Privacy Policy

1. Introduction

Welcome to NutriMind ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection and use when you use our mobile application and related services (the "Service").

By using NutriMind, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address and password when you create an account
• Profile Information: Name, age, gender, height, weight, activity level, and fitness goals
• Nutrition Data: Food logs, meal entries, calorie and macro tracking data
• Weight History: Weight entries you log over time
• Meal Plans: Custom and AI-generated meal plans
• Saved Recipes: Meals you save as recipes for quick re-logging
• Barcode History: Products you scan, stored locally for quick re-scanning
• Streak & Badge Data: Your logging streak and earned achievement badges
• Weekly Challenges: Challenge participation and completion status
• AI Coach Conversations: Your chat history with Macro Coach for personalized advice
• Social & Friends Data: Friend connections, friend codes, usernames, accountability partner relationships, and activity feed posts you choose to share
• Voice Input: When using speech-to-text for meal logging, audio is processed on-device or by your device's speech recognition service
• Referral Information: Referral codes you create or use, and associated rewards
• Feedback & Bug Reports: Information you submit through in-app feedback forms
• App Preferences: Settings like dark mode, notification preferences, and privacy controls
• Direct Messages: Message content, sender and recipient identifiers, timestamps, read receipts, and message status when using the inbox messaging feature

2.2 Information Stored Locally Only (Never Uploaded)

2.3 Information Collected Automatically

• Device Information: Device type, model, operating system version, and app version
• Usage Data: Features used, screens visited, and interaction patterns (if analytics enabled)
• Performance Data: App performance metrics, load times, and responsiveness (for optimization)
• Crash Reports: Technical information when the app crashes, including device state, to help us fix issues
• Demographic Context: Aggregated, anonymized demographic data (age range, gender) to improve features for different user groups
• Camera Data: Photos you take for food scanning are processed for AI analysis but not permanently stored on our servers
• Push Notification Tokens: Device identifiers for sending notifications (if enabled)

2.4 Information from Third Parties

• Authentication Providers: If you sign in with Google or Apple, we receive your name and email from those services
• Payment Providers: Subscription status from Apple App Store or Google Play (we don't receive payment card details)

2.5 Health Platform Integration (Optional)

If you enable Health Sync, NutriMind can read from and write to your device's health platform:

Important:

• Health Sync is entirely optional and disabled by default
• You control exactly which data types are synced in Settings
• Health data stays on your device and with Apple/Google's health platforms
• We do not store health platform data on our servers beyond what you log in NutriMind
• You can disconnect Health Sync at any time

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Calculate personalized nutrition goals based on your profile
• Analyze food images using AI to estimate nutritional content
• Process voice input for hands-free meal logging
• Generate personalized meal plans tailored to your goals and preferences
• Save and organize your favorite recipes
• Provide AI-powered coaching through Macro Coach
• Track your progress, streaks, achievements, and weekly challenges
• Enable social features including friends, activity feeds, and accountability partners
• Provide smart meal suggestions based on your eating patterns
• Process referral rewards and track referral program participation
• Send you push notifications and reminders (with your permission)
• Monitor app performance and fix crashes quickly
• Improve and optimize our Service based on usage patterns
• Respond to your feedback, bug reports, and support inquiries
• Enforce usage limits to ensure fair access for all users
• Comply with legal obligations

3.1 AI Processing & Data Minimization

When using AI features (food scanning, meal plans, Macro Coach), we practice data minimization:

• Only essential information is sent to AI services (e.g., food images, relevant dietary preferences)
• Personal identifiers are not included in AI requests
• AI-generated responses are associated with your account but processed without your identity

3.2 Push Notifications

With your permission, we send push notifications for:

• Meal Plan Ready: When your AI-generated meal plan is complete
• Meal Reminders: Scheduled reminders to log your meals
• Streak Reminders: Encouragement to maintain your logging streak
• Smart Suggestions: Personalized meal suggestions based on your habits

You can manage notification preferences in Settings. Push notifications are optional and can be disabled at any time without affecting other app functionality.

3.3 Device Tokens

To deliver push notifications, we store a device token that identifies your device:

• Generated by Apple (APNs) or Google (FCM) when you enable notifications
• Stored securely in our database, linked to your user account
• Automatically removed when you disable notifications or delete your account
• Never shared with third parties except for delivery purposes

3.4 Social Features & Friends

When using social features, you control what information is shared:

• Friend Code: A unique code others can use to send you friend requests
• Username: Optional public username for friends to find you
• Activity Feed: Achievements, streaks, and milestones you choose to share with friends
• Accountability Partners: Friends you designate can see more detailed progress, including your daily food log entries (meal names, calories, macros, and logging times) when you enable this option
• Check-ins: Quick encouragement messages between accountability partners

3.5 Speech Recognition

When using voice input for meal logging:

• Audio is processed using your device's native speech recognition (iOS Speech Framework or Android Speech Services)
• Audio data is not stored or transmitted to our servers
• Speech-to-text conversion happens on-device or through Apple/Google's speech services
• You can disable microphone access at any time through your device settings

3.6 Data Export

You can export your data at any time through Settings > Export Data:

• CSV Format: Your nutrition logs in spreadsheet format
• PDF Report: A comprehensive summary of your progress

3.7 Messaging & Inbox

When using the inbox messaging feature to send encouragement messages to friends:

• Data Collected: Message content, sender ID, recipient ID, timestamp, delivery status, and read receipts
• Purpose: To enable private encouragement messaging between connected friends and accountability partners
• Storage: Messages are stored securely using encryption at rest (AES-256) and in transit (TLS 1.3)
• Encryption: Messages are encrypted at rest. End-to-end encryption is not currently implemented; messages may be accessed for moderation purposes if reported
• Retention: Messages are retained for 90 days, then automatically deleted. You may delete messages at any time
• Moderation: We use reactive moderation based on user reports. We do not proactively scan message content
• Your Controls: Delete messages, block users, or disable messaging in Settings > Social Privacy
• Friends Only: You can only message mutual friends. Blocked users cannot message you

4. Third-Party Services

We use the following third-party services that may collect and process your data:

4.1 Google Gemini AI

We use Google's Gemini AI to analyze food images, generate meal plans, and power Macro Coach. When using these features, relevant data is sent to Google's servers for processing. Google's privacy policy applies. Images and conversations are not permanently stored by Google.

