Back to Home

Privacy Policy

Last updated: 3 December 2025

1. Who we are

Road Daily Plan is a digital coaching service that helps professional drivers improve their fitness, nutrition and sleep by generating personalised plans ("Service"). The Service is operated by H. Han, trading under the name "Road Daily Plan", based in Leiderdorp, the Netherlands ("Road Daily Plan", "we", "us").

For the processing of personal data described in this privacy policy, Road Daily Plan is the "controller" within the meaning of the General Data Protection Regulation ("GDPR"). This means that we determine the purposes and means of processing your personal data.

Our contact details are:

  • E‑mail: [email protected]
  • Postal address: Sisalbaan 5a, 2352AZ, Leiderdorp, the Netherlands.

2. Scope of this privacy policy

This privacy policy explains how we collect, use, share and protect personal data when you:

  • visit or use our website or web application;
  • create an account and use the Road Daily Plan Service;
  • contact us, for example by e‑mail or through a contact form; or
  • interact with us in any other way described in this privacy policy.

This privacy policy mainly addresses users in the European Economic Area (EEA) and the United Kingdom. If you are located outside the EEA/UK, local mandatory law may grant you additional rights. This privacy policy does not limit those rights.

3. What are personal data?

Under the GDPR, personal data are any information relating to an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to that person (for example a name, e‑mail address, account ID, IP address or a combination of data points).

Some types of personal data are considered "special categories of personal data" under the GDPR, including data concerning health. We only process health‑related data where this is strictly necessary for the Service and with your explicit consent (see sections 4.5 and 5 below).

4. For which purposes do we process personal data?

We only process your personal data for specific, explicit and legitimate purposes. Below you will find more information about those purposes for each category of data subjects.

Website Visitors

4.1 To answer your questions when you contact us

What does this purpose entail?

Our website contains our contact details and may contain contact forms. This allows you to contact us with questions, feedback or support requests. When you contact us and/or submit a web form, we process the personal data you provide so that we can contact you and answer your question.

What personal data do we process for this purpose?

We only process the personal data you provide to us, such as:

  • name;
  • e‑mail address and, if you choose, telephone number;
  • the content of your message and any other information you provide during our contact.

On what legal basis do we process these data?

The legal basis is our legitimate interest in communicating with visitors and users and efficiently handling questions, feedback and complaints (Article 6(1)(f) GDPR).

4.2 To keep our website functioning securely and reliably (functional and basic analytical cookies)

What does this purpose entail?

We use cookies and similar technologies that are necessary for the proper functioning and security of our website and Service (for example to remember your language preferences or keep you logged in). We may also use privacy‑friendly analytical cookies with limited impact on your privacy to gain insight into basic website usage (for example which pages are most frequently visited).

What personal data do we process for this purpose?

For this purpose, we may process:

  • IP address and general location (country/region);
  • date and time of your visit;
  • information about your browser, device and operating system;
  • pages visited and interactions with the website.

On what legal basis do we process these data?

For strictly necessary functional cookies, the legal basis is our legitimate interest in providing a secure and user‑friendly website and Service (Article 6(1)(f) GDPR). For analytical cookies with limited privacy impact, we also rely on our legitimate interest. Where local law requires consent for certain analytical cookies, we will only place those cookies after you have given consent via the cookie banner (Article 6(1)(a) GDPR).

For more information about the cookies we use, please refer to our Cookie Policy .

4.3 Optional analytics, session recordings and marketing tracking (such as Meta Pixel)

What does this purpose entail?

With your consent, we may use additional analytics and session recording tools to understand how users interact with our Service in more detail (for example to see where users get stuck in the onboarding flow). We may also use marketing cookies and pixels (such as Meta Pixel) to measure the effectiveness of our advertising campaigns and to show you relevant ads for Road Daily Plan on third‑party platforms.

What personal data do we process for this purpose?

Depending on the tools you consent to, we may process:

  • device and browser information;
  • IP address and inferred general location;
  • pages visited, buttons clicked and features used;
  • referrer URL (via which website or ad you arrived);
  • for marketing pixels: hashed e‑mail address (if available) and event data (for example "page view", "sign‑up", "purchase").

On what legal basis do we process these data?

We only use these tools if you have given your consent via the cookie banner or settings (Article 6(1)(a) GDPR). You can withdraw your consent at any time via the Cookie Settings on our website. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Users of Road Daily Plan (Account Holders and Customers)

We process personal data of users who create an account and/or purchase a subscription or other paid features. This includes individual drivers as well as, where applicable, drivers who are given access via their employer. The employer is responsible for informing its drivers about this privacy policy where relevant.

4.4 To create and manage your account, and provide access to the Service

What does this purpose entail?

When you sign up for Road Daily Plan, we need certain personal data to create and manage your account, provide you with access to the dashboard and ensure that you can securely log in.

