โ† Back to homepage

Privacy Policy - Professionals

Last updated: June 23, 2026

1. Introduction

We care about your privacy and want to share with you everything we do with your personal data. Within Cibus' Privacy Policy, you can verify your rights, what data we process and with whom we share it, how long we retain it, and many other details.

We certify that this Policy is as transparent and concise as possible. It is important that you read it carefully, because the privacy we guarantee is complete only when your knowledge is complete as well.

We also recommend reading the full Regulation (EU) 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter, GDPR), where you can inform yourself in more detail about your rights in the field of privacy and personal data protection.

2. Who are we?

TP53 S.R.L., with legal headquarters in Via Pomposa n. 153, 44123 Ferrara (FE), Italy, is dedicated to developing software mainly in the health area, being the company responsible for the creation and development of the Cibus software, in its various aspects.

This software allows to simplify the most complex tasks of Professionals, such as planning, analysis and creation of meal plans, nutritional calculations, information management and analysis, and other functions. Cibus is, therefore, the entity that manages the processing of personal data collected through the Cibus software, acting mainly as a processor for the Professional, under the terms of the GDPR.

3. Scope of this Policy

This Privacy Policy applies to all users of the website https://www.cibushealth.com and its subdomains, whether registered or not; to all users of the mobile app, from the moment it is installed on the mobile device; to all platform users who register for the trial period as well as all those who actually enter into a contract with our services once the trial period is concluded.

The use of the services we offer is conditioned by reading the terms described here and accepting the Terms and Conditions of Use.

4. What data we collect

The collection and processing of data is fundamental to the operation of Cibus. Our project is built on this data and it allows us to offer you a reference service in the area of nutrition and client management. We limit the collection of data and its retention time to the minimum necessary.

5. Professional Data

Data required from the professional during registration: all data entered by the Professional at the time of registration on the platform are stored and processed. The data we mandatorily require during registration are: first and last name, main workplace name, sex, country of residence, email address and, obviously, a password.

Payment data: payment data for your monthly subscription are also processed by Cibus, although we use a third party for this purpose.

Billing data: to fulfill our tax obligations, we must necessarily ask for some billing data such as: name, tax code or VAT number, address, city, postal code and country of residence.

Automatically collected data: in addition to the data mentioned above, we automatically collect, through cookies and other methods and services, a set of data that allows us to know precisely how you use the platform. For more information, see our cookie policy.

6. Client Data

Client data is largely collected by the Professional. They are responsible for processing the Client's personal data. Cibus processes Client data only once entered by the Professional or directly through the mobile application.

The mobile application is intended for use by clients and is obviously optional. Data such as: login credentials, amount of water ingested, weight, location data (with consent), local files and notifications (with consent), data from health applications like Apple Health or Google Fit (with consent) may be collected.

7. Aggregated Data

Cibus may process, in aggregate and anonymized form, data relating to the use of the platform by nutritionists. This data may be used for scientific research purposes, for the development of new features or for the continuous improvement of the clinical tools offered. The processing will be carried out in compliance with the principles of data minimization, anonymization and security, in accordance with the GDPR.

8. Purpose of Processing

We use the data we collect for the following purposes:

  • Service provision: we use data to provide our service as efficiently as possible
  • Maintenance and improvement: we analyze usage behavior to improve features
  • Customer support: to efficiently answer all questions
  • Billing: to fulfill our legal and tax obligations
  • Legal matters: to comply with court orders and tax audits
  • Marketing: with your explicit authorization
  • Security: to analyze suspicious or fraudulent behavior

9. Retention Period

Personal data may be retained for different periods of time depending on their legal relevance or the duration of the contractual relationship. In general, after the user's deletion request, data is encrypted and securely stored for 10 years, after which it is permanently deleted.

