diagnoses, detailed symptoms, or sensitive medical information.
  • Basic technical data, such as visited URLs, device, browser, approximate region, security logs, and cookie or language preferences.

Purposes

  • Respond to requests and manage contact, waitlists, bookings, and service-related communications.
  • Deliver digital products, access, resources, customer support, and administrative messages.
  • Prepare and provide clinical or functional nutrition services when you book a consultation or program.
  • Send informational or follow-up emails when consent or another applicable legal basis exists.
  • Maintain site security, prevent abuse, fix technical issues, and comply with legal, tax, or contractual obligations.
  • Measure site performance through optional analytics only when you accept that category of cookies or similar technologies.

Legal bases

Where the GDPR or similar rules apply, we process data based on performance of a contract or pre-contract steps, your consent, our legitimate interests in operating and protecting the site, compliance with legal obligations, and, where relevant, explicit consent for health information you voluntarily provide.

You can withdraw consent at any time. Withdrawal does not affect processing performed before withdrawal or data we must keep for legal or contractual obligations.

Providers and recipients

We use external providers to operate the site and provide services. We share data only when needed for the relevant purpose.

  • Vercel for hosting, performance, and optional web analytics.
  • Tally for contact, waitlist, and private forms configured for the relevant flow.
  • YouCanBookMe for bookings and appointment-related communications.
  • Podia for sales pages, checkout, digital product access, and client login where applicable.
  • Brevo for email automation, lists, and communications when the flow is enabled.
  • Supabase for authentication and internal administrative data when the admin portal is used.
  • Email, WhatsApp, Instagram, or other external channels when you choose to contact us through them.

Cookies, analytics, and similar technologies

We use necessary cookies to remember preferences such as language and consent. Vercel Web Analytics loads only after you accept optional cookies on this site.

Forms, scheduling tools, checkout pages, or external links may load the provider's own technologies when you interact with them. See the Cookie Policy for more detail and to change your preferences.

International transfers

Some providers may process data outside the European Economic Area, the United Kingdom, Switzerland, or your country of residence. Where applicable, we rely on the provider's contractual, technical, and organisational safeguards, such as standard contractual clauses, adequacy decisions, or other recognised mechanisms.

Retention

We keep data only as long as needed for the purposes described, to provide services, respond to requests, maintain tax or contractual records, resolve disputes, comply with legal obligations, and protect site security.

Specific periods vary by data type, provider, and applicable legal requirements. When data is no longer needed, it is deleted, anonymised, or kept in restricted form if legally required.

Your rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing of personal data, withdraw consent, and lodge a complaint with a data protection authority.

To exercise rights, email asaguirre16@gmail.com. We may request reasonable information to verify your identity and respond correctly.

U.S. privacy rights

Where a U.S. state privacy law applies, you may have rights to access, delete, correct, port, limit use of sensitive data, opt out of sale or sharing, and avoid discrimination for exercising rights.

We do not sell personal data or use cross-context behavioural advertising on this site. If that changes, we will update this policy and provide the required mechanisms.

Security and minors

We apply reasonable safeguards to protect personal data, but no internet-connected system can guarantee absolute security.

This site and the services are not directed to minors. If you believe a minor sent us personal data without authorisation, contact us so we can review it.

Changes

We may update this policy when the site, services, providers, or legal requirements change. The current version is identified by the date above.