What personal data do we process for this purpose?

For this purpose, we process:

  • identification and contact details: name, e‑mail address;
  • login details: password (stored using industry‑standard hashing, never in plain text);
  • account settings: preferred language/locale, time zone;
  • basic usage data necessary for authentication and account security (for example session tokens and login history).

On what legal basis do we process these data?

The legal basis is that processing is necessary for the performance of the contract with you (Article 6(1)(b) GDPR), so that we can create your account and provide the Service. For security‑related logging we rely on our legitimate interest in protecting our Service and users against misuse and unauthorised access (Article 6(1)(f) GDPR).

4.5 To generate your personalised workout, nutrition and sleep plan using AI

What does this purpose entail?

The core of our Service is to generate a personalised plan that fits your work schedule, physical condition and goals. During the onboarding wizard we ask you to provide information about your work, lifestyle and health. Our AI‑powered system uses this information to generate your plan and to update it over time.

What personal data do we process for this purpose?

For this purpose, we process the data that you actively provide in the onboarding and subsequent updates, including:

  • Physical and lifestyle data: age, sex, height, weight, activity level, specific trouble areas (for example back, shoulders), fitness level, and other physical constraints that you describe.
  • Work & schedule context: route type (local/long haul), typical schedule (day/night/rotating), number of stops per day, time available per rest stop, and your medical renewal deadline.
  • Sleep context: sleep challenges (for example trouble falling asleep, waking up frequently), sleep location (for example cab, home, hotel) and related details you share in open text fields.
  • Nutrition context: country of operation, primary truck stop chains you visit, dietary restrictions (for example vegetarian, halal), food avoidances, budget preferences, available truck appliances (for example cooler, microwave) and other details you share in open text fields.
  • Goals: your main health goals (for example "lose weight", "improve sleep"), target weight and desired plan duration.

Some of these data qualify as data concerning health within the meaning of the GDPR (for example your weight in combination with your health goals, sleep challenges and physical constraints).

On what legal basis do we process these data?

For personal data that are not health‑related, the legal basis is the performance of our contract with you (Article 6(1)(b) GDPR), because we cannot provide a personalised plan without this information.

For health‑related data (special categories of personal data), the legal basis is your explicit consent (Article 9(2)(a) GDPR). We ask for this explicit consent when you create your account and complete the onboarding wizard (for example by means of a clearly worded checkbox). You may withdraw your consent at any time by deleting your account or contacting us at [email protected]. If you withdraw your consent, we will stop processing your health data and delete them, but we may no longer be able to provide the personalised parts of the Service.

4.6 To track your progress and keep your plan up to date

What does this purpose entail?

You can log your progress (for example completed workouts or changes in weight) and adjust your goals. We use this information to show your progress over time and to adjust your plan so that it remains relevant and achievable.

What personal data do we process for this purpose?

For this purpose, we process:

  • progress logs: daily or weekly logs, such as completed workouts, step counts (if you choose to enter them), sleep duration and quality (as entered by you), and notes you add;
  • updated physical, lifestyle or goal information you provide (for example a new weight or a changed goal);
  • aggregated statistics and achievements based on your logs (for example number of workouts completed, streaks).

On what legal basis do we process these data?

For non‑health data the legal basis is the performance of our contract with you (Article 6(1)(b) GDPR). For data that are or become health‑related, we rely on your explicit consent as described in section 4.5 above (Article 9(2)(a) GDPR).

4.7 To provide customer support and communicate with you about the Service

What does this purpose entail?

We may contact you with important information about your account or the Service, for example to send onboarding e‑mails, security alerts, plan availability notifications or changes to our terms and policies. We also provide support if you have questions or encounter issues.

What personal data do we process for this purpose?

For this purpose, we process:

  • identification and contact details: name, e‑mail address;
  • account information (such as your subscription type and basic plan details);
  • information you provide in your support request and our correspondence with you;
  • technical information relevant for troubleshooting (for example error logs, device type and browser version).

On what legal basis do we process these data?

The legal basis is the performance of the contract with you (Article 6(1)(b) GDPR) and our legitimate interest in providing high‑quality support and informing you about important changes to the Service (Article 6(1)(f) GDPR).

4.8 To process payments and prevent fraud

What does this purpose entail?

If you purchase a paid subscription or other paid features, your payment is processed by our Merchant of Record, Paddle. Paddle handles billing, payment processing, tax compliance and certain fraud‑prevention checks. We receive limited payment‑related information so that we can link your payment to your account and handle support requests.

What personal data do we process for this purpose?

For this purpose, we process:

  • limited billing details we receive from Paddle (for example name, e‑mail address, country, pricing tier, partial billing address if provided);
  • payment status (for example "paid", "refunded", "chargeback");
  • transaction IDs and subscription identifiers;
  • anti‑fraud signals (for example whether a payment attempt was flagged as high risk).