10. Subcontractors

Some of the information you provide may be processed by third parties external to our services:

  • Software usage analysis (Google Analytics)
  • Payment details (Stripe)
  • Marketing emails (specialized external services)
  • Support center
  • Data storage and processing (hosting companies in Europe)
  • Audit and maintenance

11. Professional Rights

We want to ensure that your rights are fully respected. You can contact us at support@cibushealth.com:

  • Right of access: you have the right to access your information
  • Right of rectification: you have the right to obtain correction of inaccurate data
  • Right of erasure: you have the right to obtain deletion of your data
  • Rights of objection and limitation: you can exercise them via email
  • Right of portability: you have the right to receive data in a reusable digital format

12. Security

The security of your data and the services we provide is one of our top priorities. We regularly analyze our platforms and related servers to ensure that all necessary security measures are taken. In particular, we adopt the following technical and organizational measures:

  • Data minimization: we collect and process only the data strictly necessary to provide the service, in application of the data minimisation principle set out in art. 5(1)(c) of the GDPR.
  • Pseudonymization and anonymization: where technically applicable, directly identifying elements are reduced or replaced with technical identifiers, limiting the risk of direct association between the processed information and the patient's identity.
  • Access control: robust authentication and granular authorization management restrict access to authorized parties only. Every access is logged and monitored.
  • Business continuity and backup: regular backup procedures and business continuity plans ensure data availability and recovery in the event of incidents.
  • Monitoring and incident management: continuous infrastructure monitoring enables timely detection of anomalies and incident management according to documented procedures, including notification to the supervisory authority pursuant to art. 33 GDPR.

13. Roles and Responsibilities under the GDPR

The correct allocation of the roles set out in Regulation (EU) 2016/679 ensures transparency of processing and protection of data subjects' rights:

  • Healthcare Professional โ€” Data Controller: determines the purposes and means of processing, maintains control over their patients' data, and is responsible for GDPR obligations towards data subjects.
  • TP53 S.R.L. (Cibus) โ€” Data Processor: processes data on the Controller's instructions, within the limits of the service provided, ensuring adequate security measures and support in the event of an audit.
  • Patient โ€” Data Subject: enjoys the rights of access, rectification, erasure, portability, and objection to processing pursuant to arts. 15-22 GDPR.

Data entered into the Cibus platform cannot be attributed to anyone outside the Professional's practice and is not used for any purpose other than providing the service. TP53 S.R.L. has neither the interest nor the ability to access patients' clinical content for purposes other than those strictly technical and related to the operation of the platform. Data is never sold, transferred, or exchanged with third parties, nor used for advertising or commercial profiling purposes.

14. Artificial Intelligence

The artificial intelligence features integrated into Cibus are designed as tools to support professional activity, and their use is governed by the following principles:

  • Support, not replacement of clinical judgment: content generated by AI features constitutes operational assistance and does not replace the clinical, professional, or ethical judgment of the Professional. Every decision remains under the full and exclusive responsibility of the Professional.
  • No use of data for model training: patient data is in no case used to train, fine-tune, or improve artificial intelligence models, neither by TP53 S.R.L. nor by third-party providers.

TP53 S.R.L. assumes no responsibility for clinical decisions made on the basis of outputs generated by the platform's AI features. The Professional is required to critically evaluate every suggestion produced by the system before applying it to clinical practice.

15. Data and Server Localization

All data processed through the Cibus platform is hosted on infrastructure located within the European territory, in compliance with GDPR requirements regarding the transfer and storage of personal data. No data entered into the platform is transferred or processed outside the European Union, avoiding transfers to third countries that would require additional safeguards pursuant to arts. 44-49 GDPR.

16. Data Processing Agreement (DPA) and Audit Support

TP53 S.R.L. provides a Data Processing Agreement (DPA) compliant with art. 28 GDPR for each Professional, governing the processing methods, the security measures adopted, and the guarantees offered as Data Processor. The DPA can be requested at business@tp53health.com.

Should the Professional require supplementary documentation โ€” for a supervisory authority inspection, an internal audit, or any other need โ€” TP53 S.R.L. is available to provide the necessary support. Available documentation includes the privacy notice under arts. 13-14 GDPR, the DPA under art. 28 GDPR, technical documentation on the measures adopted, the Record of Processing Activities under art. 30 GDPR, and any clarifications and declarations.

17. Contact

For any questions or to exercise your rights, contact us at:

TP53 S.R.L.
Via Pomposa n. 153, 44123 Ferrara (FE), Italy
Legal Representative: Mr. Matteo Melina

Email: support@cibushealth.com

18. Supervisory Authority

Without prejudice to any complaints you may address to Cibus, you can also file a complaint with the Italian supervisory authority:

Garante per la Protezione dei Dati Personali
Piazza di Monte Citorio n. 121
00186 Rome
Tel: +39 06 696771
www.garanteprivacy.it