Privacy Policy
Last updated: 16 November 2025
Introduction
This Privacy Notice for SHINE DEVELOPMENT AND AI TECHNOLOGIES LTD (doing business as Shine AI)
(‘we’, ‘us’, or ‘our’) describes how and why we may access, collect, store, use, and/or share
(‘process’) your personal information when you use our services (‘Services’), including when you:
- Visit our website at https://shine-official.net/ or any
website of ours that links to this Privacy Notice.
- Download and use our mobile application Median Expert, or any other
application of ours that links to this Privacy Notice.
- Engage with us in related ways, including customer support, billing enquiries, or events.
Questions or concerns? Reading this Privacy Notice will help you understand
your privacy rights and choices. If you do not agree with our policies, please do not use our
Services. You may contact us at info@shine-official.net or
median.ai.official@gmail.com.
Summary of Key Points
This section highlights key points from our Privacy Notice for the Median Expert dietitian application. You can find more details in the full Notice below or by navigating through the table of contents.
-
What personal information do we process?
When using Median Expert, we may process information you provide to build and operate your professional account. This includes identity information from your chosen sign‑in provider (Google or Apple), optional phone number (for support and administrative WhatsApp messages only), your professional details (country, city, specialties, experience, languages, optional clinic information), your bio, and your profile photo. We also process the content you submit (e.g., messages, recommendations, client notes) and standard device/service logs. When you connect with clients, we process and display their nutrition reports solely to provide the Service. Learn more.
-
Do we process sensitive information?
We do not require your own health data. However, when you connect with a client, their nutrition or health‑related information may be displayed to you. This may qualify as “special category data” and is processed only as required to provide the Service and, where needed, under the client’s consent in the Median client app. Learn more.
-
Do we collect information from third parties?
Yes. When you sign in with Google or Apple, we receive basic identity information such as your name, email address, and profile photo. We do not purchase data from third parties or scrape personal information from external sources. We also use service providers (Firebase, Twilio for WhatsApp administrative messages, app store billing, AI providers for de‑identified content generation). Learn more.
-
How do we process your information?
We process your information to authenticate your account (via Google or Apple), operate and improve Median Expert, display and manage client reports, provide secure messaging and professional tools, manage subscriptions, prevent fraud, maintain security, and provide support. Administrative communications may be sent through WhatsApp if you voluntarily provide your number. Learn more.
-
When do we share your information?
We share information only with service providers that help us operate the Service—Firebase, Google/Apple identity services, Twilio for WhatsApp administrative messages (not verification), app store billing providers, Paddle (where applicable), and AI providers for de‑identified content generation. We do not sell personal information. Learn more.
-
How do we keep your information safe?
We use technical and organisational safeguards including encryption, Firebase Security Rules, App Check, role‑based access, and logging. No system is 100% secure. Learn more.
-
Your rights:
Depending on your location, you may have rights under GDPR, UK GDPR, CPRA, and other laws—such as access, correction, deletion, portability, and objection. Learn more.
-
How to exercise your rights:
Use any in-app tools for deletion/export, or contact us at median.ai.official@gmail.com or info@shine-official.net. Learn more.
To read the full explanation of how we use your information, see the complete Privacy Notice.
1. What Information Do We Collect?
Personal information you disclose to us
In short: We collect information you voluntarily provide when you use our Services.
This includes information provided during registration or sign‑in, when contacting support,
when using professional tools, when submitting content, or when connecting with clients.
Categories of personal information
- Identity provider data: Basic account information from Google or Apple when you sign in, such as your name, email address, profile photo (if available), and unique identifiers required for authentication. We do not receive your Google or Apple password.
- Optional contact details: If you choose to add a phone number, we may use it for service‑related or administrative WhatsApp messages (no marketing). It is not used for login or verification.
- Professional profile: Country, city, years of experience, specialties, languages, clinic/organization (optional), additional contact information (optional), bio, and profile photo.
- Professional content: Messages, recommendations, notes, and plans you create and send to clients through the app.
- Connected client data: If you connect with a client, their nutrition reports and related information are displayed to you strictly for providing the Service. Such data is processed under the client’s consent in the Median client app.
- Service and system logs: Device information, timestamps, IP address, and diagnostic events collected by Firebase for security, reliability, and abuse prevention.
Sensitive data
We do not collect your own health data. However, connected clients’ health‑related information may qualify as
“special category data” and is processed only as needed to provide the Service and—with client consent—within
the client app.
Payment data
If subscriptions or purchases are available, they are processed by Google Play Billing, Apple In‑App Purchases,
or Paddle (web). We do not store full payment card numbers or security codes.
Information we do not collect
- Precise geolocation
- Device contacts, files, or photos (unless you upload a profile photo)
- Sensor data (microphone, motion, etc.)
- Advertising identifiers or third‑party ad network data
For how we use this information, see How we process your information.
2. How Do We Process Your Information?
In short: We process your information to operate, improve, and secure the Service; authenticate you; support your professional interactions; and comply with the law.
