Privacy policy

Last updated: 15 April 2026

1. Who we are

SUMM Nutrition is operated by Consult Blue Ltd, based in the United Kingdom. We build perimenopause tools for professional women.

Contact: hello@summnutrition.co.uk

We are the data controller for personal data collected through this platform. We are registered with the Information Commissioner's Office (ICO). Registration number pending.

2. What data we collect and why

We collect two categories of data:

Personal data

  • Email address — collected when you create a tracker account, join the waitlist, or save your symptom checker results. Used to send your sign-in link and symptom summary.
  • Professional context — industry, role level, work pattern, and organisation size. Collected optionally during tracker onboarding. Used to contextualise your results and contribute to anonymised research on perimenopause in professional women.

Health data (special category under UK GDPR)

  • Daily symptom logs — sleep quality, sleep hours, night wakes, night sweats, energy, mood, anxiety, brain fog, hot flushes, joint pain, muscle fatigue, concentration, period tracking, flow heaviness, exercise, and work impact. Logged daily by you in the tracker.
  • Symptom checker responses — your answers to the 15-question symptom assessment, including domain scores and STRAW staging.
  • Weekly logs — joint pain, concentration, anxiety, hot flush frequency, and weekly work impact.

We collect health data only to provide you with your personal symptom analysis, clinical report, and pattern insights. We do not use your individual health data for any purpose other than providing your own results back to you.

We also collect anonymous session data from the symptom checker — including symptom responses and professional context — even when no email address is provided. This data has no name or identifier attached and cannot be linked back to you unless you later provide your email.

3. Legal basis for processing

Personal data (email, professional context)

Legal basis: legitimate interests and contract performance. You provide your email to access the tracker. We process it to deliver the service you have requested.

Health data (symptom logs, checker responses)

Legal basis: explicit consent. Health data is special category data under UK GDPR Article 9. By creating a tracker account and logging symptoms, you explicitly consent to us storing and processing this data to provide your results. You can withdraw consent at any time by deleting your account.

Anonymous symptom checker data

Legal basis: legitimate interests. Anonymous responses with no email attached cannot be linked to an individual and do not constitute personal data under UK GDPR.

4. Who we share your data with

We share data with the following third-party services only:

Klaviyo (United States)

What we send: email address, account creation date, tracker activity metadata (day number, streak count). No health data.

Why: email delivery and marketing communications.

Resend (United States)

What we send: email address and sign-in link.

Why: delivering your magic link sign-in email.

Cloudflare (United States)

What we send: all platform data is stored in Cloudflare D1 databases and processed by Cloudflare Workers.

Why: platform infrastructure and data storage.

Sanity (Norway)

What we send: no personal data. Read-only content queries only.

Why: content management for platform copy.

We do not share your data with Google, Meta, or any advertising network. We do not sell your data. We do not share your health data with any third party.

5. Data storage and retention

All personal and health data is stored in Cloudflare D1 databases.

We retain your data for as long as you have an active account. If you delete your account, all your personal data and health logs are permanently deleted from our systems. This includes your email, daily logs, symptom checker results, and all associated records.

We do not currently have automatic data retention limits. Data is kept until you choose to delete it.

6. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (right to erasure) — you can do this directly from the tracker dashboard at any time
  • Withdraw consent for processing health data at any time
  • Data portability — request a copy of your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Lodge a complaint with the ICO at ico.org.uk

To exercise any right other than account deletion (which you can do yourself in the dashboard), email hello@summnutrition.co.uk

We will respond within 30 days.

7. Security

Your symptom and health data never leaves our infrastructure in identifiable form. We do not send health data to any external service.

Access to your tracker requires a time-limited magic link sent to your email. No passwords are stored.

Authentication tokens expire after 30 days.

8. Children

SUMM is not intended for anyone under 18. We do not knowingly collect data from anyone under 18.

9. Changes to this policy

We will update this page when our data practices change and note the date at the top. Continued use of the platform after changes constitutes acceptance.

10. Contact

For any privacy question: hello@summnutrition.co.uk