Privacy Policy

Last updated: 31 March 2026 (version 2026-03-31)

TL;DR — Key points

  • We collect only the minimum data needed to operate the site and fulfil your purchases.
  • We use Google Tag Manager, Google Analytics, Google AdSense and Meta Pixel for analytics and advertising.
  • When you buy a plan, your email is processed by Stripe and used to send you the download link. We never see your card number.
  • Your data is never sold to third parties for their marketing.
  • You have full GDPR rights: access, rectification, erasure, portability and more.
  • Contact: support@dietabest.com

1. Data controller

The controller of your personal data is:
DietaBest Digital Services
ul. Prosta 32, 00-838 Warsaw, Poland
Email: support@dietabest.com

2. What data we collect and why

2.1 Browsing and analytics

  • Technical data: anonymised IP address, browser type, operating system, pages visited, referral source — collected automatically when you use the site.
  • Cookies and tracking pixels: see Section 7 for full details.

2.2 Purchases (digital products)

When you purchase a digital plan from us:

  • Email address — provided to Stripe at checkout; used to send your purchase confirmation and plan download link.
  • Payment transaction data — processed entirely by Stripe. We receive only a payment confirmation, a Stripe session ID and your email address. We do not receive, see or store your card number, expiry date or CVV.
  • BMI data and quiz answers — entered voluntarily in our calculator and quiz. Stored temporarily in your browser session and transmitted to us only when you initiate checkout. Used to personalise your plan and for anonymised internal analytics.

2.3 Contact enquiries

  • Name, email address, message — if you use our contact form. Used solely to respond to your enquiry.

3. Legal basis for processing (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR) — to process your purchase, generate your secure download link and deliver your plan by email.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for site security, fraud prevention, server logs and essential cookies required for the site to function.
  • Consent (Art. 6(1)(a) GDPR) — for analytics cookies, advertising cookies and tracking pixels (Google Analytics, Meta Pixel). You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR) — to retain transaction records as required by applicable tax and accounting law.

4. Purposes of processing

  • To operate and maintain the website and all calculators.
  • To process purchases and deliver digital products (plan PDF).
  • To send transactional emails (purchase confirmation, plan download link).
  • To analyse website traffic (Google Analytics via Google Tag Manager).
  • To display advertising and measure ad performance (Google AdSense, Meta Pixel).
  • To prevent fraud and ensure platform security.
  • To respond to contact and support enquiries.
  • To comply with legal obligations (tax records, GDPR data subject requests).

5. Retention periods

  • Analytics cookies: up to 24 months.
  • Contact form data: up to 12 months from the date of last contact.
  • Server logs: up to 6 months.
  • Purchase records (email address, transaction ID, product, amount): up to 5 years from the date of purchase, as required by applicable tax and accounting regulations.
  • Checkout context files (BMI data, quiz answers stored server-side): deleted within 90 days after the purchase date.

6. Your rights (GDPR)

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention obligations.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — at any time for consent-based processing (e.g. analytics cookies), without affecting prior lawful processing.

To exercise these rights, email us at support@dietabest.com. We will respond within 30 days.

You also have the right to lodge a complaint with a data protection supervisory authority. In Poland: UODO (uodo.gov.pl). EU residents in other member states may contact their national authority.

7. Cookies and tracking technologies

We use the following cookies and tracking tools on this site:

  • Essential cookies — required for the site to function (e.g. security tokens, session management). No consent required.
  • Google Tag Manager (GTM) — loads and manages our analytics and advertising scripts. GTM itself does not collect personal data directly; the scripts it fires may do so as described below.
  • Google Analytics (loaded via GTM) — collects anonymised data about page visits, traffic sources and user behaviour. IP anonymisation is enabled. Google Privacy Policy. Opt out: Google Analytics opt-out add-on or Google Ad Settings.
  • Google AdSense — displays personalised or contextual ads based on your browsing activity. Uses cookies to serve and measure ads. Google Ad settings.
  • Meta Pixel (Facebook Pixel) — tracks conversions from Meta (Facebook/Instagram) ads, builds retargeting audiences and measures ad effectiveness. May collect information about pages visited and actions taken on this site. Meta Privacy Policy. Manage ad preferences: facebook.com/ads/preferences.

For a full list of cookies, their duration and opt-out options, see our Cookie policy. You can manage cookie preferences via your browser settings at any time.

8. Payment processing — Stripe

All payment card transactions are handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you purchase a plan:

  • Your card details are entered directly into Stripe's secure checkout — we never see or store your full card number, expiry date or CVV.
  • Stripe processes your payment data under its own Privacy Policy and as our data processor under GDPR.
  • We receive from Stripe: your email address, a session ID and a payment status confirmation. This is used solely to deliver your plan and maintain purchase records.

9. Transactional emails

After a successful purchase we send you a transactional email containing your plan download link. This email:

  • is sent to the email address you provided at Stripe checkout;
  • is necessary to fulfil the purchase contract (Art. 6(1)(b) GDPR) — no separate marketing consent is required or implied;
  • does not constitute marketing; you will not receive promotional emails as a result of a purchase unless you separately and explicitly opt in.

10. Data sharing and third-party processors

We share your data only as necessary with the following categories of processors:

  • Stripe — payment processing (see Section 8).
  • Google (Analytics, AdSense, GTM) — analytics and advertising.
  • Meta (Facebook/Instagram Pixel) — advertising and retargeting.
  • Hosting providers (e.g. Hostinger) — website infrastructure and storage.
  • Email delivery (SMTP infrastructure) — used solely to send transactional emails (plan download).

We do not sell, rent or share your personal data with third parties for their own independent marketing or commercial purposes.

11. International data transfers

Some of our service providers — including Google, Meta and Stripe — are based in the United States or operate globally. Where your data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards including:

  • EU Standard Contractual Clauses (SCCs) — pursuant to Art. 46 GDPR, incorporated into our agreements with relevant processors.
  • EU-US Data Privacy Framework — for companies certified under this framework (Google, Meta and Stripe are certified participants).

You may request further information about the safeguards in place by emailing support@dietabest.com.

12. Data security

We implement appropriate technical and organisational security measures, including:

  • HTTPS/TLS encryption for all data in transit.
  • Access controls limiting who can access stored personal data.
  • Hashed storage of sensitive identifiers (e.g. IP addresses in webhook logs are SHA-256 hashed).
  • Checkout context files stored in a server-protected directory (restricted via .htaccess).
  • PCI-DSS compliant payment processing via Stripe — no card data ever touches our servers.

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority within the timeframes prescribed by applicable law.

13. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination for exercising your rights.

We do not sell or share personal information for cross-context behavioural advertising purposes. To exercise your CCPA/CPRA rights, contact us at support@dietabest.com.

14. Children's privacy

This website and our digital products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 13 (or under 16 in EU jurisdictions applying the higher threshold). If we become aware that personal data from a child has been collected without appropriate consent, we will delete it promptly.

15. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when the policy was last changed. For material changes affecting how we process your data, we will take reasonable steps to notify users. Prior versions governed data collected under them.

16. Contact

Email: support@dietabest.com
DietaBest Digital Services
ul. Prosta 32, 00-838 Warsaw, Poland.

Related documents