Privacy & UK GDPR policy
Last updated: 14 March 2026
This policy explains how Nutriphaselife (“we”, “us”, “our”) collects, uses, shares and protects personal data. It is written to support UK requirements, including the UK GDPR and the Data Protection Act 2018.
1. Data controller
Nutriphaselife is the data controller for personal data processed via our website and our customer support channels.
2. What personal data we collect
Contact details: name, email address, and website URL (if provided when leaving comments).
Account data: login credentials, user profile information, and screen display preferences.
Content data: comments left on the site and any media/images you upload. Please note that images may contain embedded location data (EXIF GPS).
Technical data: IP address, browser user agent string, and cookie data.
Anonymized data: an anonymized string created from your email address (a hash) may be provided to the Gravatar service.
3. How we use personal data and our lawful bases
We use personal data for the purposes below, relying on one or more lawful bases under UK GDPR:
To provide products/services: managing user accounts and profiles (performance of a contract).
To manage site interactions: processing comments and displaying profile pictures via Gravatar (legitimate interests).
To ensure site security: using IP addresses and browser data for spam detection and password reset requests (legitimate interests).
To improve user experience: remembering your details and display settings via cookies (legitimate interests).
To comply with legal obligations: retaining data as required for administrative, legal, or security purposes (legal obligation).
4. Cookies and similar technologies
We use cookies to enhance your experience. Specific cookies include:
Comment cookies: save your name, email, and website for one year for your convenience.
Login cookies: temporary cookies discarded when you close your browser; persistent login cookies last for two days (or two weeks if “Remember Me” is selected).
Screen preference cookies: last for one year.
Editor cookies: stored for one day to indicate the post ID of an article you edited.
For more details, please see our full Cookies Policy.
5. Sharing and disclosures
We may share personal data with trusted third parties where necessary:
Automated spam detection services for visitor comments.
The Gravatar service (Automattic) to check for profile picture usage.
Website administrators who can view and edit user profile information.
Regulators or law enforcement where required by law.
We do not sell your personal data.
6. International transfers
Some providers, such as Automattic (Gravatar), may process data outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as approved contractual protections.
7. Data retention
Comment data: the comment and its metadata are retained indefinitely to recognize and approve follow-up comments automatically.
User profiles: for registered users, we store personal information in user profiles until the user deletes it or the account is closed.
Technical data: login and session cookies expire according to the timeframes noted in section 4.
8. Security
We use reasonable technical and organisational measures designed to protect personal data, such as IP-based spam filtering and hashed email strings. However, no method of transmission or storage is completely secure. We advise users not to upload images with embedded location data.
9. Your rights (UK)
Subject to certain conditions, you have rights including:
access to a file of the personal data we hold about you;
correction of inaccurate data;
erasure of your personal data (“right to be forgotten”), excluding data kept for legal or security purposes;
restriction of processing;
data portability;
objection to processing.
To exercise your rights, contact us at [email protected].
10. Complaints
If you have concerns, please contact us first so we can try to resolve them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
11. Children
Our services are not intended for children under 13. If you believe a child has provided us with personal data, please contact us.
12. Changes to this policy
We may update this policy from time to time. We will update the “Last updated” date at the top of this page.