Privacy Policy

Introduction

Nutriora ("we," "our," or "us") is committed to protecting your privacy and complies with applicable U.S. federal regulations, including those administered by the U.S. Food and Drug Administration (FDA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

This Privacy Policy is designed to comply with U.S. privacy laws including the Health Insurance Portability and Accountability Act (HIPAA) where applicable, the Federal Trade Commission (FTC) Act, and FDA regulations governing health information and nutritional claims.

Clinic Membership:Nutriora facilitates connections between users and licensed healthcare providers, nutritionists, dietitians, and medical practices (collectively "clinic members"). When you choose to connect with a clinic member, you establish a patient-provider relationship, and your health information may be subject to HIPAA regulations.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you register for an account, use our nutrition planning and tracking features, contact us for customer support, or subscribe to our communications.

This information may include: name, email address, phone number, date of birth, gender, height, weight, health goals, dietary preferences, allergies, medical conditions, and other health-related information.

Health and Nutrition Data (FDA Compliant)

• Food intake and meal logs
• Exercise and activity data
• Weight and body measurements
• Health symptoms and conditions
• Medications and dietary supplements
• Nutritional label information (compliant with FDA labeling requirements)

FDA Nutrition Facts: All nutritional information provided through our Service complies with FDA regulations (21 CFR Part 101) regarding nutrition labeling and education.

Automatically Collected Information

• Device information (device type, operating system, unique identifiers)
• Push notification tokens (to deliver alerts and reminders you enable)
• Usage data (pages visited, features used, time spent)
• IP address and approximate location data
• Cookies and similar tracking technologies on our website

Payment and Subscription Information

If you purchase a subscription through Google Play or the App Store, payment processing is handled by Google or Apple. We receive subscription status and purchase identifiers needed to provide paid features. We do not receive or store your full payment card details.

How We Use Your Information

• Provide, maintain, and improve our Service
• Create and personalize your nutrition and wellness plans
• Facilitate connections between you and clinic members when you have authorized sharing
• Process transactions and manage your account
• Send technical notices, updates, and support messages
• Monitor usage trends and detect issues
• Send marketing communications (with consent)

How We Share Your Information

We do not sell your personal information. We may share information only in these circumstances:

• With your consent, including when you authorize a clinic member to access your health data
• With service providers who help us operate the Service (listed below)
• For legal reasons, such as complying with law, court orders, or protecting rights and safety
• Business transfers, such as a merger or acquisition, with appropriate notice where required

Third-Party Service Providers

We use trusted third parties to host, secure, and deliver the Service. They process data on our behalf under contractual obligations and only for the purposes described in this policy:

• Google Firebase / Google Cloud — authentication, database storage (Firestore), cloud hosting, file storage, and push notifications (FCM)
• Google Play — subscription and in-app purchase processing when you buy paid features through the Android app
• Apple App Store — subscription and in-app purchase processing when you buy paid features through the iOS app
• FatSecret — nutrition and food database lookups to power meal logging and nutritional information
• OpenAI — optional AI-assisted features, when enabled, to help generate or interpret nutrition-related content

These providers may process data in the United States and other countries where they operate. We require appropriate safeguards for data processed on our behalf.

Clinic Members and Healthcare Provider Access

Sharing Information

We share your information with clinic members only after explicit authorization. You may revoke this authorization at any time through your account settings.

• Food intake and meal logs
• Exercise and activity data
• Weight and body measurements
• Health symptoms and conditions
• Medications and supplements

FDA Compliance and Health Information

We do not sell your health information. We may disclose health information with your consent, to authorized providers, where legally required, to comply with legal process, to protect rights and safety, or in connection with business transfers.

Data Security

We implement technical and organizational security measures including encryption, access controls, regular audits, and secure storage and backup procedures. No method of transmission or storage is fully secure, and absolute security cannot be guaranteed.

Data Retention

We retain your information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type, as described below.

• Account and profile data (name, email, preferences): retained while your account is active. If you delete your account, we delete or anonymize this data within 30 days, except where retention is required by law.
• Health and nutrition data (meals, measurements, goals, and related logs): retained while your account is active to provide personalized plans and history. Upon account deletion, deleted from production systems within 30 days; encrypted backups may persist up to 90 days before automatic purge.
• Provider and clinic-shared data: retained while your sharing authorization with a clinic member is active. When you revoke access, we stop new sharing immediately. Copies of information previously shared with a provider may remain in that provider's systems under their own privacy and retention policies.
• Device and usage analytics: typically retained for 12–24 months for service improvement and security, then aggregated or deleted.
• Support and communications: retained for up to 3 years from your last interaction with us.
• Legal, tax, and compliance records: retained as long as required by applicable law (often up to 7 years where applicable).
• Security and audit logs: retained for 12–24 months, unless a longer period is required for security investigations or legal compliance.

Your Rights

• Access to a copy of your personal data
• Correction of inaccurate data
• Deletion requests
• Data portability requests
• Objection or restriction requests for processing

You may request deletion of your account and personal data at any time. See our Delete Account page for step-by-step instructions. After a verified deletion request, we process removal in accordance with the retention periods described in the Data Retention section above. Contact us at info@nutriora.app to exercise these rights.

Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time by posting the updated version on this page and revising the Last Updated date.

Contact Us