Privacy Policy
Effective Date: January 23, 2026
Last Updated: January 23, 2026
At Nutricious4u, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application (the "App"). By using the App, you consent to the data practices described in this policy.
Key Points:
- We collect health and fitness data to provide personalized nutrition services
- Your data is shared with Google Gemini AI for nutrition analysis, workout calorie estimates, and chatbot features
- Professional dieticians can access certain profile information to provide services
- We use Firebase services to store and process your data
- You have the right to access, correct, and delete your data at any time
Table of Contents
- Information We Collect
- How We Use Your Information
- Data Sharing and Third-Party Services
- Data Storage and Security
- Data Retention
- Your Privacy Rights
- Dietician Access to Your Information
- Cookies and Tracking Technologies
- Children's Privacy
- International Data Transfers
- California Privacy Rights (CCPA)
- European Privacy Rights (GDPR)
- Indian Privacy Rights
- Changes to Privacy Policy
- Contact Information
We collect several types of information to provide and improve our services:
1.1 Information You Provide Directly
| Data Category |
Specific Information |
Purpose |
| Account Information |
Email address, password, first name, last name |
Account creation, authentication, communication |
| Personal Profile |
Age, gender, current weight, goal weight, height |
Personalized nutrition calculations and recommendations |
| Health Information |
Medical conditions, allergies, dietary preferences, activity level |
Safe and personalized diet planning |
| Fitness Goals |
Target calories, protein, fat goals, step goal, calories burned goal |
Progress tracking and personalized recommendations |
| Food Logs |
Food items, serving sizes, calculated calories, protein, fat, timestamps |
Nutrition tracking and analysis |
| Workout Logs |
Exercise types, duration, calories burned, timestamps |
Fitness tracking and goal monitoring |
| Communication Data |
Messages with dieticians, chatbot conversations, appointment requests |
Service delivery and support |
| Subscription Data |
Plan type, subscription dates, payment amounts, auto-renewal preferences, trial usage |
Billing, access control, service provision |
1.2 Information Automatically Collected
- Device Information: Device type (iOS/Android), app version, operating system
- Usage Data: Features used, time spent in app, interaction patterns
- Push Notification Tokens: Device tokens for sending notifications
- Timezone Information: For scheduling notifications and appointments
- Error Logs: Technical data when errors occur (for troubleshooting)
1.3 Sensitive Health Data
Important Notice: We collect sensitive health data including medical conditions, allergies, weight, dietary restrictions, and activity levels. This data is considered highly sensitive under privacy regulations including GDPR, CCPA, and Indian data protection laws.
By providing this information, you explicitly consent to our collection, processing, and use of this sensitive health data as described in this Privacy Policy.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Provision
- Create and manage your account
- Authenticate your identity
- Calculate personalized nutrition targets (BMR, TDEE, macronutrients)
- Analyze food items to determine calories, protein, and fat content
- Track your food intake and exercise activities
- Generate daily nutrition summaries
- Match you with dietician services
- Facilitate communication with dieticians
- Schedule and manage appointments
2.2 AI-Powered Features
- Food Nutrition Analysis: Your food queries are sent to Google Gemini AI to calculate nutritional content
- Chatbot Recommendations: Your profile, chat history, and diet PDF content are processed by Google Gemini AI to provide personalized nutrition advice
- Diet PDF Processing: PDF text is extracted to create automated notifications and enhance chatbot responses
2.3 Communication
- Send notifications (push or local, depending on platform and settings) for diet reminders, messages, appointments, and subscription updates
- Respond to your inquiries and support requests
- Send important service announcements
- Provide subscription renewal reminders (1 week, 2 days, 1 day before expiry)
- Notify about free trial expiration
2.4 Business Operations
- Manage subscription status and access to features
- Prevent fraud and ensure security
- Comply with legal obligations
- Enforce our Terms and Conditions
- Analyze app usage to improve features and performance
2.5 Personalization
- Customize your experience based on preferences and goals
- Provide relevant recommendations
- Track your progress toward fitness goals
3. Data Sharing and Third-Party Services
We share your information with third-party service providers who help us operate the App. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.1 Google / Firebase Services
What We Share: Data necessary for Firebase authentication, database, and storage operations (account info, health data, activity logs, messages, subscription data)
Purpose: Cloud storage, database management, authentication, file storage, backend infrastructure
Services Used:
- Firebase Authentication - User account management
- Cloud Firestore - Database storage for all app data
- Firebase Storage - Storage for diet PDF files
Data Location: Data is stored on Google Cloud servers. Firebase uses data centers worldwide. Your data may be stored in locations including but not limited to the United States, Europe, and Asia.
Privacy Policy: Google Privacy Policy
3.2 Google Gemini AI
Critical Disclosure: When you use AI-powered features, your data is sent to and processed by Google's Gemini AI service.
