CASE STUDY
How a premium nutrition-tracking app operationalized privacy across multiple jurisdictions, strengthened vendor governance, and supported fast-moving product growth.
MacroFactor, a premium nutrition-tracking app, partnered with VeraSafe to translate privacy-by-design values into a structured, scalable compliance program designed to support global growth and evolving regulatory expectations.
Highlights:
Company: MacroFactor (Stronger by Science Technologies LLC)
Industry: Health and Fitness Technology
Headquarters: United States
Company Size: Fewer than 50 people
Product: MacroFactor, a premium nutrition tracking app built to support evidence-based dietary decisions
Engagement Duration: January 2023 to Ongoing
MacroFactor was built with a strong privacy-aware mindset from the start, but like many early-stage companies, those principles were not yet formalized into a documented privacy program. A vendor-related security incident accelerated the need for structured guidance, including a clear analysis of whether regulatory notifications were required.
At the same time, MacroFactor’s international growth and the nature of the data involved created an urgent need for a scalable compliance framework aligned to key requirements, including the EU and UK GDPR, Washington’s My Health My Data Act, and Japan’s Act on the Protection of Personal Information (APPI), while preparing for future applicability of the CCPA and other U.S. state privacy laws.
VeraSafe worked alongside MacroFactor to build an operational program designed to support product velocity, user trust, and multi-jurisdiction compliance.
VeraSafe guided MacroFactor through a rapid assessment of the incident and reporting obligations, supporting clear internal documentation and decision-making.
VeraSafe mapped processing activities across the app ecosystem, website, social channels, internal operations, and user interactions to surface risks and prioritize practical next steps.
VeraSafe reviewed, negotiated, and implemented Data Processing Agreements and helped operationalize a vendor security assessment process, including structured questionnaires and periodic review of vendor security materials.
VeraSafe drafted and refined a comprehensive Privacy Notice, Consumer Health Data Privacy Notice, and Cookie Notice, and supported improvements to in-app workflows for access, export, and deletion so privacy rights were workable in practice.
VeraSafe helped establish retention rules aligned to business purpose, user expectations, and legal requirements, translating policy into actionable deletion workflows and practical internal guidance.
MacroFactor appointed VeraSafe as its GDPR Data Protection Officer, providing ongoing oversight of privacy practices, support for data subject rights requests, Legitimate Interest Assessments, and practical advice on lawful bases, marketing transparency, and cookie compliance.
For Japan-facing operations, VeraSafe coordinated Japanese translations and bilingual legal review to support accuracy and clarity across jurisdictions.
Where needed, VeraSafe also supported select matters closely connected to MacroFactor’s growth strategy, including assistance with securing a long-sought domain name through cross-border coordination.
MacroFactor appointed VeraSafe as its Data Protection Representative in the EU and UK, supporting compliance with Article 27 requirements under the GDPR and UK GDPR. VeraSafe acts as a local point of contact for supervisory authorities and data subjects.
In less than two years, MacroFactor evolved from limited privacy infrastructure to a mature, scalable, and operational privacy program aligned with major global data protection requirements.
MacroFactor is now better positioned to:
