← Back to Nutriva AI

1. Who We Are

Nutriva AI ("we", "us", "our") is the developer and publisher of the Nutriva AI mobile application available on the Apple App Store and Google Play Store. We are responsible for determining how and why your personal data is processed.

If you have any questions about this Privacy Policy, you can contact us at privacy@nutrivaai.com.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address and display name when you register.
• Profile Data: Gender, date of birth, height, weight, activity level, dietary preferences, and health goals you enter during onboarding or at any time.
• Nutrition & Food Data: Meal descriptions, food photos, barcode scans, calorie and macro entries, water intake, and fasting logs you record.
• Body Measurements: Waist, chest, arms, hips, thighs, and neck measurements if you choose to log them.
• AI Coach Conversations: Messages you send to the AI coach (Marcus) are processed to generate responses and improve your personalised experience.
• Feedback & Support: Any information you provide when you contact us for support.

2.2 Information Collected Automatically

• Device Information: Device model, operating system version, unique device identifiers, and app version.
• Usage Data: Features you use, screens you visit, session duration, and in-app events (via PostHog analytics — see Section 8).
• Crash Reports: Stack traces and diagnostic information collected automatically if the app crashes (via Sentry — see Section 8).
• IP Address: Collected by our backend (Supabase) for security and abuse prevention purposes.

2.3 Information We Do NOT Collect

• We do not collect your precise location (GPS coordinates).
• We do not read your contacts, calendar, or messages.
• We do not run third-party advertising SDKs or ad trackers.
• We do not sell your personal data to third parties. Ever.

3. How We Use Your Information

We use your information for the following purposes:

Purpose	Legal Basis (GDPR)
Providing and personalising the app's features (calorie goals, macro plans, AI suggestions)	Performance of contract
Syncing your data across your devices via your account	Performance of contract
Processing in-app purchases and managing subscriptions	Performance of contract
Sending important account and service notifications	Legitimate interest / consent
Diagnosing bugs and improving app stability	Legitimate interest
Understanding aggregate usage patterns to improve the app	Legitimate interest
Complying with legal obligations	Legal obligation

We will never use your data for advertising profiling, selling to data brokers, or any purpose not listed above.

4. Third-Party Services & Data Sharing

We use the following trusted third-party services to operate the app. Each service receives only the minimum data necessary for its function:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Cloud database & account authentication	Email, profile data, food logs, encrypted user records	supabase.com/privacy
OpenAI	AI food analysis & coaching responses	Food descriptions and coach messages only — no PII or health metrics	openai.com/privacy
RevenueCat	In-app purchase management & subscription status	Device ID, subscription status, purchase receipts	revenuecat.com/privacy
PostHog	Product analytics & feature usage	Anonymised event data, device type, app version	posthog.com/privacy
Sentry	Crash reporting & error monitoring	Stack traces, device info, app state at time of crash	sentry.io/privacy
Apple App Store / Google Play	App distribution & payment processing	Handled directly by Apple / Google under their own policies	Apple & Google privacy policies

We do not share your data with any other third parties. We may disclose your information if required by law, court order, or to protect the safety of users.

5. Health Data & Apple HealthKit / Google Health Connect

If you grant Nutriva AI permission to access Apple HealthKit or Google Health Connect, the app may read data such as:

• Step count and active energy burned
• Resting heart rate and heart rate variability
• Sleep data
• Body weight and body mass index
• Dietary energy and macronutrient intake

The app may also write nutrition data (calories, macros) and body weight back to HealthKit / Health Connect to keep your health records complete.

This use of HealthKit / Health Connect data complies with Apple's HealthKit guidelines and Google's Health Connect policies. HealthKit data will never be used for marketing or advertising purposes, and will never be sold.

6. AI Features & OpenAI

Nutriva AI uses OpenAI's GPT models to power:

• Food photo analysis and calorie estimation
• AI Coach (Marcus) conversations
• Meal plan generation
• Health insights and weekly reports

When you use these features, only the food description text or your chat message is sent to OpenAI. We do not include your name, email, health metrics, or any personally identifiable information in API requests. OpenAI processes requests under its API data usage policies and does not use API data to train its models by default.

AI-generated responses are based on statistical models and may contain inaccuracies. Never use AI food estimates or coaching advice for medical purposes, including insulin dosing, clinical nutrition therapy, or treatment of any medical condition.

7. In-App Purchases & Subscriptions

Nutriva AI offers optional paid subscriptions (Pro and Premium). All payment transactions are processed by Apple (App Store) or Google (Google Play) — we never receive or store your payment card details.

Subscription status is verified through RevenueCat, which receives your anonymised device identifier and purchase receipt from the app store to confirm your entitlements. RevenueCat does not receive your name, email, or health data.

