Privacy Notice

Notemeal, Inc.
[01/27/2020]

1. Introduction

At Notemeal, our mission is to optimize athlete nutrition by making dietitians more efficient. We are building dietitians a software toolkit to better educate their athletes, ensuring a sustainable impact. We are doing this by collecting and using data to create personalized meal plans for each end-user. We also have broader goals of conducting research to demonstrate the impact that diet has on health, wellness and performance. In all of our efforts, we are committed to allowing our end-users full control over their data, and preserving each individual's right to privacy. Since day one, we have committed to transparency regarding the use of your data, and consider it one of our core priorities.

2. Roles

As used herein, the term “Participating Organization” defines any organization or entity that has entered into an agreement with Notemeal regarding the use of Notemeal by the Participating Organization’s members, employees, or students (as applicable).

As used herein “Athletes” are “Users” affiliated with a Participating Organization that do not have supervisory authority over other athletes.

“Dietitians” are users affiliated with a Participating Organization that have supervisory authority over Athletes affiliated with that Participating Organization, in a subset of the Participating Organization's Teams. As a non-limiting example, a “Football Dietitian” is typically a Dietitian, given that their role is scope to a specific team.

“Administrators” have all of the privileges of a “Dietitian”, with the additional caveat of having access to all of the “Participating Organization”'s teams, and the athletes that belong to each team. Administrators have access to all of the data associated with Athletes they supervise. As a non-limiting example, a Participating Organization’s Director of Performance Nutrition is typically an Administrator.

3. Explicitly Collected Information

When using the Services, several user input forms are used to explicitly collect information from Athletes, Dietitians and Administrators. The majority of this information is used throughout various features in the app, for example, using an Athlete's lean body mass input to calculate resting metabolic rate, which is then used to build meal plans. Information is also collected for other purposes, outside the typical app usage, and in the spirit of transparency, we have included a table below documenting such purposes.

The “Form” column designates any pre-processing that has been done to prevent the data from being tied to an individual, or to a organization. “De-identified” means the data is no longer able to be determined to belong to a specific individual/individual organization. “Aggregate” means that the data has been aggregated (i.e. averaged, or bucketed), s.t. the data is no longer tied to a single entity, but to a summary of many entities. “Raw” means the entirety of the data, with identifiers, may be “Shared With” entities for the documented “Process”. “Raw” forms of data, unless specified otherwise below, are only shared with Dietitians and Athletes within the Participating Organization.

Data	Owner	Form	Shared With	Process
Anthropometry	Athlete	Aggregate	Internal	Produce aggregate reports across all athletes/teams/leagues who have opted in.

		Aggregate	Dietitian	Produce aggregated progress reports detailing changes in anthropometry w.r.t food logs, compliance and meal plans.
		Raw	Dietitan	Display recent anthropometry entries, intended for use in analysis by dietitians.
		De-identified	Internal	Used internally in algorithms to generate meal plans
Meal Plans	Dietitian, Athlete	De-identified	Internal	Used internally in algorithms to generate meal plans. Capture "assigned food frequency" data points, report in aggregate.
Food Logs	Athlete	De-identified	Internal	Used internally in algorithms to generate meal plans.
		Raw	Dietitian	Get baseline on an athlete's diet (3 day log or 24hr recall) before building a meal plan. Monitor progress. Perform nutrient analysis.
		Aggregate	Internal	Produce reports detailing progress w.r.t. food intake and body composition. Produce food frequency reports for branded and generic foods.
Meal Plan Compliance	Athlete	Raw	Dietitian	Determine which athletes are viewing meal plans, and how often. Quantify level of engagement with plans.



		Aggregate, De-identified	Internal	Maximize athlete's exposure and interaction with dietitian-assigned meal plans, to increase education

Athlete Food Preferences	Athlete	De-identified	Internal	Customize restaurant/recipe/snack options in meal plans curated for athlete, allow for more personalized meal planning by dietitian.
				Used internally in algorithms to generate meal plans

Gender, age, sport, goals, position	Athlete	De-identified	Internal	Used internally in algorithms to generate meal plans




		Raw	Dietitian	Used to determine macronutrient requirements in the meal planning process.

4. Implicitly Collected Information

Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “Cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. Also, if you click on a link to a third party website or Services, a third party may also transmit cookies to you. Again, this Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honor “Do Not Track” requests you have set using your browser or device.

