Privacy Policy

1. INTRODUCTION

Welcome to Nutrilogy ("we," "us," "our," "Company"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our website and web application (https://nutrilogy.in) and related services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with our data practices, please do not use the Services.

This Privacy Policy is incorporated into our Terms and Conditions and applies to all users of Nutrilogy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

• Name, email address, phone number
• Date of birth, gender
• Password (encrypted via Clerk authentication)
• Profile photo (optional)

Health Profile Information:

• Current weight and height
• Medical conditions (diabetes, PCOS, hypertension, thyroid, etc.)
• Food allergies and intolerances
• Dietary preferences (vegetarian, vegan, keto, etc.)
• Current bio-indexes (blood sugar, cholesterol, blood pressure, HbA1c)
• Medication list (optional, for dietary interaction alerts)
• Family health history (optional)
• Health goals (weight loss, muscle gain, manage diabetes, etc.)
• Activity level and exercise routine

Meal Logs and Nutrition Data:

• Meal photos uploaded for AI recognition
• Manually logged meal information
• Portion sizes and quantities
• Meal timing and frequency
• Nutritional breakdown (calculated automatically)
• Water intake logs
• Sleep logs and patterns
• Symptom tracking data

Communication Data:

• Messages and conversations with our AI health assistant
• Support requests and feedback
• Preferences for communications and notifications

2.2 Information Collected Automatically

Device and Technical Information:

• Device type, model, and operating system
• IP address
• Browser type and version
• Pages visited and time spent
• App usage patterns and feature interactions
• Crash reports and error logs
• Technical performance metrics

Authentication Information:

• Login timestamps and frequency
• Account access history
• Session information

Location Information:

• General location (city-level) if you grant permission
• We do NOT track precise real-time location

Cookies and Similar Technologies:

• We use cookies, local storage, and analytics tools to understand how you use the Services
• You can disable cookies in your browser settings, but some features may not work properly

2.3 Information from Third-Party Sources

Third-Party Providers:

• OpenAI API: When you interact with our AI assistant, your conversation (excluding direct health data identifiers) is sent to OpenAI to generate responses. OpenAI may process this data per their Privacy Policy.
• Neon: Your data is stored in Neon PostgreSQL databases, which implement industry-standard security measures
• Clerk: Authentication data is managed by Clerk

Social Media (if you connect accounts):

• If you sign up via Google, Apple ID, or other social platforms, we receive basic profile information

3. HOW WE USE YOUR INFORMATION

3.1 To Provide Services

We use your information to:

• Create and manage your Account
• Provide personalized nutrition recommendations and meal plans
• Generate AI-powered responses to your nutrition questions
• Track your meals, health metrics, and progress
• Calculate calories, macros, and micronutrients
• Send reminders for meal logging, water intake, and health goals

3.2 To Improve Services

• Analyze how users interact with Nutrilogy
• Identify and fix bugs or performance issues
• Train and improve our AI meal recognition model (using anonymized data)
• Develop new features and optimize existing ones
• Conduct analytics and research on nutrition trends

3.3 To Personalize Your Experience

• Provide customized meal plans based on your health profile
• Suggest foods aligned with your allergies, preferences, and goals
• Show behavioral insights (e.g., "You eat more after poor sleep")
• Tailor notifications and reminders to your habits
• Optimize app interface and features for your preferences

3.4 For Marketing and Communications

• Send newsletters, tips, and educational content (with your consent)
• Notify you about new features, updates, and special offers
• Survey your satisfaction and gather feedback
• Send promotional emails (you can unsubscribe anytime)

3.5 For Safety and Legal Compliance

• Detect and prevent fraud, abuse, or unauthorized access
• Investigate violations of our Terms and Conditions
• Comply with court orders, legal requests, or government inquiries
• Protect the rights, property, and safety of Nutrilogy, users, and the public

4. DATA RETENTION

4.1 Active Account Data

While your Account is active, we retain:

• All personal and health data you provide
• Meal logs and nutrition history
• AI conversation history
• Account activity logs

4.2 After Account Deletion

When you delete your Account:

• Your personal data (name, email, phone) is deleted within 30 days
• Health data (meal logs, health metrics) is deleted within 30 days
• Anonymized, aggregated data may be retained for research and analytics
• Data may be retained longer if required by law
• Backup copies may take up to 90 days to be purged from our systems

4.3 Anonymized Data

Aggregated, anonymized data (e.g., "85% of users with diabetes improved their HbA1c") may be retained indefinitely for research and analytics purposes.

5. DATA SHARING AND DISCLOSURE

5.1 We DO NOT Sell Your Data

Nutrilogy does NOT sell, rent, or trade your personal or health data to third parties for marketing purposes.

5.2 We MAY Share Data With

Service Providers:

• Clerk: Authentication and account management
• Neon: Secure PostgreSQL data storage and database management
• OpenAI API: For AI assistant responses (conversations sent without direct identifiers)
• PostHog: Product analytics and event tracking
• Email Service: SendGrid or similar (for notifications)
• Hosting Providers: Vercel and DigitalOcean for application hosting, infrastructure, and backups

All service providers are bound by confidentiality agreements and data protection clauses.

