Skip to main content

Privacy Policy

Last updated: February 2026

1. Data Controller

AtaHealth, operated by Zahra Ataei, is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at info@atahealth.co.

2. What Data We Collect

We collect the following categories of personal data: Contact information (name, email address, phone number) provided when you book a session or sign up for a program. Health and dietary information you share during consultations to enable personalized coaching. Payment information processed securely through Stripe — we do not store your card details. Usage data such as pages visited, collected via cookies and analytics tools. Communication records from emails, messages, and video sessions related to your coaching.

3. Why We Collect Your Data

We process your personal data for the following purposes: To deliver our coaching services and create your personalized nutrition plan. To process payments and manage your subscription or installment plan. To communicate with you about bookings, sessions, and program updates. To improve our website and services through anonymized analytics. To comply with legal obligations such as bookkeeping and tax requirements.

4. Legal Basis for Processing

We process your data based on: Contract — processing necessary to deliver the services you have purchased. Consent — when you voluntarily share health information during coaching. Legitimate interest — for website analytics and service improvement. Legal obligation — for bookkeeping and tax compliance.

5. How We Store and Protect Your Data

Your data is stored securely using industry-standard encryption and access controls. Payment data is handled entirely by Stripe and is never stored on our servers. Health information shared during coaching is stored in our secure coaching platform and is accessible only to your assigned dietitian. We retain your personal data for as long as necessary to fulfill the purposes described in this policy, or as required by law (typically 7 years for financial records under Swedish bookkeeping regulations).

6. Third-Party Services

We use the following third-party services that may process your data: Stripe — payment processing. Calendly — appointment scheduling. Google Analytics — anonymized website usage data. Our coaching app — to deliver meal plans, check-ins, and messaging. All third-party providers are GDPR-compliant and process data according to their own privacy policies.

7. Cookies

Our website uses cookies for essential functionality and analytics. Essential cookies are required for the website to function properly. Analytics cookies help us understand how visitors use the site. You can manage cookie preferences through your browser settings.

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights: Right of access — request a copy of the personal data we hold about you. Right to rectification — request correction of inaccurate data. Right to erasure — request deletion of your data when it is no longer necessary. Right to restrict processing — request that we limit how we use your data. Right to data portability — receive your data in a structured, machine-readable format. Right to object — object to processing based on legitimate interest. Right to withdraw consent — withdraw consent at any time without affecting prior processing. To exercise any of these rights, contact us at info@atahealth.co. We will respond within 30 days.

9. Data Transfers

Some of our third-party services may transfer data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes take effect upon publication on this page. We encourage you to review this policy periodically.

12. Supervisory Authority

If you believe your data rights have been violated, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.

13. Contact

For questions about this privacy policy or your personal data, contact us at info@atahealth.co.