Privacy Policy

Last updated: April 2026

1. Who we are

whatsmissing.health is an online nutrition assessment service operated by Zweng, Kobelweg 1, 9434 Au, Switzerland. Zweng is the controller responsible for data processing on this website. For legal inquiries, contact us at info@whatsmissing.health.

2. What data we collect

When you use our service, we process the following data:

2.1 Assessment answers

When you complete our questionnaire, your answers (age, gender, symptoms, diet, exercise habits, etc.) are processed in your browser session. This data is sent to our server only to generate your personalized results. We do not store your assessment answers in any database. Once your browser session ends, this data is gone.

2.2 Blood test images

If you upload blood test results, the images are transmitted to our server, forwarded to the Anthropic API (Claude) for analysis, and then immediately discarded. We do not store your blood test images or the values extracted from them. Anthropic does not retain data submitted through their API for model training or any other purpose, as stated in their API Privacy Policy.

2.3 Payment information

Payments are processed entirely by Stripe, Inc. We never see, handle, or store your credit card number or banking details. Stripe processes your payment data under their own privacy policy. We only receive a confirmation that a payment was successful, along with the email address you provide at checkout (for your receipt).

2.4 Technical data

Our hosting provider (Vercel) may collect standard server logs including your IP address, browser type, and the pages you visit. This data is used for security and performance purposes only. We do not use tracking cookies, analytics tools, or advertising pixels on this website. There is no Google Analytics, no Facebook Pixel, and no retargeting.

3. Health data (special category data under GDPR)

Your assessment answers and blood test results qualify as health-related data under Article 9 of the GDPR. We process this data based on your explicit consent, which you give by voluntarily completing the assessment and/or uploading your blood test.

We minimize our handling of this data by design:

We do not store health data in any database. Processing happens in real-time during your session. No user accounts are created, so there is no way to link data to a specific person. Blood test images are processed once and discarded immediately. Assessment answers exist only in your browser's session storage and are cleared when you close the tab.

4. Third-party processors

We use the following third-party services to operate:

Anthropic (Claude API) processes your assessment answers and blood test images to generate your personalized report. Anthropic is based in San Francisco, USA. Data sent to their API is not used for training and is not retained after processing. Their privacy policy is available at anthropic.com/policies/privacy.

Stripe processes your payment. Stripe is certified PCI DSS Level 1, the highest level of payment security certification. Their privacy policy is available at stripe.com/privacy.

Vercel hosts this website. Vercel may process standard server logs. Their privacy policy is available at vercel.com/legal/privacy-policy.

5. Data transfers outside the EU/EEA

Anthropic and Stripe are US-based companies. Data transfers to the United States are covered by the EU-US Data Privacy Framework, and both companies maintain appropriate safeguards for data protection. By using our service, you consent to this transfer.

6. Your rights under GDPR

Since we do not store personal data, most data subject rights (access, rectification, deletion) are fulfilled by design. There is nothing to access, correct, or delete because we do not keep your data.

If you have questions or concerns about how your data was handled during a session, please contact us at the email address listed on our Legal Notice page.

You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

This website does not use cookies for tracking, advertising, or analytics. The only data stored in your browser is session storage (your assessment answers during your visit), which is automatically cleared when you close the browser tab. No cookie consent banner is required because we do not use cookies.

8. Children

Our service is intended for adults aged 18 and older. We do not knowingly collect data from anyone under 18. Our assessment requires a minimum age of 18 to proceed.

9. Changes to this policy

We may update this privacy policy from time to time. The date at the top of this page shows when it was last revised. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at info@whatsmissing.health or see our Legal Notice page.

This is not medical advice. Our assessment is for educational purposes only and does not replace consultation with a licensed healthcare professional. If you have a medical condition, please see your doctor.