Researchers:

• With your explicit consent, we may share anonymized, aggregated health data with nutrition scientists and researchers
• This data cannot identify you individually
• Research is conducted in compliance with ethical guidelines

Legal Requirements:

• We may disclose your information if required by law, court order, subpoena, or government request
• We will attempt to notify you of such requests unless prohibited by law
• We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and other Indian privacy laws

Business Transfers:

• If Nutrilogy is acquired, merged, or sold, your data may be transferred to the new owner
• You will be notified of any material changes to this Privacy Policy

5.3 We DO NOT Share With

• Competitors or marketing companies
• Third-party advertisers (except for your own performance tracking)
• Insurance companies or employers (unless you explicitly authorize)
• Social media platforms (unless you sign up via social login)

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security practices:

Encryption:

• In Transit: All data transmitted between your device and our servers uses TLS 1.3 (HTTPS)
• At Rest: Sensitive data, such as health records, is encrypted using AES-256
• Passwords: Your password is securely hashed and never stored in plain text

Access Controls:

• Only authorized employees with a legitimate business need access personal data
• Access is logged and monitored
• Multi-factor authentication is available for Account security

Infrastructure:

• Application hosting and infrastructure are provided through Vercel and DigitalOcean
• Data is stored in Neon PostgreSQL databases
• Regular security reviews and vulnerability assessments
• Backup and disaster recovery processes
• DDoS protection and rate limiting where supported by our providers

Third-Party Providers:

• We expect third-party service providers such as Clerk, OpenAI, Neon, Vercel, and DigitalOcean to implement comparable security standards
• We review their security certifications and practices regularly

6.2 Your Responsibilities

While we invest heavily in security, no system is 100% secure. You are responsible for:

• Keeping your password confidential
• Logging out of your Account after each session
• Using a secure internet connection (not public WiFi for sensitive data)
• Notifying us immediately of any suspicious activity

6.3 Data Breach Notification

In the event of a data breach:

• We will notify affected users within 72 hours (per DPDPA requirements)
• We will notify relevant authorities as required by law
• We will provide guidance on protective measures you should take
• We will publish details on our website about the breach

7. YOUR PRIVACY RIGHTS

7.1 Right to Access

You have the right to request a copy of all your personal data. To request:

• Log into your Account → Settings → Download My Data
• Or email nutrilogy.in@gmail.com with your request
• We will provide your data within 30 days in a portable format (CSV/JSON)

7.2 Right to Correction

You can update or correct your information anytime through your Account settings:

• Edit profile information
• Update health data
• Modify communication preferences

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your Account and data:

• Go to Settings → Delete My Account → Confirm
• Or email nutrilogy.in@gmail.com requesting account deletion
• We will delete your data within 30 days (subject to legal retention requirements)
• Note: Some anonymized data may be retained for research

7.4 Right to Object

You can object to:

• Personalized recommendations (your data will not be used for this purpose)
• Marketing communications (unsubscribe anytime)
• Sharing of anonymized data with researchers

7.5 Right to Data Portability

You can export your data in a standard format:

• Use the "Download My Data" feature in Account Settings
• Request a data export by emailing nutrilogy.in@gmail.com
• Data will be provided within 30 days

7.6 Right to Lodge a Complaint

If you believe your privacy rights have been violated:

• Contact us first at nutrilogy.in@gmail.com
• If unresolved, you can file a complaint with the relevant Indian data protection authority
• In India: You can contact the Secretary, Ministry of Electronics and Information Technology, Government of India

8. INTERNATIONAL DATA TRANSFERS

Our Services are operated from Bangalore, India. Your data may be stored and processed through our service providers, including Neon, Vercel, and DigitalOcean.

Your data may be transferred to and processed in other countries where our service providers operate, including providers used for AI, hosting, analytics, authentication, infrastructure, and backups.

By using our Services, you consent to the transfer of your data to jurisdictions outside India, where data protection laws may differ from India's laws. We ensure that all transfers comply with applicable Indian privacy laws.

9. COOKIES AND ANALYTICS

9.1 Cookies

We use cookies for:

• Remembering your login information
• Tracking your preferences and settings
• Analyzing usage patterns
• Improving user experience
• Marketing analytics

9.2 Analytics

We use analytics tools such as PostHog to understand:

• Pages and features users visit most
• User flow and engagement patterns
• Technical performance metrics
• Aggregated demographic insights

Some analytics events may be associated with your account identifier and basic account details (such as your name or email) so we can understand onboarding, troubleshoot account issues, and improve product behavior.

We do not send meal contents, hydration amounts, metric values, medical conditions, or AI-generated goal values as analytics event properties.

9.3 Disabling Cookies

You can disable cookies in your browser:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Safari: Preferences → Privacy → Cookies and website data
• Firefox: Preferences → Privacy and Security

Note: Disabling cookies may limit functionality of the Services.

10. CHILDREN'S PRIVACY

The Services are intended for users aged 18 and above. We do not knowingly collect data from children under 18.

If we discover that a child under 18 has created an Account:

• We will delete the Account and associated data within 30 days
• We will attempt to notify the parent/guardian

If you believe a child has created an Account, please contact us immediately at nutrilogy.in@gmail.com.

11. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites and services, such as recipe sites or health resources.

Nutrilogy is NOT responsible for:

• Third-party websites' privacy practices
• Third-party service providers' handling of your data
• Content on third-party sites

Before sharing information with third parties, review their privacy policies. Your use of third-party services is governed by their terms, not ours.

12. CONTACT US

For questions about this Privacy Policy or our data practices:

• Email: nutrilogy.in@gmail.com
• Website: https://nutrilogy.in
• Address: Bangalore, India

We will respond to privacy inquiries within 7-10 business days.

13. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

How we'll notify you:

• We'll update the "Last Updated" date at the top of this policy
• For material changes, we'll notify you via email or prominent notice on our Site
• Your continued use of the Services after changes constitutes acceptance

14. YOUR ACKNOWLEDGMENT

By using Nutrilogy, you acknowledge that:

• You have read and understood this Privacy Policy
• You agree to our collection, use, and disclosure of your information as described
• You understand the risks of sharing health information online
• You understand that Nutrilogy is NOT a substitute for professional medical advice
• You consent to the transfer of your data to third-party service providers