Privacy Policy

1. INTRODUCTION

Welcome to Nutrilogy ("we," "us," "our," "Company"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our website (https://nutrilogy.in), mobile applications, and related services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with our data practices, please do not use the Services.

This Privacy Policy is incorporated into our Terms and Conditions and applies to all users of Nutrilogy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

• Name, email address, phone number
• Date of birth, gender
• Password (encrypted via Clerk authentication)
• Profile photo (optional)

Health Profile Information:

• Current weight and height
• Medical conditions (diabetes, PCOS, hypertension, thyroid, etc.)
• Food allergies and intolerances
• Dietary preferences (vegetarian, vegan, keto, etc.)
• Current bio-indexes (blood sugar, cholesterol, blood pressure, HbA1c)
• Medication list (optional, for dietary interaction alerts)
• Family health history (optional)
• Health goals (weight loss, muscle gain, manage diabetes, etc.)
• Activity level and exercise routine

Meal Logs and Nutrition Data:

• Meal photos uploaded for AI recognition
• Manually logged meal information
• Portion sizes and quantities
• Meal timing and frequency
• Nutritional breakdown (calculated automatically)
• Water intake logs
• Sleep logs and patterns
• Symptom tracking data

Communication Data:

• Messages and conversations with our AI health assistant
• Support requests and feedback
• Consultation notes (if using professional services)
• Preferences for communications and notifications

Payment Information:

• Credit/debit card details (processed securely via Razorpay; we do NOT store full card numbers)
• Billing address
• Subscription tier and renewal dates
• Purchase history

2.2 Information Collected Automatically

Device and Technical Information:

• Device type, model, and operating system
• Mobile device identifiers (IDFA for iOS, GAID for Android)
• IP address
• Browser type and version
• Pages visited and time spent
• App usage patterns and feature interactions
• Crash reports and error logs
• Technical performance metrics

Authentication Information:

• Login timestamps and frequency
• Account access history
• Session information

Location Information:

• General location (city-level) if you grant permission
• We do NOT track precise real-time location

Cookies and Similar Technologies:

• We use cookies, local storage, and analytics tools to understand how you use the Services
• You can disable cookies in your browser settings, but some features may not work properly

2.3 Information from Third-Party Sources

Wearable Device Integration:

• If you connect a fitness wearable (Fitbit, Apple Watch, Google Fit), we receive:
  • Daily step count and activity data
  • Heart rate and sleep data
  • Calories burned
  • Exercise type and duration
• You can disconnect wearables anytime from Account settings

Third-Party Providers:

• OpenAI API: When you interact with our AI assistant, your conversation (excluding direct health data identifiers) is sent to OpenAI to generate responses. OpenAI may process this data per their Privacy Policy.
• Supabase: Your data is stored in Supabase databases, which implement industry-standard security measures
• Clerk: Authentication data is managed by Clerk

Social Media (if you connect accounts):

• If you sign up via Google, Apple ID, or other social platforms, we receive basic profile information

3. HOW WE USE YOUR INFORMATION

3.1 To Provide Services

We use your information to:

• Create and manage your Account
• Provide personalized nutrition recommendations and meal plans
• Generate AI-powered responses to your nutrition questions
• Track your meals, health metrics, and progress
• Calculate calories, macros, and micronutrients
• Integrate data from wearable devices
• Send reminders for meal logging, water intake, and health goals

3.2 To Improve Services

• Analyze how users interact with Nutrilogy
• Identify and fix bugs or performance issues
• Train and improve our AI meal recognition model (using anonymized data)
• Develop new features and optimize existing ones
• Conduct analytics and research on nutrition trends

3.3 To Personalize Your Experience

• Provide customized meal plans based on your health profile
• Suggest foods aligned with your allergies, preferences, and goals
• Show behavioral insights (e.g., "You eat more after poor sleep")
• Tailor notifications and reminders to your habits
• Optimize app interface and features for your preferences

3.4 For Marketing and Communications

• Send newsletters, tips, and educational content (with your consent)
• Notify you about new features, updates, and special offers
• Survey your satisfaction and gather feedback
• Send promotional emails (you can unsubscribe anytime)

3.5 For Safety and Legal Compliance

• Detect and prevent fraud, abuse, or unauthorized access
• Investigate violations of our Terms and Conditions
• Comply with court orders, legal requests, or government inquiries
• Protect the rights, property, and safety of Nutrilogy, users, and the public