For subscription management, cancellations, and refunds, please use your device's subscription management settings:

• iOS: Settings → [Your Name] → Subscriptions
• Android: Google Play → Account → Subscriptions

Refund requests are handled by Apple or Google according to their respective refund policies.

8. Analytics & Crash Reporting

PostHog Analytics

We use PostHog to understand how the app is used in aggregate — for example, which features are most popular or where users encounter difficulties. PostHog collects anonymised event data (e.g., "user opened scan screen") along with device type and app version. It does not receive your name, email, or food/health data. You can opt out of analytics tracking in the app's Settings → Privacy.

Sentry Crash Reporting

We use Sentry to automatically detect and diagnose crashes. When the app crashes, Sentry collects a stack trace, device model, OS version, and app state information at the time of the crash. No personal health or food data is included in crash reports. This helps us fix bugs faster and improve stability for all users.

9. Camera, Microphone & Photo Library

The app requests access to these device capabilities for the following specific purposes:

• Camera: To capture photos of food for AI-powered calorie analysis, and to scan barcodes.
• Microphone: To enable voice food logging — you can describe a meal by speaking. Audio is processed on-device or sent to the AI model for transcription only; raw audio is not stored.
• Photo Library: To allow you to select an existing photo of food for AI analysis, or to set your profile picture.

These permissions are optional. The app will function without them, but some features will be unavailable. You can revoke permissions at any time in your device Settings.

10. Data Retention

Data Type	Retention Period
Food logs, weight, and nutrition data	Kept until you delete them or your account
Account information (email, profile)	Kept until account deletion
AI coach conversations	30 days from the date of the message, then automatically deleted
Anonymised analytics events (PostHog)	Up to 1 year
Crash reports (Sentry)	90 days
Subscription records (RevenueCat)	For the duration required by applicable law (typically 7 years for billing records)
Backup copies	Deleted within 30 days of account deletion

You can delete all your data at any time by going to Settings → Account → Delete Account in the app, or by emailing privacy@nutrivaai.com. Account deletion is permanent and irreversible.

11. Data Security

We take the security of your data seriously:

• On-device storage: All local data is stored in an encrypted SQLite database using industry-standard encryption.
• Data in transit: All communication between the app and our servers uses TLS 1.2+ encryption.
• Cloud storage: Account and sync data is stored in Supabase, which is hosted on infrastructure with SOC 2 Type II certification.
• Access controls: Only you can access your data. We use row-level security policies to ensure users cannot access other users' data.
• No plaintext passwords: Passwords are hashed and never stored in plaintext.

Despite our best efforts, no method of data transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@nutrivaai.com.

12. International Data Transfers

Nutriva AI is available globally. If you are located outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate. We rely on the following safeguards for such transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
• Our third-party providers (Supabase, PostHog, Sentry, OpenAI) maintain their own appropriate transfer mechanisms.

13. Children's Privacy

Nutriva AI is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@nutrivaai.com and we will delete it promptly.

14. Your Rights (General)

Regardless of where you live, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your account and personal data.
• Portability: Request your data in a structured, machine-readable format (CSV export available in-app).
• Opt-out of analytics: Disable analytics tracking in Settings → Privacy.

To exercise any of these rights, contact us at privacy@nutrivaai.com. We will respond within 30 days. Alternatively, you can delete your account directly from the app under Settings → Account → Delete Account.

15. California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request to know what personal information we have collected about you, the categories of sources, our business purposes, and the categories of third parties we share it with.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell personal information to third parties. You do not need to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@nutrivaai.com with the subject line "CCPA Request". We will verify your identity before processing the request.

16. EU / EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data (Article 15)
• Right to rectification of inaccurate data (Article 16)
• Right to erasure ("right to be forgotten") (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing based on legitimate interest (Article 21)
• Right to withdraw consent at any time where processing is based on consent

You also have the right to lodge a complaint with your national Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.

To exercise your GDPR rights, contact us at privacy@nutrivaai.com.

17. Push Notifications

With your permission, Nutriva AI may send you push notifications for:

• Meal logging reminders
• Fasting timer alerts
• Streak and goal milestone notifications
• Weekly AI summary reports

Push notification permissions are requested at app launch. You can disable notifications at any time in your device's Settings → Notifications → Nutriva AI. Disabling notifications will not affect core app functionality.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy.
• Send you an in-app notification if the changes are significant.
• For major changes affecting EU users, we may seek fresh consent where required by GDPR.

We encourage you to review this policy periodically. Continued use of the app after changes take effect constitutes your acceptance of the updated policy.

19. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

• Email: privacy@nutrivaai.com
• Support: support@nutrivaai.com

We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this period by up to 2 additional months and will notify you of any extension.