Privacy Policy
Effective Date: 25 November 2026 · Last updated: 14 March 2026
1. Who We Are
CookJam ("we", "our", or "us") is operated by Excel Collective Ltd, a UK-based company providing digital tools for dietary guidance and clinical IBS management.
We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Excel Collective Ltd is the Data Controller for personal data collected through CookJam, except where clinicians use the platform to manage patient care, in which case the clinician acts as the Data Controller and CookJam acts as a Data Processor.
Contact
Data Protection Responsibility
Excel Collective Ltd is responsible for ensuring compliance with UK data protection law. If you have questions about how your personal data is handled, contact our data protection team at privacy@excelcollective.co.uk.
2. Our Commitment to Your Privacy
Your privacy matters. CookJam is designed to respect your data, protect your information, and keep you in control.
This policy explains what data we collect, how we use it, and your rights.
3. Who This Policy Covers
This policy applies to:
- General users and patients who use the CookJam app or website.
- Dietitians and healthcare professionals who use CookJam to manage patient care.
4. What Data We Collect
We only collect information necessary to provide and improve our services.
a. Information You Provide
- Name, email address, and account details
- Profile or clinic information (for professionals)
- Messages or feedback sent to us
- Data you enter into the app, including dietary logs, food preferences, equipment settings, and meal plans
- Symptom Tracker data, including symptom severity ratings, lifestyle and dietary factors, bowel habits, sleep quality, exercise, hydration, caffeine and alcohol intake, medication and supplement records, menstrual cycle data, and any custom tracking items you create
- Community product review data, including star ratings, optional written feedback, symptoms improved or worsened, side effects experienced, digestive condition, age range, and duration of use (when you choose to submit a product review)
b. Health and Special Category Data (Patients)
If you use CookJam for IBS or dietary management, you may input health-related data through features such as the Symptom Tracker. This includes symptom severity scores, bowel habits (Bristol Stool Scale), menstrual cycle data, medication records, and other health-related information you choose to log. This is considered special category data under the UK GDPR. We only process it with your explicit consent and solely for providing our service.
All health data you enter is stored securely and is accessible only to you and any clinician you choose to connect with.
CookJam does not routinely access or review individual health data unless required to provide technical support, maintain the service, ensure security, or comply with legal obligations.
c. Data from Dietitians
If you are a dietitian, you may enter or view your patients' data. In this case:
- You act as the Data Controller (you decide what is collected and why).
- CookJam acts as your Data Processor, processing data on your behalf. A Data Processing Agreement forms part of our Professional Terms.
d. Automatically Collected Data
We collect minimal technical data to make the app work, such as:
- Device type, OS version, and connection logs (for security)
- Local settings (e.g., theme, preferences)
We do not collect analytics or advertising data.
5. Cookies and Local Storage
CookJam uses only essential cookies and local storage required for authentication, security, and core functionality of the platform.
We do not use analytics cookies, advertising cookies, or third-party tracking technologies.
6. Artificial Intelligence
CookJam does not use artificial intelligence or machine learning to process user data. All features are delivered using deterministic software logic written in code, and user data is not used to train AI models.
7. How We Use Your Data
We use your data to:
- Deliver the CookJam app and its core functions
- Respond to your enquiries and provide support
- Help dietitians manage patients safely and effectively
- Generate insights and visual reports from your Symptom Tracker data, such as trend charts and summary statistics
- Enable you to download your health data as PDF reports for your own records or to share with healthcare professionals
- Maintain security and service reliability
- Improve user experience (without profiling or advertising)
We do not:
- Sell or share your data with third parties
- Use your data for marketing unless you've opted in
- Use third-party cookies or analytics trackers
8. Symptom Tracker Insights and Reports
The Symptom Tracker allows you to log health data over time and view visual insights, including trend charts and summary statistics. These insights are generated from data you have entered and are visible only to you within your account.
PDF Reports
You can download your Symptom Tracker data as a PDF report. These reports are generated entirely on your device (client-side) and are not transmitted to or stored on our servers. The PDF includes your symptom and lifestyle data, trend graphs, and summary statistics covering the full period from your first log entry to the present date.
Privacy by design: Downloaded reports do not contain any personally identifying information such as your name, email address, or account details. This means you can share a report without revealing your identity on the platform.
Once downloaded, the report is stored on your device only. We have no access to, and do not retain any copy of, your downloaded reports. You are responsible for storing and sharing your reports securely.
9. Community Product Reviews
CookJam includes a Community Product Reviews feature, where users can submit structured reviews of digestive health supplements and products.
What is collected
When you submit a product review, we collect:
- Star ratings and optional written feedback
- Structured health-related data including symptoms improved or worsened, side effects experienced, digestive condition, age range, and duration of use
Health-related data in product reviews (such as symptoms and digestive conditions) constitutes special category data under UK GDPR and is processed only with your explicit consent.
How reviews are used
- Your review contributes to anonymised community insights visible to all CookJam users.
- Aggregated insights are only displayed when a minimum of 3 reviews exist for a product, ensuring no individual can be identified from the data.
- Your identity is never displayed publicly alongside your review.
Your control
- You can view all your submitted reviews from your account at any time.
- You can delete any of your reviews at any time. Deletion removes your review from community insights permanently.
10. Sharing Data with Healthcare Professionals
CookJam gives you tools to share your health information with healthcare professionals (such as dietitians or doctors). Sharing is always initiated by you and is never automatic.
a. How Sharing Works
- PDF reports: You can download your Symptom Tracker report and share it with anyone you choose, outside of CookJam (for example, by email or in person). We have no visibility of who you share your report with.
- Clinician connections: If you connect with a dietitian through CookJam, they may share meal plans with you and communicate via in-app messaging. You must explicitly accept an invitation before any data is shared between you and a clinician.
b. Your Control
- You choose whether to download reports and who to share them with.
- You can disconnect from a clinician at any time, which stops further data sharing through the platform.
- We do not share your health data with any third party, healthcare professional, or external service without your explicit action.
c. Clinical Responsibility Disclaimer
CookJam provides digital tools to support dietary guidance, symptom tracking, and communication between users and healthcare professionals. It does not replace professional medical advice, diagnosis, or treatment. Clinical decisions remain the responsibility of qualified healthcare professionals.
11. Lawful Basis for Processing
| Purpose |
Lawful Basis |
| Running your account and providing the app | Contractual necessity |
| Responding to support or enquiries | Legitimate interests |
| Processing patient health data | Explicit consent (Article 9(2)(a)) |
| Processing data for clinicians | Contractual necessity and legitimate interests |
| Generating Symptom Tracker insights and downloadable reports | Explicit consent (Article 9(2)(a)) and contractual necessity |
| Processing health data submitted in community product reviews | Explicit consent (Article 9(2)(a)) |
12. Data Security and Storage
We store data securely using Supabase, hosted in the UK and/or EU. Access is restricted to authorised personnel where required for operational or support purposes. All transmissions are encrypted.
We implement technical and organisational safeguards appropriate for processing special category health data.
We conduct regular security reviews and follow NHS DSPT and ICO guidance.
We use reputable cloud service providers to host and process data. All data is encrypted in transit using TLS and encrypted at rest using industry-standard encryption (including AES-256) as provided by these platforms. These measures form part of our technical and organisational controls under Article 32 of the UK GDPR, supporting the confidentiality, integrity and availability of personal data, including special category health data. Supabase and AWS act as data processors on our behalf under appropriate data processing agreements.
Symptom Tracker PDF reports contain no personally identifying information by design.
Data Breach Response
If a personal data breach occurs that is likely to result in a risk to individuals' rights or freedoms, we will notify the Information Commissioner's Office (ICO) and affected users in accordance with UK GDPR requirements.
We maintain internal procedures for responding to security incidents and personal data breaches.
13. Third Party Service Providers
We use carefully selected service providers to operate our platform. These providers process data on our behalf under data processing agreements compliant with UK GDPR.
These include:
- Supabase — database hosting and infrastructure, including storage of your account data and health logs
- Amazon Web Services (AWS) — cloud infrastructure, file storage (S3), and content delivery (CloudFront)
- Stripe — payment processing for appointment bookings (card details are handled entirely by Stripe and never seen or stored by CookJam)
These providers store data within the United Kingdom or the European Economic Area. We do not permit them to use your data for their own purposes. All providers are contractually bound to protect your data in line with UK GDPR requirements.
We do not sell data to, or share data with, any advertising networks, data brokers, or other third parties beyond those listed above.
14. How Long We Keep Your Data
We retain personal data only for as long as necessary to provide the CookJam service and meet legal obligations:
- Active account data: retained while your account is active.
- User deletion: You may delete your account at any time. Upon confirmation, your account is immediately deactivated and your data is restricted from any active use for a 10-day grace period, during which you may recover your account by logging back in. After this period, your personal data is irreversibly anonymised, and any connected clinicians will no longer have access to it through the platform.
- Financial and legal records: We may retain limited records related to payments, subscriptions, or legal obligations for the period required by law.
- Backups: Deleted data may persist temporarily in encrypted system backups for a limited period before being automatically removed.
Following account deletion and the expiry of the grace period, we retain fully anonymised data that can no longer be linked to you or any identifiable individual. This anonymisation is irreversible. The anonymised data is used solely for research, product improvement, and generating aggregated insights.
Clinicians may download reports or records for their own clinical documentation before a patient deletes their account. CookJam does not control how clinicians store information outside the platform.
15. Age and Consent
- Users aged 16 or over can provide their own consent.
- Users under 16 require consent from a parent or guardian unless a clinician determines that the user is Gillick competent.
- Parents/guardians may consent on behalf of users who are not deemed competent.
16. Your Rights
CookJam does not carry out automated decision making or profiling that produces legal or similarly significant effects.
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Withdraw consent at any time
- Restrict or object to processing
- Request a copy of your data (data portability)
To exercise these rights, email privacy@excelcollective.co.uk.
We respond to data protection requests in accordance with UK GDPR timeframes.
If you're not satisfied, you may complain to the Information Commissioner's Office (ICO): ico.org.uk.
17. Updates
We may update this policy if laws change or our practices evolve. We'll notify you if changes are significant.
Last updated: 14 March 2026
18. Email Communications
We send emails to support your use of CookJam. These fall into two categories:
a. Essential Service Emails
These emails are always sent and cannot be disabled, including:
- One-time password (OTP) logins for authentication
- Account deletion confirmations
- Booking and appointment confirmations and reminders
- Clinician verification and licence expiry notifications
- Profile update confirmations
- Patient or clinician invitations
These emails are necessary for the operation of the platform and to meet legal and regulatory obligations.
b. User-Enabled Notifications
These are sent only if you choose to receive them, including:
- Generic reminders such as food expiry notifications or meal planning prompts
You can manage your preferences for these notifications in your account settings or by following unsubscribe links in the emails.
c. No Marketing Emails
We do not send promotional marketing emails to your CookJam email address. We may send service-related communications such as policy updates, platform outages, or information you request about our service.
By creating an account, you agree to receive essential service emails. Opting out of optional notifications does not affect your ability to use the platform, but essential emails cannot be unsubscribed from.