4. DATA RETENTION

4.1 Active Account Data

While your Account is active, we retain:

• All personal and health data you provide
• Meal logs and nutrition history
• AI conversation history
• Wearable device data syncs
• Account activity logs

4.2 After Account Deletion

When you delete your Account:

• Your personal data (name, email, phone) is deleted within 30 days
• Health data (meal logs, health metrics) is deleted within 30 days
• Anonymized, aggregated data may be retained for research and analytics
• Data may be retained longer if required by law (e.g., tax, financial records)
• Backup copies may take up to 90 days to be purged from our systems

4.3 Payment and Financial Records

Payment information and transaction history are retained for 7 years as required by Indian tax and accounting regulations.

4.4 Anonymized Data

Aggregated, anonymized data (e.g., "85% of users with diabetes improved their HbA1c") may be retained indefinitely for research and analytics purposes.

5. DATA SHARING AND DISCLOSURE

5.1 We DO NOT Sell Your Data

Nutrilogy does NOT sell, rent, or trade your personal or health data to third parties for marketing purposes.

5.2 We MAY Share Data With

Service Providers:

• Clerk: Authentication and account management
• Supabase: Secure data storage and database management
• OpenAI API: For AI assistant responses (conversations sent without direct identifiers)
• Razorpay: Secure payment processing
• Analytics Tools: Google Analytics, Mixpanel (aggregated data only)
• Email Service: SendGrid or similar (for notifications)
• Hosting Providers: AWS, Google Cloud (for infrastructure and backup)

All service providers are bound by confidentiality agreements and data protection clauses.

Healthcare Professionals:

• If you explicitly authorize, we may share your health data with a nutritionist, dietitian, or doctor
• You can revoke this authorization anytime from your Account settings
• Professional access to your data is logged and traceable

Researchers:

• With your explicit consent, we may share anonymized, aggregated health data with nutrition scientists and researchers
• This data cannot identify you individually
• Research is conducted in compliance with ethical guidelines

Legal Requirements:

• We may disclose your information if required by law, court order, subpoena, or government request
• We will attempt to notify you of such requests unless prohibited by law
• We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and other Indian privacy laws

Business Transfers:

• If Nutrilogy is acquired, merged, or sold, your data may be transferred to the new owner
• You will be notified of any material changes to this Privacy Policy

5.3 We DO NOT Share With

• Competitors or marketing companies
• Third-party advertisers (except for your own performance tracking)
• Insurance companies or employers (unless you explicitly authorize)
• Social media platforms (unless you sign up via social login)

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security practices:

Encryption:

• In Transit: All data transmitted between your device and our servers uses TLS 1.3 (HTTPS)
• At Rest: Sensitive data (health records, payment info) is encrypted using AES-256
• Passwords: Your password is securely hashed and never stored in plain text

Access Controls:

• Only authorized employees with a legitimate business need access personal data
• Access is logged and monitored
• Multi-factor authentication is available for Account security

Infrastructure:

• Servers are hosted on Supabase (hosted on AWS) with SOC 2 compliance
• Regular security audits and vulnerability assessments
• Automated backup and disaster recovery systems
• DDoS protection and rate limiting

Third-Party Providers:

• All third-party service providers (Clerk, OpenAI, Razorpay) implement comparable security standards
• We review their security certifications and practices regularly

6.2 Your Responsibilities

While we invest heavily in security, no system is 100% secure. You are responsible for:

• Keeping your password confidential
• Logging out of your Account after each session
• Using a secure internet connection (not public WiFi for sensitive data)
• Notifying us immediately of any suspicious activity

6.3 Data Breach Notification

In the event of a data breach:

• We will notify affected users within 72 hours (per DPDPA requirements)
• We will notify relevant authorities as required by law
• We will provide guidance on protective measures you should take
• We will publish details on our website about the breach

7. YOUR PRIVACY RIGHTS

7.1 Right to Access

You have the right to request a copy of all your personal data. To request:

• Log into your Account → Settings → Download My Data
• Or email nutrilogy.in@gmail.com with your request
• We will provide your data within 30 days in a portable format (CSV/JSON)

7.2 Right to Correction

You can update or correct your information anytime through your Account settings:

• Edit profile information
• Update health data
• Modify communication preferences

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your Account and data:

