Legal
Privacy Policy
Effective date: 16 June 2026
Last updated: 16 June 2026
This Privacy Policy describes how WedCut ("we," "us," "our," "the app") collects, uses, discloses, and protects your information. WedCut is operated by Paul Lemon, an individual sole trader operating in the United Kingdom under the trading name "WedCut" (hereafter "WedCut").
By using WedCut you agree to this Policy. If you do not agree, please do not use the app.
1. Who we are and how to contact us
- Trading name: WedCut
- Operator: Paul Lemon (sole trader, United Kingdom)
- Contact email: team@wedcut.com
- Postal address: Available on request — please email team@wedcut.com
For UK GDPR purposes the operator is the data controller.
2. Information we collect
2.1 Information you provide
- Account information: your email address and password (or your Sign in with Apple / Sign in with Google identifier if you use social sign-in)
- Profile: display name, age, height, sex assigned at birth, activity level
- Health and wellness data: weight entries, waist measurements (only if you set a dress-size goal), calorie log entries, water intake, foods and recipes you create
- Wedding event information: your wedding date, group name, the wedding-party members you invite via single-use codes
- Preferences: unit display (imperial / metric / kcal / kJ), notification toggles, group sharing toggles, quiet-mode setting
2.2 Information we collect automatically
- Authentication tokens managed by our backend provider, Supabase
- Push notification tokens — only if you opt into the Group Activity notification category in Settings
- Crash and error reports — anonymous diagnostic data via standard mobile platform tooling, so we can fix bugs
2.3 Information we do NOT collect
We deliberately limit what we collect:
- We do not collect your contacts list
- We do not collect your precise location
- We do not access your photo library or camera roll (the camera is used only for in-the-moment barcode scanning; barcodes are not photographs and no images are retained)
- We do not collect or use advertising identifiers (IDFA / Android Advertising ID)
- We do not share your data with advertisers
- We do not sell your data to anyone, ever
- We do not participate in any cross-app or cross-site tracking
3. Legal bases for processing (UK / EU)
If you are in the United Kingdom or the European Economic Area, our legal bases under the UK GDPR / EU GDPR are:
- Contract — processing your account information and the health data you log is necessary to provide the service you signed up for
- Consent — for push notifications, optional sharing toggles, and any analytics beyond crash diagnostics. You can withdraw consent at any time via in-app Settings
- Legitimate interests — for security, abuse prevention (including the trial-reuse ledger), and crash diagnostics, where those interests are not overridden by your fundamental rights
- Legal obligation — for tax records and any data we must keep to respond to lawful requests
4. How we use your information
- To compute your daily calorie target, weight or waist progress, and milestone events
- To show your group only the information you have explicitly chosen to share (see Section 5)
- To send the notifications you have opted into
- To process subscription payments through Apple App Store or Google Play (we do not see your payment card; Apple and Google handle the transaction)
- To maintain security and prevent abuse (including a hashed-email ledger that prevents trial reuse)
- To diagnose crashes and fix bugs
We do not use your data for advertising, profiling, or third-party marketing.
5. Privacy by default in groups
WedCut is designed around privacy by default:
- Every "What I share" toggle in a group is off by default
- Your weight, calorie targets, food log, and goals are never visible to other group members unless you explicitly enable specific toggles
- When you enable a toggle, the data shared is the minimum that powers the surface (for example, "Logged meals" reveals only that you logged a meal — never the calories)
- Other group members never see numerical weight values — only relative progress percentages, and only if you opt in
- The "Go quiet" toggle lets you disappear from the group feed for a day or week without changing your other settings
- The Reports feature is anonymous — the member you report is not told that you reported them
- Chat messages within a group are visible only to other active members of that same group
6. How long we keep your data
- While your account is active: indefinitely
- After you delete your account (Settings → Danger zone → Delete account): your profile, goals, log entries, weight entries, waist entries, recipes, group memberships, feed events, chat messages, and reactions are permanently removed immediately. Your authentication record may persist briefly for security audit before being removed.
- Backups taken by our backend provider may retain residual data for up to 30 days before they expire on their own schedule.
