Privacy Policy

Last updated: 16 April 2026

1. Who we are

SlimNiece ("we", "us", "our") is a wellness platform operated at slimniece.com. We help teenage girls and young women manage their health through science-backed tools. Contact: support@slimniece.com.

2. What data we collect

Account data: name, email address, password (hashed — never stored in plain text). Health data you voluntarily enter: weight logs, BMI calculations, TDEE calculations, body fat %, nutrition logs, workout logs, goals. Usage data: pages visited, features used, timestamps. Device data: browser type, IP address (used for security only).

3. How we use your data

To provide the service — display your health data, run calculations, generate AI insights. To improve the service — aggregate, anonymised analytics. To communicate — email verification, password reset, product updates you've opted into. We do not sell your data to any third party. We do not use your health data for advertising.

4. Data storage and security

Data is stored on Neon PostgreSQL servers hosted on AWS (ap-southeast-1). Passwords are hashed using PBKDF2-SHA256 with 100,000 iterations. All connections use TLS/SSL encryption. Sessions use httpOnly cookies to prevent XSS access.

5. Data retention

Your data is retained for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.

6. Your rights

You have the right to: access a copy of your data, correct inaccurate data (Settings → Profile), delete your account and all associated data (Settings → Account → Danger zone), withdraw consent for marketing emails at any time. To exercise any right, email support@slimniece.com.

7. Cookies

We use a single session cookie (sn_session, httpOnly) for authentication. We do not use tracking cookies or third-party advertising cookies. Analytics are cookieless (Vercel Analytics).

8. Third-party services

Neon (database hosting), Vercel (hosting and deployment), Resend (transactional email), xAI/Grok (AI weight insights — only aggregated trend data is sent, never personal identifiers). Each provider is bound by their own privacy policies.

9. Children and teenagers

SlimNiece is designed for users aged 13 and over. Users under 18 are encouraged to use the platform with parental awareness. We do not knowingly collect data from children under 13.

10. Changes to this policy

We will notify registered users by email of material changes to this policy. Continued use of the service after notification constitutes acceptance.