4.2 Supabase (Database & Authentication)

We use Supabase to securely store your account data and nutrition logs. Supabase provides enterprise-grade security with encryption at rest and in transit.

4.3 Google Sign-In / Apple Sign-In

If you choose to sign in with Google or Apple, those services share your basic profile information (name and email) with us according to their privacy policies.

4.4 RevenueCat (Subscriptions)

We use RevenueCat to manage subscriptions. They process subscription status and purchase events according to their privacy policy. We do not receive or store your payment card details.

4.5 Google AdMob (Advertising)

Free users may see advertisements served by Google AdMob. AdMob may collect device identifiers and usage data for ad personalization.

4.6 Firebase Analytics

We use Firebase Analytics to understand how users interact with NutriMind. This helps us improve features and fix issues. Firebase Analytics may collect:

• App usage patterns (screens visited, features used)
• Device information (device type, OS version)
• App performance metrics

4.7 Firebase Cloud Messaging

We use Firebase Cloud Messaging (FCM) for Android and Apple Push Notification service (APNs) for iOS to deliver push notifications. These services:

• Process device tokens to route notifications to your device
• Do not have access to your nutrition data content
• Are governed by Google's and Apple's respective privacy policies

4.8 Sentry (Crash Reporting & Performance)

We use Sentry to monitor app stability and performance. When the app crashes or experiences issues, Sentry collects:

• Device type, model, and operating system version
• App version and build number
• Error stack traces and crash reports
• Performance metrics (app load times, screen transitions)
• Anonymized user context (age range, gender) to identify issues affecting specific user groups

4.9 Apple HealthKit (iOS)

If you enable Health Sync on iOS, NutriMind integrates with Apple HealthKit:

• Reads steps, workouts, and weight to provide comprehensive tracking
• Writes nutrition and water data so you have a complete health picture
• All HealthKit data is subject to Apple's privacy protections
• Data is never uploaded to our servers; it stays in Apple's ecosystem
• See Apple's HealthKit privacy policy for details

4.10 Google Health Connect (Android)

If you enable Health Sync on Android, NutriMind integrates with Health Connect:

• Reads steps, active calories, distance, exercises, heart rate, and weight from Health Connect
• Writes nutrition and hydration records back
• All Health Connect data is protected by Google's privacy standards
• Data remains on your device and within Google's ecosystem
• See Google's Health Connect privacy policy for details

5. Your Privacy Controls

NutriMind gives you control over your privacy through in-app settings:

6. Data Storage & Security

Your data is stored securely using Supabase's cloud infrastructure with:

• Encryption in transit (TLS 1.3)
• Encryption at rest (AES-256)
• Row-level security policies ensuring you can only access your own data
• Regular security audits and penetration testing
• Server-side rate limiting to prevent abuse

6.1 Local Data Security

• Biometric credentials: Stored in platform-secure storage (iOS Keychain / Android Keystore)
• Widget data: Encrypted using AES-GCM before storage
• Progress photos: Stored in app-private storage, not accessible to other apps

7. Data Retention

We retain your data for as long as your account is active:

• Active accounts: Data retained indefinitely while you use the service
• Nutrition logs: Logs older than 2 years may be archived to optimize performance
• Social data: Friend connections and activity feed posts retained until you remove them or delete your account
• Challenge history: Weekly challenge participation and results retained for your records
• Saved recipes: Retained until you delete them or your account
• Deleted accounts: All data permanently deleted within 30 days
• AI conversations: Macro Coach history retained for personalization; deleted with account
• Crash reports: Retained for 90 days to identify and fix issues
• Messages: Direct messages automatically deleted after 90 days. Manually deleted messages removed immediately

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data (use Export Data feature)
• Correction: Update or correct inaccurate data in your profile
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in machine-readable format (CSV)
• Opt-out: Opt out of analytics and personalized advertising
• Withdraw Consent: Disable features that require consent (notifications, biometrics)

To exercise these rights, use the in-app settings or contact us at privacy@getnutrimind.com.

9. Children's Privacy

NutriMind is intended for users 17 years of age and older. We do not knowingly collect personal information from anyone under 17. If you are under 17, please do not use this Service. If you are a parent or guardian and believe your child under 17 has provided us with personal information, please contact us immediately at privacy@getnutrimind.com.

We verify age during account registration. Users must confirm they are 17 or older to create an account.

The minimum age of 17 reflects the nature of our social and messaging features, which require maturity to use safely.

10. International Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Data Processing Agreements with all service providers
• Encryption of data in transit and at rest

11. GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing

• Contract Performance: Providing the Service you signed up for
• Legitimate Interests: Improving the Service, preventing fraud
• Consent: Optional features (notifications, analytics, personalized ads)

12. CCPA (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of the sale of personal information
• Right to request deletion of personal information
• Right to non-discrimination for exercising your rights

13. Policy Changes

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via in-app notification or email for significant changes
• Your continued use of the Service after changes constitutes acceptance

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@getnutrimind.com
• General support: support@getnutrimind.com