We may use this data to customize content for you that we think pertains to your likes and preferences. We also may use geolocation information to customize content that meets your dietary needs, following approval by a dietitian - for instance, displaying nearby “team dietitian-approved” restaurants when you are out of the facility. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible. Again, we have included a list of data points that are implicitly collected in the app below, and users will have the option to “opt-in” to these data collection processes in-app.

Data	Owner	Form	Shared With	Process
Athlete Geolocation Data	Athlete	Aggregate	Dietitian	What menus/recipe lead to the highest meal attendance in the dining facility?
			Dietitian	Which dining facilities are used, and at what rates, by student-athletes?
			Internal	How often are athletes viewing meal plans on Notemeal's app while in the dining facility? Out of the facility?
Athlete App Engagement	Athlete	Aggregate	Internal, Dietitian	How many times has a meal plan been viewed in app by the athlete? How many hours did the athlete spend on the app this week?
Dietitian App Engagement	Dietitian	Aggregate	Internal, Dietitian	How many hours did the dietitian spend on the app this week?

5. Disclosure of Information

Administrators
Dietitians will be able to access the data of Athletes that they supervise (as determined by the relevant Administrator). An Administrator with access to your account will have access to both your demographic information (e.g., name, gender, sport, age, anthropometry) and the data collected from your use of the Services. Additionally, Dietitians will be allowed to share athlete information with other Administrators at the Participating Organization in which the athlete is using the Services.

Third Party Service Providers
We may also employ other companies and people to perform tasks on our behalf and may need to share your personal information with them to provide products or services to you. We will hold them accountable, the same way you hold us accountable, via the terms in our Vendor Policy Contract. If a third-party requests data that is outside the scope of what Notemeal is privy to, we will require Customer approval before responding to their request.

Publicly Accessible Information
Please note that if you submit any of your personal information to a portion of the Services that is accessible by other users, including an online forum or comment section, other users will be able to see that personal information. Accordingly, only include information in such submissions that you are comfortable sharing with third parties.

Business Transfer
We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also,if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.

Legal & Government
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Services and other agreements; or protect the rights, property, or safety of Notemeal, our employees, our users, or others. If the law allows, we will notify you and wait on customer approval before turning any requested data over.

De-Identified Information
We may de-identify your personal information so that you are not identified as an individual, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as a person. We have also disclosed usages of said de-identified information in the tables above.

6. Modification / Deletion of information

Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:

• name and password
• email address
• user profile information, including images
• Age, weight, height, and gender

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at support@notemeal.io. If you request, we will remove your name and all other personal information that you have provided from the Services. In addition, please understand that, if you request removal of your information, you will be unable to utilize associated features of the Services. You may not request the removal of de-identified, anonymous, or aggregate data from our databases.

Please note that if you request your information, or a subset of your information to be permanently deleted, it will still persist in backup copies of our database for the database retention period that we maintain. At time of writing this, we will be keeping a 1-month retention of backup history, meaning if we delete your information on June 1st, it will not be entirely deleted until July 2nd from our backups. This means on July 2nd, your account (and data) will be irrecoverable, and no data tied to you will persist in our system.

This “Deletion” process applies to “Participating Organizations” as well, as they own their own data. If a Participating Organization terminates their contract with Notemeal, they will have the right to request that all of their data be returned to them in a machine-readable format, and that their data be destroyed in the above process.

If an end-user is under the age of 18, under FERPA, their parent has the right to make any of the above requests.

7. Security

We endeavor to protect the privacy of your account and other personal information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

8. Children Under 13 Years of Age

Children under the age of 13 are not permitted to use, access or register for the Services in any way. We do not knowingly collect or solicit information from anyone under the age of 13. If we learn that Notemeal has collected personal information from a child under the age of 13, we will delete that information as quickly as possible, as well as suspending the accompanying user account.

9. Modification

Notemeal reserves the right, at its sole discretion, to modify this Policy at any time and without prior notice. If we modify this Policy, we will either post a notification of the modification on our website or otherwise provide you with notice of the change. The date of the last modification will also be posted at the beginning of this Policy. By continuing to access or use the Services, you are indicating that you agree to be bound by any modified Policies.

10. Contact

If you have questions about this Policy, or about our use of your information, please
contact us at contact@notemeal.io.