Back to Home

Privacy Policy

Last Updated: January 6, 2026

DietBoard ("we," "us," or "our") is a clinical nutrition management platform designed for healthcare professionals. We are committed to protecting the privacy and security of your personal information and the health and personal information of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We apply privacy and security standards designed to protect both your personal information and the patient data you manage through our platform, regardless of where you are located.

Information We Collect

Account Information

  • Email address and name
  • Password (encrypted)
  • Two-factor authentication credentials
  • Professional license number (optional, for verification)
  • Profile photo (optional)

Patient Data

When you use DietBoard to manage patient information, we process the following data that you enter:

  • Patient name, date of birth, and contact information
  • Medical profiles and health conditions
  • Body composition and anthropometric data
  • Nutrition plans and dietary recommendations
  • Consultation notes and progress records

Payment Information

Payment processing is handled securely by Stripe. We do not store your full credit card numbers. We only receive confirmation of payment status and basic transaction details.

Technical Data

For security and platform integrity, we collect:

  • IP addresses and browser information
  • Login timestamps and session data
  • Audit logs of data access (to track who accessed patient data and when)

How We Use Your Information

  • Service Provision: To provide and maintain the DietBoard platform, including creating nutrition plans and managing patient records.
  • Account Security: To protect your account through two-factor authentication, login notifications, and account lockout after failed attempts.
  • Accountability & Auditability: To maintain audit logs and access records so you can verify who accessed patient data and when.
  • Payment Processing: To process subscription payments and manage your billing.
  • Communication: To send essential service notifications, security alerts, and password reset emails.

Data Sharing & Third Parties

We Do NOT Sell Your Data

We never sell, rent, or trade your personal information or patient data to third parties for marketing or advertising purposes.

Service Providers

We work with carefully selected third-party service providers who help us operate our platform. These providers are bound by data protection agreements that require them to safeguard any personal or patient data they process on our behalf:

  • Stripe: Payment processing
  • Database Provider: Secure data storage with encryption at rest
  • Resend: Transactional email delivery
  • Sentry: Error monitoring and performance (no patient data is transmitted)

Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if necessary to protect the rights, property, or safety of DietBoard, our users, or others.

Security Measures

We implement technical safeguards to protect your data:

Encryption in Transit

All data transmitted using HTTPS/TLS

Encryption at Rest

Database encrypted using industry standards

Account Protection

Automatic lockout after 5 failed login attempts

Audit Logging

All access to patient data is recorded and auditable

Session Security

Secure session management with automatic timeout

Data Retention

We retain data based on operational needs and standard industry practices:

  • Account Data: Retained while your account is active. Upon deletion request, data is soft-deleted with a 30-day recovery period before permanent removal.
  • Patient Records: Retained for 6 years from the last service date, in line with healthcare industry best practices for record keeping.
  • Audit Logs: Retained for 6 years to support accountability and auditability of data access.
  • Payment Records: Retained as required by tax and financial regulations.

Your Rights

Your Privacy Rights

All DietBoard users and their patients are entitled to the following rights regarding their data:

  • Access: Request a copy of your personal data or patient records
  • Correction: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your data, subject to applicable retention requirements
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to specific types of data processing
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Disclosure Accounting: Request a record of who has accessed patient data and when
  • Confidential Communications: Request alternative means of communication for sensitive matters

Note: Patients should contact their healthcare provider (you, the dietitian) to exercise their rights. You can manage patient data access through your DietBoard account.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Inquiries: privacy@dietboard.com

Data Protection Inquiries: compliance@dietboard.com

Security Concerns: security@dietboard.com

We aim to respond to all privacy requests within 30 days. Requests involving patient records may take up to 60 days due to additional verification requirements.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will send you an email notification. We encourage you to review this Privacy Policy periodically.