We do not receive or store complete credit card numbers or other full payment instrument details. Those are processed directly by Paddle or its sub‑processors.

On what legal basis do we process these data?

The legal basis is that processing is necessary for the performance of the contract with you (Article 6(1)(b) GDPR) and for compliance with legal obligations relating to accounting and tax (Article 6(1)(c) GDPR). For additional fraud‑prevention measures, we rely on our legitimate interest in protecting our Service and business against abuse (Article 6(1)(f) GDPR).

4.9 To improve and secure our Service (analytics and logging)

What does this purpose entail?

We continuously work to improve the usability, performance and security of Road Daily Plan. To do this, we analyse how the Service is used on an aggregated level and maintain technical logs.

What personal data do we process for this purpose?

Depending on your settings and the tools enabled, we may process:

  • usage data: pages visited, features used, clicks and navigation flows;
  • device and browser information;
  • IP address and general location (for example country) to understand where users are located and to detect suspicious activity;
  • error and performance logs.

Where possible, we use these data in aggregated or pseudonymised form and configure our analytics tools to be privacy‑friendly.

On what legal basis do we process these data?

For basic, privacy‑friendly analytics and security logging, the legal basis is our legitimate interest in improving our Service and ensuring its security (Article 6(1)(f) GDPR). For enhanced analytics and session recordings that are not strictly necessary, we rely on your consent via the cookie banner (Article 6(1)(a) GDPR).

5. Use of AI, profiling and automated decision‑making

We use artificial intelligence ("AI") to generate your personalised plan based on the information you provide. This involves profiling in the sense that we analyse aspects of your health, work and lifestyle to provide tailored recommendations.

However:

  • our AI‑generated plans are recommendations only and do not produce legal or similarly significant effects within the meaning of Article 22 GDPR; and
  • we do not make decisions that have legal or similarly significant effects about you based solely on automated processing.

If we ever introduce automated decision‑making that falls within Article 22 GDPR, we will inform you explicitly and provide you with all information required by law.

AI service provider: To generate your plan, we send relevant parts of your input data to our AI service provider. We have concluded a data processing agreement with this provider. The provider processes your data only on our instructions, solely for the purpose of generating your plan, and is not permitted to use your data to train or improve its models for other customers.

6. Cookies and similar technologies

Our website and Service use cookies and similar technologies. Functional cookies are necessary for the functioning of the Service (for example to keep you logged in). With your consent, we can also use analytics and marketing cookies (for example PostHog analytics and Meta Pixel).

You can find more detailed information about the cookies we use, their purposes and lifetimes in our Cookie Policy . You can change or withdraw your consent at any time via the Cookie Settings available in the footer of our website or in your browser.

7. With whom do we share your personal data?

We do not sell your personal data. We only share your data with third parties where this is necessary for the purposes described above, where we are legally required to do so, or where you have given your consent.

We may share personal data with the following categories of recipients:

  • Payment provider (Paddle) Paddle acts as our Merchant of Record and processes your payment data, billing details, tax information and certain fraud‑prevention signals. Paddle is an independent controller for these processing activities and has its own privacy policy. We receive only the data necessary to link your payment to your account and support you.
  • Infrastructure and hosting providers We use reputable cloud providers to host our website, application and databases. Personal data are stored on secure servers, primarily located in the European Union.
  • E‑mail and communication service providers We use transactional e‑mail providers to send account‑related e‑mails (such as account confirmation, password reset and plan reminders). These providers process your e‑mail address and message content on our behalf.
  • Analytics and product improvement tools (such as PostHog) We use privacy‑focused analytics tools, preferably hosted in the EU, to understand how our Service is used and to improve it. Where possible, we configure these tools so that they only process pseudonymised or aggregated data.
  • AI service provider As explained in section 5, we use an AI provider to generate your personalised plan. We limit the data shared with this provider to what is strictly necessary, and we have implemented contractual safeguards to ensure your data are processed securely and are not used to train models for other customers.
  • Marketing and advertising partners (such as Meta) If you consent to marketing cookies, we may share limited data with advertising partners via pixels and similar technologies to measure conversions and show relevant ads for our own Service. This may involve transfers of personal data to countries outside the EEA, such as the United States. We use appropriate safeguards for these transfers (see section 8).
  • Professional advisers and authorities We may share data with professional advisers (such as accountants or lawyers) where necessary for their services to us, and with law enforcement or regulatory authorities where we are legally required to do so.

Whenever we engage a third party to process personal data on our behalf, we conclude a data processing agreement that meets the requirements of Article 28 GDPR.

