Skip to content

Legal

Privacy policy

Last updated: April 2026

At Health Appétit, your privacy matters. This policy explains what personal data we collect, why we collect it, and how we protect it. We are committed to complying with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

The data controller is Noemí, operating as Health Appétit, based in Stockholm, Sweden.

Data we collect

We collect personal data that you voluntarily provide when using our services:

  • Contact form: your name, email address, subject, and message.
  • Newsletter signup: your email address.
  • Coaching sessions: information you share during consultations.
  • Gratitude wall: your note, optional display name, optional icon, and the locale you submitted from. No email, no account, no IP stored in plain text (we keep a daily-rotating hash of your IP for anti-abuse only).
  • Blog comments: your display name (shown publicly), your comment, an optional email address (kept private — only Noemí ever sees it), and the locale and post you commented on. We also keep a daily-rotating hash of your IP for anti-abuse only.

We also collect anonymous usage data through analytics (see Cookies section below).

Gratitude wall

The gratitude wall is an anonymous, moderated space. When you submit a note, we collect only what you type into the form: the note itself, your optional display name, and an optional icon. Your locale is inferred from the URL so your note appears on the matching wall. Nothing else — no email, no account, no tracking cookies tied to submissions.

We do keep a short-lived, daily-rotating hash of your IP address (sha256 of the IP + the day) so we can enforce a per-submitter rate limit and prevent spam. The hash cannot be reversed to your IP, and it changes every day.

Approved notes appear publicly on the gratitude wall with your display name if you provided one, or as "anonymous" otherwise. Rejected notes are kept briefly for audit and then deleted. You can ask us to remove an approved note at any time — see "Your rights" below.

Blog comments

Comments on blog posts are moderated. When you submit one, we collect the name you typed (shown publicly), your comment, and an optional email — the email is only ever seen by Noemí so she can reply to you privately if she chooses, and is never shown on the site.

We also keep a short-lived, daily-rotating hash of your IP address (sha256 of the IP + the day) so we can enforce a per-submitter rate limit and prevent spam. The hash cannot be reversed to your IP and changes every day.

Approved comments appear publicly under the post with your display name and the date you submitted. Approved comments are retained indefinitely (i.e. until you ask us to remove them — see "Your rights" below). Rejected comments are kept briefly so we can audit moderation decisions and then deleted. The submitter-IP hash rotates daily, so any given hash is meaningful for at most 24 hours.

Cookies

We use a small number of cookies to ensure the website functions properly and to understand how visitors use it:

  • Necessary cookies: store your cookie consent preference. These cannot be disabled.
  • Analytics cookies: Google Analytics (GA4) collects anonymous, aggregated data about page views, site usage, and visitor demographics. IP addresses are anonymised by default. Vercel Speed Insights collects anonymous performance data (Core Web Vitals). These cookies are only enabled if you give consent (Art. 6(1)(a) GDPR). Analytics data is retained for 14 months.

You can manage your cookie preferences at any time using the cookie settings on our site.

Third-party services

We use the following third-party services to operate our website and business:

  • Resend — to send contact form emails and manage newsletter subscriptions. Your email address is shared with Resend for this purpose.
  • Vercel — to host the website and provide anonymous performance insights (Core Web Vitals via Vercel Speed Insights). Vercel may process data in the EU and the United States.
  • Google Analytics (GA4) — to understand how visitors use the site, including page views and visitor demographics. Google may process data in the EU and the United States. You can opt out at any time via our cookie settings.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct any inaccurate data.
  • Erasure: ask us to delete your personal data.
  • Restriction: ask us to limit how we process your data.
  • Portability: request your data in a portable format.
  • Objection: object to the processing of your data.

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.

Contact

If you have any questions about this privacy policy or your personal data, please contact us: noemi@healthappetit.life.

Stockholm, Sweden