- Trial-grant ledger: to prevent abuse of free trials, we keep a one-way SHA-256 hash of your email address indefinitely. This hash is not reversible and cannot be used to identify you in any other context.
7. Who can see your data
- You — at all times, including via in-app CSV export (Settings → Data export)
- Co-members of your group — only the specific fields you have opted to share via the Group → "What I share" toggles
- Our team — only when investigating a support request you submit or a report filed against you
- Service providers (each bound by data-protection terms appropriate to its role):
- Supabase Inc. (supabase.com) — database, authentication, edge functions, realtime
- RevenueCat, Inc. (revenuecat.com) — subscription management
- Expo, Inc. (expo.dev) — push notification delivery
- Apple Inc. and Google LLC — in-app purchases and platform-level diagnostics
- Open Food Facts, USDA FoodData Central, FatSecret Platform — food database lookups; only the search term or barcode you enter is sent to these services, never your personal account data
- Law enforcement — only if compelled by valid legal process
We do not sell, rent, or lease your data to anyone.
8. Where your data is stored (international transfers)
Our primary backend (Supabase) hosts your data in the eu-west-1 region (Ireland). Data may briefly transit through other regions for backups and CDN delivery operated by our service providers.
If you are outside the EU/UK, your data is transferred to and stored in Ireland under appropriate safeguards, including Supabase's Data Processing Addendum and Standard Contractual Clauses where required.
9. Your rights
You have the following rights regardless of where you live; the specifics vary slightly by jurisdiction (UK GDPR, EU GDPR, California CCPA / CPRA, Australia Privacy Act, New Zealand Privacy Act 2020 all give you analogous rights):
- Access — use the in-app CSV export (Settings → Data export) or email us
- Rectification / correction — edit your profile in-app, or email us
- Erasure / deletion — Settings → Danger zone → Delete account
- Portability — use the in-app CSV export
- Object / restrict processing — email us at team@wedcut.com
- Withdraw consent — flip any sharing or notification toggle off; email us for anything not exposed in-app
- Complain to a supervisory authority — UK users may complain to the Information Commissioner's Office (ico.org.uk); EU users to their national data protection authority; California users to the California Privacy Protection Agency
We will respond to verifiable rights requests within the applicable legal deadline (one month under UK / EU GDPR; 45 days under CCPA).
10. Children's privacy
WedCut is intended for users aged 18 and over. We block sign-ups for users who report being under 18 during onboarding and do not knowingly collect data from minors. If you believe a minor has created an account, please email us at team@wedcut.com and we will delete it.
This restriction exists because weight-loss and food-logging features carry real risks for younger users, and because clinically supervised tools are more appropriate for under-18s.
11. Safety and medical disclaimer
WedCut is not a medical device, not a diet plan, and does not provide medical, nutritional, or psychological advice. If you are struggling with food, eating, weight, body image, or related issues, please reach out to a qualified professional or a recognised support service:
- United Kingdom — Beat: beateatingdisorders.org.uk
- Ireland — Bodywhys: bodywhys.ie
- United States — Alliance for Eating Disorders: allianceforeatingdisorders.com/find-help
- Canada — NEDIC: nedic.ca
- Australia — Butterfly Foundation: butterfly.org.au
- New Zealand — EDANZ: ed.org.nz
12. Security
- All data is encrypted in transit using TLS 1.3
- Authentication tokens are encrypted at rest by our authentication provider
- Database access is governed by row-level security (RLS) policies that enforce per-user and per-group boundaries at the database layer (not just at the application layer)
- We do not store passwords ourselves — authentication is delegated to industry-standard providers (Supabase Auth, Apple, Google)
- We use the principle of least privilege for any internal access
No system is perfectly secure. If you believe your account has been compromised or you have spotted a security issue, please email team@wedcut.com.
13. Changes to this policy
We will post any changes here and update the "Last updated" date above. Material changes will be communicated in-app the next time you open WedCut. Your continued use of the app after a change indicates your acceptance of the updated policy.
14. Contact
For any privacy-related question or to exercise your rights, please email team@wedcut.com.