Privacy Policy
Last updated: June 2026
1. Data Controller
AtaHealth, operated by Zahra Ataei, is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at info@atahealth.co.
2. What Data We Collect
We collect the following categories of personal data: Contact information (name, email address, phone number) provided when you book a session or sign up for a program. Health and dietary information you share during consultations to enable personalized coaching. Payment information processed securely through Stripe (we do not store your card details). Usage data such as pages visited, collected via cookies and analytics tools. Communication records from emails, messages, and video sessions related to your coaching. For sjukvård (healthcare) patients: lab results, health journals, doctor consultation notes, and medical records generated during your program.
3. Why We Collect Your Data
We process your personal data for the following purposes: To deliver our coaching services and create your personalized nutrition plan. To process payments and manage your subscription or installment plan. To communicate with you about bookings, sessions, and program updates. To improve our website and services through anonymized analytics. To comply with legal obligations such as bookkeeping and tax requirements.
4. Legal Basis for Processing
We process your data based on: Contract: processing necessary to deliver the services you have purchased. Consent: when you voluntarily share health information during coaching. Legitimate interest: for website analytics and service improvement. Legal obligation: for bookkeeping and tax compliance.
5. How We Store and Protect Your Data
Your data is stored securely using industry-standard encryption and access controls. Payment data is handled entirely by Stripe and is never stored on our servers. For sjukvård (healthcare) patients: your health information, lab results, journal notes, and consultation records are stored in Kaddio, a certified Swedish electronic health record (journal) system in which your video consultations and bookings also take place. Data in Kaddio is stored within Sweden/the EU. For In Person care delivered at The Health Clinic Stockholm, clinical records may additionally be kept in Webdoc, a certified Swedish journal system with data stored in Sweden. Access to your journal records is strictly limited to the healthcare professionals directly involved in your care (your dietitian and treating physicians). No other staff or third parties have access to your journal. For friskvård (wellness) clients, coaching content such as meal plans and check-ins is delivered through the Everfit app. We retain your personal data for as long as necessary to fulfill the purposes described in this policy, or as required by law (typically 7 years for financial records under Swedish bookkeeping regulations, and 10 years for medical records under Swedish patient data law, patientdatalagen).
6. Third-Party Services
We use the following third-party services that may process your data: Stripe: payment processing. Calendly: appointment scheduling. Kaddio: certified Swedish electronic health record (journal) system for sjukvård patients, used for health records, video consultations, and bookings (data stored in Sweden/the EU). Nutrition Data: app used to deliver meal plans and track nutrition for sjukvård patients. Everfit: app used to deliver meal plans, check-ins, and messaging for friskvård (wellness) services. SYNLAB: laboratory partner (together with its partner laboratories) that processes blood samples and lab results. Webdoc: electronic health record system used for In Person clinical records at The Health Clinic Stockholm (Swedish-certified, data stored in Sweden). Google Analytics: anonymized website usage data. All third-party providers are GDPR-compliant and process data according to their own privacy policies.
7. Cookies
Our website uses cookies for essential functionality and analytics. Essential cookies are required for the website to function properly. Analytics cookies help us understand how visitors use the site. You can manage cookie preferences through your browser settings.
8. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights: Right of access: request a copy of the personal data we hold about you. Right to rectification: request correction of inaccurate data. Right to erasure: request deletion of your data when it is no longer necessary. Right to restrict processing: request that we limit how we use your data. Right to data portability: receive your data in a structured, machine-readable format. Right to object: object to processing based on legitimate interest. Right to withdraw consent: withdraw consent at any time without affecting prior processing. To exercise any of these rights, contact us at info@atahealth.co. We will respond within 30 days.
9. Data Transfers
Some of our third-party services may transfer data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this privacy policy from time to time. Changes take effect upon publication on this page. We encourage you to review this policy periodically.
12. Supervisory Authority
If you believe your data rights have been violated, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.
13. Contact
For questions about this privacy policy or your personal data, contact us at info@atahealth.co.