Privacy Policy

Kysana GmbH ("Kysana", "we", "us", or "our") is the data controller responsible for the processing of your personal data in connection with the Kysana platform. We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

Contact:
Kysana GmbH
Switzerland
Email: privacy@kysana.ch

We collect the following categories of personal data:

• Account data: Name, email address, password (hashed), role (client or nutritionist), profile photo.
• Health data: Dietary preferences, allergies, nutritional goals, meal plans, body measurements, and other health-related information you provide.
• Professional data (nutritionists): Certifications, qualifications, professional license numbers, areas of specialization.
• Usage data: Log data, device information, IP address, browser type, pages visited, features used.
• Communication data: Messages exchanged between clients and nutritionists through the platform.
• Payment data: Billing information processed through our third-party payment provider. We do not store full credit card numbers.

We process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to provide our services (FADP Art. 6(6)).
• Consent: For processing health data and other sensitive personal data (FADP Art. 6(7)).
• Legitimate interest: For analytics, security, and service improvement (FADP Art. 6(1)).
• Legal obligation: Where we are required to process data by law.

• Providing and maintaining the Kysana nutrition platform.
• Connecting clients with qualified nutritionists.
• Creating and managing personalized nutrition plans.
• Processing payments and managing subscriptions.
• Communicating with you about your account and services.
• Improving our services and user experience.
• Ensuring the security and integrity of the platform.
• Complying with legal obligations.

Kysana processes health-related data as defined under FADP Art. 5(c). This includes dietary information, allergies, nutritional goals, and body measurements. We process this data only with your explicit consent and for the purpose of providing nutritional services.

You may withdraw your consent to the processing of health data at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

When you engage a nutritionist through Kysana, the nutritionist will have access to the health data and profile information you provide. Nutritionists are bound by professional confidentiality obligations and our data processing agreements.

Nutritionists may only use your data for the purpose of providing nutritional advice and services. They may not share your data with third parties without your consent.

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained for the duration of your account plus 2 years after deletion.
• Health data: Retained for the duration of your active engagement with a nutritionist plus 10 years (in accordance with Swiss health record retention requirements).
• Usage data: Retained for up to 12 months.
• Payment records: Retained for 10 years as required by Swiss tax law.

Under FADP and applicable data protection laws, you have the following rights:

• Right of access: Request information about the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to deletion: Request deletion of your personal data, subject to legal retention obligations.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to withdraw consent: Withdraw previously given consent at any time.
• Right to object: Object to the processing of your data based on legitimate interest.

To exercise your rights, contact us at privacy@kysana.ch. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training. However, no method of transmission over the Internet is 100% secure.

Kysana uses cookies and similar technologies to:

• Essential cookies: Required for the platform to function (e.g., authentication, session management).
• Analytics cookies: Help us understand how users interact with the platform (only with your consent).

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Kysana is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending you an email. The updated policy will be effective from the date stated at the top of this page. Continued use of the platform after changes constitutes acceptance.

If you have questions about this Privacy Policy or our data practices, contact us at:

Kysana GmbH
Switzerland
Email: privacy@kysana.ch