• Go to Settings → Delete My Account → Confirm
• Or email nutrilogy.in@gmail.com requesting account deletion
• We will delete your data within 30 days (subject to legal retention requirements)
• Note: Some anonymized data may be retained for research

7.4 Right to Object

You can object to:

• Personalized recommendations (your data will not be used for this purpose)
• Marketing communications (unsubscribe anytime)
• Sharing of anonymized data with researchers

7.5 Right to Data Portability

You can export your data in a standard format:

• Use the "Download My Data" feature in Account Settings
• Request a data export by emailing nutrilogy.in@gmail.com
• Data will be provided within 30 days

7.6 Right to Lodge a Complaint

If you believe your privacy rights have been violated:

• Contact us first at nutrilogy.in@gmail.com
• If unresolved, you can file a complaint with the relevant Indian data protection authority
• In India: You can contact the Secretary, Ministry of Electronics and Information Technology, Government of India

8. INTERNATIONAL DATA TRANSFERS

Our Services are operated from Bangalore, India, and your data is primarily stored in India (via Supabase/AWS).

However, your data may be transferred to and processed in other countries where our service providers operate (e.g., USA for OpenAI, USA for AWS, Australia for some backups).

By using our Services, you consent to the transfer of your data to jurisdictions outside India, where data protection laws may differ from India's laws. We ensure that all transfers comply with applicable Indian privacy laws.

9. COOKIES AND ANALYTICS

9.1 Cookies

We use cookies for:

• Remembering your login information
• Tracking your preferences and settings
• Analyzing usage patterns
• Improving user experience
• Marketing analytics

9.2 Analytics

We use analytics tools (Google Analytics, Mixpanel) to understand:

• Pages and features users visit most
• User flow and engagement patterns
• Technical performance metrics
• Aggregated demographic insights

All analytics data is anonymized and aggregated; individual user identities cannot be determined.

9.3 Disabling Cookies

You can disable cookies in your browser:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Safari: Preferences → Privacy → Cookies and website data
• Firefox: Preferences → Privacy and Security

Note: Disabling cookies may limit functionality of the Services.

10. CHILDREN'S PRIVACY

The Services are intended for users aged 18 and above. We do not knowingly collect data from children under 18.

If we discover that a child under 18 has created an Account:

• We will delete the Account and associated data within 30 days
• We will attempt to notify the parent/guardian

If you believe a child has created an Account, please contact us immediately at nutrilogy.in@gmail.com.

11. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites and services (recipe sites, health resources, wearable manufacturers).

Nutrilogy is NOT responsible for:

• Third-party websites' privacy practices
• Third-party service providers' handling of your data
• Content on third-party sites

Before sharing information with third parties, review their privacy policies. Your use of third-party services is governed by their terms, not ours.

12. CALIFORNIA AND INTERNATIONAL PRIVACY RIGHTS

12.1 California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request what personal data we collect and how it's used
• Right to Delete: Request deletion of your personal data (with exceptions)
• Right to Opt-Out: Opt-out of data selling (we don't sell data, but you can opt-out of analytics)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, email nutrilogy.in@gmail.com with "CCPA Request" in the subject line.

12.2 GDPR (European Users)

If you are located in the European Union, GDPR may apply. Your rights include:

• Right of access, correction, erasure, and data portability
• Right to object to processing
• Right to lodge a complaint with your local data protection authority

Contact us at nutrilogy.in@gmail.com to exercise your GDPR rights.

12.3 Indian Privacy Rights (DPDPA)

Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have:

• Right to access, correct, and erase your personal data
• Right to data portability
• Right to withdraw consent anytime
• Right to lodge complaints with the Data Protection Board of India

13. CONTACT US

For questions about this Privacy Policy or our data practices:

Email: nutrilogy.in@gmail.com
Website: https://nutrilogy.in
Address: Bangalore, India

We will respond to privacy inquiries within 7-10 business days.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

How we'll notify you:

• We'll update the "Last Updated" date at the top of this policy
• For material changes, we'll notify you via email or prominent notice on our Site
• Your continued use of the Services after changes constitutes acceptance

15. YOUR ACKNOWLEDGMENT

By using Nutrilogy, you acknowledge that:

• You have read and understood this Privacy Policy
• You agree to our collection, use, and disclosure of your information as described
• You understand the risks of sharing health information online
• You understand that Nutrilogy is NOT a substitute for professional medical advice
• You consent to the transfer of your data to third-party service providers