8. International data transfers

In principle, we store your personal data on servers located within the EEA. However, some of our service providers are located outside the EEA or may store data in other countries (for example certain cloud, analytics or advertising providers). This may result in your personal data being transferred to a country that does not provide the same level of data protection as the EEA.

Where such transfers occur, we ensure that they are subject to appropriate safeguards, such as:

  • an adequacy decision by the European Commission; and/or
  • standard contractual clauses approved by the European Commission, possibly supplemented with additional technical and organisational measures.

You can contact us if you would like more information about the safeguards we have implemented for international transfers.

9. How long do we keep your personal data?

We do not keep your personal data for longer than necessary for the purposes for which we collected them, unless we are required by law to keep them longer (for example for tax reasons). We apply, among others, the following retention periods:

Active accounts

We retain your personal data for as long as your account is active. An account is considered "active" if you have signed in at least once within the last 6 months.

Inactive accounts and automated deletion

If you do not sign in for 6 consecutive months, your account is classified as "inactive". We keep inactive account data for an additional grace period of 6 months. After a total of 12 months of inactivity, your account and all associated personal data (including health data and progress logs) are automatically and permanently deleted from our active systems.

Progress logs and plan history

Your daily logs, plan history and related data are retained for the lifetime of your active account, so that you can view your progress over time. They are deleted together with your account as described above.

Payment and billing records

We are legally required to retain certain transaction records for tax and accounting purposes. We keep these records for up to 7 years after the end of the relevant financial year. These records contain limited personal data and do not include complete payment card details.

Support correspondence

Support tickets and related communications are generally retained for up to 2 years after closure of the ticket, unless a longer retention period is necessary for legal reasons (for example in the context of a dispute).

Deleted accounts

If you actively delete your account, we will delete or irreversibly anonymise your personal data within 30 days, unless we are required by law to keep certain data longer (for example billing records). Backup copies may persist for a limited period in line with our backup and disaster‑recovery procedures, but will be overwritten in the ordinary course of business.

10. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect them against unauthorised access, loss, misuse or alteration. These measures include, among others:

  • encryption of data in transit (TLS/HTTPS) and at rest where appropriate;
  • hashed and salted passwords using industry‑standard algorithms;
  • access controls and least‑privilege principles for our staff and contractors;
  • logging and monitoring of access to production systems;
  • regular backups and disaster‑recovery procedures; and
  • assessing our service providers on their security measures.

No system can be 100% secure. If you suspect that your account has been compromised, please contact us immediately at [email protected].

11. Your rights under the GDPR

If you are in the EEA or the UK, you have the following rights with respect to your personal data:

Right of access You have the right to request confirmation as to whether we process your personal data and, if so, to receive a copy of those data.
Right to rectification You have the right to have inaccurate personal data corrected and incomplete data completed. In many cases you can do this yourself via your account settings.
Right to erasure ("right to be forgotten") In certain circumstances, you have the right to ask us to delete your personal data, for example when the data are no longer necessary for the purposes for which they were collected or when you withdraw your consent. You can also delete your account at any time via the dashboard, after which we will delete your data as described in section 9.
Right to restriction of processing In certain cases, you have the right to request that we temporarily restrict the processing of your personal data (for example while we investigate your objection or correct inaccurate data).
Right to data portability Where processing is based on your consent or on a contract and carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine‑readable format and to transmit those data to another controller.
Right to object You have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interests (Article 6(1)(f) GDPR). We will then no longer process the personal data concerned, unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims. Where we process your data for direct marketing purposes (including related profiling), you have the absolute right to object at any time.
Right to withdraw consent Where processing is based on your consent (including explicit consent for health data and consent for cookies/analytics/marketing), you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent for health data processing, we may no longer be able to provide the personalised parts of the Service.
Right not to be subject to automated decision‑making As explained in section 5, we do not use automated decision‑making that produces legal or similarly significant effects. If this changes, we will inform you and explain your rights.

How to exercise your rights

You can exercise your rights by contacting us at [email protected]. We may ask you to provide additional information to verify your identity. We will respond to your request within one month of receipt. In complex cases or when we receive many requests, this period may be extended by a further two months, in which case we will inform you.

12. Children's privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us so that we can delete the data and, if applicable, close the account.

13. Questions, complaints and contact details

If you have any questions about this privacy policy or how we process your personal data, you can contact us at:

E‑mail: [email protected]

Supervisory authority: If you are in the EEA or the UK and believe that we have not handled your personal data correctly, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please consider contacting us first.

14. Changes to this privacy policy

We may update this privacy policy from time to time, for example if our processing activities or applicable laws change. The "Last updated" date at the top indicates when the policy was last revised.

If we make material changes, we will notify you by e‑mail and/or through the Service. Where required by law, we will ask for your consent to new processing activities. Continued use of the Service after the updated privacy policy has entered into effect constitutes acceptance of the changes.