Purposes of processing
- Account creation and authentication: To let you sign in using Google or Apple and maintain your account.
- Service delivery: To provide professional tools such as messaging, viewing client reports, drafting recommendations, and managing your connections.
- Personalisation: To tailor the app experience to your professional details and settings.
- Customer support: To resolve issues and respond to enquiries.
- Administrative communication: To send service‑related notices via email, in‑app messages, or optional WhatsApp administrative messages (no marketing).
- Billing and subscriptions: To fulfil purchases and manage subscriptions through app-store providers or Paddle.
- Fraud prevention: To prevent abuse (e.g., free‑trial abuse) using hashed identifiers.
- Security and integrity: To monitor for misuse and ensure reliability.
- Improvement: To analyse aggregate, de‑identified usage patterns.
- Legal obligations and vital interests: To comply with law or protect individuals.
AI-assisted features
- AI tools may help draft recommendations, messages, and templates.
- No client health or personal data is sent to AI providers. Prompts are de‑identified.
- OpenAI and Google AI are used only for generic content generation and do not train on our data.
- We may analyse de‑identified aggregate usage to improve these features.
3. What Legal Bases Do We Rely On?
In short: We process personal information under consent, contract performance, legitimate interests, legal obligations, or vital interests where applicable.
EU/EEA and UK users (GDPR/UK GDPR)
- Consent: For special-category data (client data shown to you) and optional features such as WhatsApp administrative messages.
- Contract: To provide the Service and manage your account and purchases.
- Legitimate interests: To improve the Service, prevent abuse, maintain security, and send administrative notices.
- Legal obligations: To comply with applicable law.
- Vital interests: To help protect individuals.
4. When and With Whom Do We Share Your Personal Information?
In short: We only share your information with service providers acting on our behalf or where required by law. We do not sell personal information.
| Category |
Vendor(s) |
Purpose |
Notes |
| Cloud hosting |
Google Firebase |
Hosting, database, logs, authentication infrastructure |
Located in us-central1 |
| Identity providers |
Google, Apple |
Account authentication |
We do not receive passwords; only limited profile data |
| WhatsApp administrative messaging |
Twilio |
Optional administrative WhatsApp messages (no marketing) |
Phone number provided voluntarily; not used for login |
| App-store billing |
Google Play, Apple IAP |
Subscriptions and purchases |
No card numbers shared with us |
| Payment processing (web) |
Paddle |
Web payments |
Limited metadata shared |
| AI content services |
OpenAI, Google AI |
De-identified content generation |
No client data; no training on our data |
Other sharing situations
- Legal requests: To comply with law.
- Business transfers: In the event of mergers or acquisitions.
5. Do We Offer AI-Based Features?
Yes. We use AI tools solely to help generate general content such as recommendations and templates. These tools are not a substitute for professional advice.
- We use Google and OpenAI models for de‑identified prompts only.
- No health or personal client data is sent to AI providers.
- AI providers do not train on our data.
6. International Transfers
We may transfer your personal information to the United States and other regions where our service providers operate. When required, we rely on Standard Contractual Clauses and other safeguards.
7. How Long Do We Keep Your Information?
In short: We keep personal information only as long as necessary for the purposes described in this Notice, unless longer retention is required or allowed by law (e.g., tax, accounting, security, or legal compliance).
Our retention approach
- Active accounts: We retain your professional profile, submitted content, and settings while your Median Expert account remains active to provide and personalise the Service.
- Account deletion: If you delete your account, your personal data is removed from active systems promptly. Operational backups may persist for up to 30 days before being automatically purged.
- Abuse prevention: To protect free-trial integrity, we retain a one-way hashed token (formerly derived from phone-based registration) for 12 months. This hash cannot be used to contact you and is stored securely and separately, solely for fraud prevention purposes.
- Payment and compliance: Limited payment metadata (e.g., transaction IDs, status) may be retained to comply with financial regulations and for fraud prevention, refunds, or chargebacks.
When we no longer have a legitimate business need to process your personal information, we will delete or de-identify it. If immediate deletion is not possible (e.g., due to backups), the data will be isolated and securely stored until deletion becomes possible.
You can request deletion or access your data at any time. See How to review, update, or delete your data.
8. How Do We Keep Your Information Safe?
In short: We implement a range of technical and organisational safeguards to protect your personal information from unauthorised access or misuse.
- Encryption: All personal data is encrypted in transit (TLS) and at rest.
- Access control: Data access is restricted using role-based permissions and least-privilege principles. Administrative access is logged and regularly reviewed.
- Firebase security: Firebase Security Rules enforce access restrictions; App Check is enabled to verify legitimate devices and apps.
- Secure infrastructure: No public buckets are used. All infrastructure is actively monitored to detect abuse and vulnerabilities.
While we take strong precautions, no digital system can be completely secure. We cannot guarantee that unauthorised third parties will never overcome our safeguards. Please use the Services in a secure environment and contact us if you suspect any unauthorised activity.
