Privacy Policy

1. Who we are

Tenderheart is operated by Justino Ltd (Companies House registration number 17215901), the data controller for any personal data you send us. Our registered office is:

Justino Ltd
66 Paul Street
London
EC2A 4NA

If you have questions about this policy or your data, contact us at [email protected].

2. What we collect

We collect only what you choose to send us. When you forward a shopping email to [email protected], we receive:

• your email address;
• the contents of the forwarded email, including any items in your shopping basket.

We do not ask for names, addresses, payment details, or any account registration.

3. How we use your data

We use the email you send us for one purpose only: to read the shopping items, check them against UK dietary guidance, and send you a reply. We do not use your data for marketing, profiling, or any purpose beyond the scan.

Our legal basis for processing is our legitimate interest in providing the service you asked us to perform. We have weighed this against your privacy: we use only the email you send, for the single purpose of the scan, and we do not retain it afterwards. You can object to this processing at any time by contacting us at [email protected].

4. Automated analysis

The analysis of your forwarded email is carried out automatically by an AI system (accessed through the Gemini API). This means no human reviews your shopping email unless you specifically ask us to. The output is a read-only flagging of items based on UK dietary guidance; it does not make decisions that affect your legal rights or have legal effects on you.

If you want a human to review a particular reply, or you wish to contest an automated output, contact us at [email protected].

5. Who else sees your data

We use a small number of service providers to receive, analyse, and reply to emails. They process data only on our behalf and under our instructions:

• Cloudflare — receives and routes the inbound email to our service.
• Gemini API — analyses the email content so we can identify flagged items.
• Resend — sends the reply back to your email address.
• Google Analytics — helps us understand how people use the landing page. It uses cookies or similar technologies in line with Google's own policies.

6. How long we keep your data

We do not keep your emails. Once the email has been analysed and the reply has been sent, the original email and its contents are dropped and not stored by us.

7. Cookies

Tenderheart itself does not use cookies. Google Analytics, which runs on our landing page, uses cookies or similar technologies according to its own policies.

8. International transfers

Some of our providers may process data outside the UK. Where this happens, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms to protect your data.

9. Your rights

Under UK data protection law you have the right to access, correct, erase, restrict, or object to processing of your personal data, and the right to data portability. Because we do not store emails, we may not be able to retrieve a specific email once it has been processed, but you can still contact us with any request.

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

10. Children

Tenderheart is intended for adults making shopping decisions for their families. It is not directed at children under 13, and we do not knowingly process data from children under 13.

11. Changes to this policy

We may update this policy as the service changes. The latest version will always be published here with the updated date at the top.

12. Contact

For any privacy questions or data requests, email us at [email protected].