Privacy Policy

Your privacy is important to us. It is Slink’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://slink.42lh.com, and our Telegram bot service.

This privacy policy complies with the General Data Protection Regulation (GDPR) and explains how we collect, use, disclose, and safeguard your information.

Data Controller

The Data Controller for your personal information is: Email: hey@lukashermann.dev

Information We Collect

We collect and process your personal data based on the following legal grounds:

• Contract performance (Art. 6(1)(b) GDPR): To provide our nutrition coaching service
• Consent (Art. 6(1)(a) GDPR): For optional features and communications
• Legal obligations (Art. 6(1)(c) GDPR): To comply with applicable laws
• Legitimate interests (Art. 6(1)(f) GDPR): To improve our services

Telegram Data

When you use Slink Nutrition Bot through Telegram, we collect:

• Your Telegram user ID
• First name
• Messages you send to the bot
• Time zones and message timestamps

Nutrition and Health Data

To provide our service, we collect:

• Height and weight measurements
• Dietary preferences and restrictions
• Meal logs and photos
• Daily nutrition targets
• Progress tracking data

This health-related data is processed with your explicit consent (Art. 9(2)(a) GDPR).

How We Use Your Information

We use your personal information to:

• Provide personalized nutrition coaching
• Track your progress toward health goals
• Generate meal analysis and feedback
• Send timely reminders and check-ins
• Improve our nutrition analysis algorithms
• Maintain and improve our services

Data Storage and Security

Your data is stored securely using Google Firebase services located in the European Union. We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure authentication systems
• Regular security assessments
• Limited staff access to personal data
• Regular security updates and monitoring

Third Party Services

We use the following third party services:

Required Services

The following third party services are required for Slink to work properly:

• Firebase: We use Firebase for user authentication and data storage Privacy Policy of Firebase: https://firebase.google.com/support/privacy

• Telegram: We use Telegram’s Bot API for messaging Privacy Policy of Telegram: https://telegram.org/privacy

• Anthropic: We use Claude AI for nutrition analysis Privacy Policy of Anthropic: https://www.anthropic.com/privacy

Data Retention

We keep your personal information only for as long as necessary to provide our services and comply with legal obligations. You can request deletion of your account and associated data at any time by contacting us.

If you delete your account:

• Personal information is removed within 30 days
• Anonymized aggregate data may be retained
• Backup copies may take up to 90 days to be fully removed

Children’s Privacy

Slink Nutrition Bot is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the service or provide any personal information.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

1. Right to Access (Art. 15 GDPR)

   • Obtain confirmation if your data is being processed
   • Access your personal data
   • Understand how we use your data

2. Right to Rectification (Art. 16 GDPR)

   • Correct inaccurate personal data
   • Complete incomplete personal data

3. Right to Erasure (Art. 17 GDPR)

   • Request deletion of your personal data
   • Also known as “right to be forgotten”

4. Right to Restriction of Processing (Art. 18 GDPR)

   • Limit how we use your personal data

5. Right to Data Portability (Art. 20 GDPR)

   • Receive your data in a structured format
   • Transmit data to another controller

6. Right to Object (Art. 21 GDPR)

   • Object to processing of your personal data
   • Particularly for direct marketing

7. Right to Withdraw Consent (Art. 7(3) GDPR)

   • Withdraw previously given consent
   • Will not affect processing based on other legal grounds

To exercise these rights, contact us at hey@lukashermann.dev or message @lhdev on Telegram.

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

International Transfers

Your data is processed and stored in the European Union. We ensure appropriate safeguards are in place for any data transfers, in compliance with GDPR requirements.

Data Breaches

In the case of a personal data breach, we will notify relevant supervisory authorities within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

• Posting the new policy on our website
• Sending you a notification through Telegram
• Updating the “Last Update” date at the top of this policy

Contact Us

For any questions about this privacy policy, our privacy practices, or to exercise your rights, please contact us at:

Email: hey@lukashermann.dev Telegram: @lhdev

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.