Privacy Policy - NutriAI

1. Introduction

NutriAI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our nutrition tracking and meal planning application. By using NutriAI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information you provide directly and automatically through your use of the app.

Personal Information

Name, age, gender, and contact details (if provided)
Physical metrics such as weight, height, and body composition data
Activity level, fitness goals (e.g., lose weight, gain muscle), and dietary preferences
Unit preferences (metric or imperial) and other personalization settings

Usage Data

Food entries including food name, quantity, meal type, nutritional details (calories, protein, carbohydrates, fat, fiber, sugar, sodium, calcium, iron, vitamin C, etc.), and timestamps
Meal plans, recipes, and associated nutritional summaries
Chat messages and interactions with our AI assistant powered by Google Gemini
Meal reminders, including scheduled times and custom messages
Saved recipes, favorites, and usage history

Technical Data

Device information (e.g., device type, operating system, app version)
Usage analytics (e.g., features used, session duration)
Firebase Authentication UID for secure user identification
IP address, location data (if enabled), and app crash reports

Optional Data

Images uploaded for food recognition or recipe purposes
Voice inputs if voice features are implemented

3. How We Use Your Information

We use the collected information for the following purposes:

Service Provision: To deliver personalized nutrition tracking, meal planning, and AI-generated recipes
AI Integration: To process data through Google Gemini API for recipe generation and nutritional guidance
Data Storage: To securely store your data in Google Firestore
Personalization: To customize your experience based on goals, preferences, and history
Improvement: To analyze usage patterns and improve app features, performance, and user experience
Communication: To send reminders, updates, or respond to inquiries
Legal Compliance: To meet legal obligations, prevent fraud, and enforce our terms

4. Legal Basis for Processing

If you are in the EU/EEA, our processing is based on:

Consent: For optional data like images or advanced features
Contract: To provide the app services you request
Legitimate Interest: For improving services and analytics
Legal Obligation: To comply with laws

5. Information Sharing and Disclosure

We do not sell your personal information. We may share it in the following circumstances:

With Your Consent: When you explicitly agree
Service Providers: With trusted third parties like Google (for Firestore and Gemini API), under data processing agreements
Legal Requirements: To comply with laws, court orders, or protect rights
Business Transfers: In case of merger or sale, with notice
Aggregated Data: Anonymized data for analytics or research

Data shared with Google Gemini is anonymized where possible to minimize privacy risks.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the US, where Google services are hosted. We ensure appropriate safeguards, such as standard contractual clauses, for such transfers.

7. Data Security

We use industry-standard security measures, including:

Encryption of data in transit and at rest in Firestore
Access controls and user authentication via Firebase Auth
Regular security audits and updates
Secure API communications

However, no system is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your data as long as necessary for the purposes outlined:

Account data: While your account is active
Chat history: Up to 90 days, then auto-deleted
Usage logs: For up to 2 years for analytics

You can request deletion of your data at any time, subject to legal requirements.

Inactive Accounts: If you do not log in to your account for 3 months, your account may be automatically deleted. We will send you a notification via email or in-app at least 1 month before deletion to allow you to log in and reactivate your account.

9. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive your data in a portable format
Restriction: Limit processing in certain cases
Objection: Object to processing based on legitimate interests
Withdraw Consent: For consent-based processing

To exercise these rights, contact us at privacy@nutriai.com. We will respond within 30 days.

10. Children's Privacy

NutriAI is not intended for children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If we discover such collection, we will delete it immediately.

11. Third-Party Services

The app integrates with:

Google Firestore: For data storage
Google Gemini API: For AI features
Firebase Auth: For authentication

These services have their own privacy policies, which we recommend reviewing.

12. Cookies and Tracking

If accessed via web, we may use cookies for session management and analytics. You can control cookies through your browser settings. For the mobile app, we do not use cookies but may collect similar data via app analytics.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or laws. We will notify you via the app or email at least 30 days before changes take effect. Continued use after changes constitutes acceptance.

Privacy Policy for NutriAI