9. Do We Collect Information from Minors?
In short: No. We do not knowingly collect or solicit data from children under 13 (or 16 in the EEA/UK, where applicable).
By using the Services, you confirm that you meet the minimum age requirement or are the parent/legal guardian authorising the minor’s use. If we discover that we have inadvertently collected personal data from a minor without valid consent, we will delete it and deactivate the account.
To report a concern, contact us at median.ai.official@gmail.com or info@shine-official.net.
10. What Are Your Privacy Rights?
In short: Depending on your location (e.g., EEA, UK, Switzerland, Canada, or certain U.S. states), you may have rights to access, correct, delete, restrict, or object to processing of your personal information. You may also withdraw consent where applicable.
Your rights may include:
- Access: Request a copy of your personal data.
- Correction: Update inaccurate or incomplete information.
- Deletion: Request deletion of your data (subject to legal limits).
- Restriction: Ask us to limit how we use your data in certain cases.
- Portability: Receive your data in a structured, portable format.
- Objection: Object to certain processing (e.g., profiling or legitimate interest-based uses).
- Automated decisions: Decline decisions made solely by algorithms. Note: we do not use automated decisions with legal or similarly significant effects.
- Withdraw consent: If processing relies on your consent (e.g., display of special-category client data), you may withdraw it at any time. This will not affect past lawful processing.
How to exercise your rights
- In-app: Use the account deletion option within the Median Expert app to remove your data and disconnect from clients.
- Email: Contact median.ai.official@gmail.com or info@shine-official.net.
We will respond in accordance with applicable laws, typically within 30 days.
Supervisory authorities
EEA users may contact their local data protection authority. UK users may contact the Information Commissioner’s Office (ICO). Swiss users may contact the FDPIC.
Managing your account
- Update information: Sign in to review or change your profile details.
- Delete your account: Use the in-app feature to delete your account and remove your data. Backups are purged within 30 days; anti-abuse hashes are retained for 12 months to protect Service integrity. See Retention.
For additional questions, contact us at median.ai.official@gmail.com.
11. Controls for Do-Not-Track Features
Some browsers and mobile systems include Do-Not-Track (“DNT”) settings to signal your privacy preferences. As there is no consistent industry standard for DNT signals, we do not currently respond to them.
If a standard is adopted that we must follow, we will update this Privacy Notice accordingly.
12. Do United States Residents Have Specific Privacy Rights?
In short: Yes. Depending on your U.S. state, you may have additional rights to access, correct, delete, or opt out of certain processing of your personal information.
Personal information collected (past 12 months)
| Category |
Examples |
Collected |
| A. Identifiers |
Email address, name, IP address, identity provider ID |
Yes |
| B. Protected classifications |
Race, gender, etc. |
No |
| C. Commercial data |
Purchases, subscriptions |
Yes |
| D. Biometric data |
Voice, fingerprints |
No |
| E. Usage data |
Device info, timestamps, diagnostics |
Yes |
| F. Geolocation |
Precise GPS data |
No |
| G. Audio/Visual |
Profile photo (optional) |
Yes |
| H. Professional data |
Specialties, experience, language, clinic info |
Yes |
| I. Education |
Academic records |
No |
| J. Inferences |
Usage categorisations, e.g., active/inactive |
Yes (limited) |
| K. Sensitive data |
Health data (from clients) |
No (for dietitian accounts); displayed only with client consent |
Use and retention
- We use this information to operate the Service (see How We Process Your Data).
- We share data only with service providers under contract (see Sharing); we do not sell or share data for behavioural advertising.
- Data is retained per our Retention Policy; hashed tokens are retained for 12 months to prevent abuse.
Your rights (U.S. residents)
- Access, correction, deletion, and portability rights.
- Right to non-discrimination for exercising your privacy rights.
- No sale or targeted advertising of personal information at this time; if that changes, we will provide an opt-out mechanism.
How to exercise
- In-app: Use the built-in account deletion feature.
- By email: median.ai.official@gmail.com or info@shine-official.net
You may designate an authorised agent to act on your behalf, subject to verification procedures.
13. Do We Make Updates to This Notice?
In short: Yes. We will update this Notice as necessary to remain compliant and transparent.
We may update this Privacy Notice from time to time. The updated version will be indicated by a revised date at the top of this page. If we make material changes, we may provide additional notice (e.g., in-app banner, email, or WhatsApp administrative message). We encourage you to review this Notice periodically to stay informed about how we protect your information.
15. How Can You Review, Update, or Delete the Data We Collect From You?
Depending on your country, province, or U.S. state of residence, you may have the right to request access to the personal information we hold about you, learn how it has been processed, correct inaccuracies, delete your personal information, or withdraw consent where applicable. These rights may be limited in some circumstances by law.
How to make a request
- In-app: Use the account deletion feature to remove your data.
- By email: Contact median.ai.official@gmail.com or info@shine-official.net.
We will verify your request and respond in accordance with applicable data protection laws (typically within 30 days). For more details on your rights, see What are your privacy rights?.