Data Sent to Gemini AI:
For Food Logging:
- Food name and serving size you enter
- Purpose: Calculate calories, protein, and fat content
For Workout Logging:
- Workout or exercise name and duration you enter
- Purpose: Estimate calories burned
For Chatbot (NutriBot):
- Your complete user profile (age, gender, weight, height, dietary preferences, allergies, medical conditions, activity level, fitness goals)
- Your entire chat history with the bot
- Your current message
- Content from your diet PDF (if you have one) - via RAG (Retrieval-Augmented Generation)
- Purpose: Provide personalized nutrition recommendations and answer your questions
Data Processing: Google processes this data on their servers to generate AI responses. For details on how Google handles Gemini API data, please review Google’s Gemini API terms and privacy documentation.
Your Control: You can avoid AI processing by not using the chatbot, food logging, or workout logging features. However, this will significantly limit the App's functionality.
Privacy Policy: Google Gemini API Terms
3.3 Expo Push Notification Service
What We Share: Push notification tokens, notification content (diet reminders, messages, appointment alerts)
Purpose: Deliver push notifications to your device
Privacy Policy: Expo Privacy Policy
3.4 Railway (Backend Hosting)
What We Share: API requests and responses pass through Railway's infrastructure
Purpose: Host our backend API server
Data Access: Railway provides the hosting infrastructure for our backend API. Data may transit through Railway’s infrastructure as part of normal operation.
Privacy Policy: Railway Privacy Policy
3.5 Professional Dieticians
What We Share: Selected profile information as detailed in Section 7
Purpose: Provide professional nutrition counseling and personalized diet plans
Who: Licensed dieticians contracted by Nutricious4u
3.6 No Sale of Personal Data
We do NOT sell your personal information to third parties for their marketing purposes. We do not share your data with advertisers or data brokers.
3.7 Legal Disclosures
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Government or regulatory requests
- Protection of our rights, property, or safety
- Protection of users or the public
- Investigation of fraud or security issues
3.8 Business Transfers
If Nutricious4u is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any such change and the choices you may have.
4. Data Storage and Security
4.1 Storage Locations
Firebase Cloud Firestore:
- User profiles and account information
- Food logs and daily nutrition summaries
- Workout logs and exercise history
- Chat messages (with dieticians and chatbot)
- Appointments and notifications
- Subscription data
Firebase Storage:
- Diet PDF files (stored at path: diets/{userId}/{filename})
Firebase Authentication:
- User authentication records
- Email/password credentials (encrypted by Firebase)
Local Device Storage:
- App preferences and local settings stored on your device (e.g., notification settings)
- Saved login credentials (if you enable "Remember Me")
- Push notification preferences
4.2 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Firebase encrypts data stored in their databases
- Authentication: Firebase Authentication uses secure password hashing and token-based access control
- Access Controls: Strict access controls limit who can access your data
- Regular Security Audits: We regularly review and update our security practices
- Secure APIs: Our backend APIs use authentication tokens and rate limiting
4.3 Data Security Limitations
Important: While we take reasonable measures to protect your data, no system is completely secure. We cannot guarantee absolute security of your information. You use the App at your own risk.
You are responsible for maintaining the security of your account credentials. Never share your password with anyone.
5. Data Retention
5.1 Active Accounts
For active accounts, we retain your data as follows:
- Account Information: Retained while your account is active
- Health Profile Data: Retained while your account is active
- Food and Workout Logs: Retained while your account is active unless you delete your account
- Daily Summaries: May be retained for a limited period for performance and reporting
- Chat History: Retained while your account is active
- Diet PDFs: Retained until you delete your account or a new PDF is uploaded (which replaces the old one)
- Subscription Data: Retained as long as needed for legal, accounting, or operational purposes
5.2 Account Deletion
When you request account deletion:
- Deletion Request Processing:
- User profile and personal information
- All health data
- Food logs and workout logs
- Chat messages
- Diet PDFs from Firebase Storage
- Appointments and notifications
- Firebase Authentication record
- Retained for Legal Compliance:
- Subscription/payment records (7 years for tax purposes)
- Transaction history (if required by law)
- Backup Systems: Data may persist in backups for a limited period before being overwritten, consistent with our backup policies
5.3 Inactive Accounts
We may delete accounts that have been inactive for more than 3 years, subject to operational and legal requirements.
6. Your Privacy Rights
You have the following rights regarding your personal data:
6.1 Right to Access
You can access your personal information at any time through your account profile and settings. You may request a copy of all data we hold about you by contacting us.
6.2 Right to Rectification
You can update and correct your personal information directly in the App at any time. If you cannot make changes yourself, contact us for assistance.
6.3 Right to Deletion
You have the right to request deletion of your account and all associated data. This can be done through the App settings under "Delete Account." Deletion is permanent and cannot be undone.
6.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format. Contact us to request a data export.
6.5 Right to Object
You can object to certain processing of your data, such as:
- Disabling AI chatbot features (though this limits functionality)
- Opting out of non-essential notifications
- Refusing to provide optional information
6.6 Right to Withdraw Consent
You can withdraw consent for data processing at any time by:
- Deleting your account
- Disabling specific features
- Changing privacy settings
Note that withdrawing consent may limit or prevent your use of certain App features.
6.7 Right to Lodge a Complaint
If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority or supervisory authority.
7. Dietician Access to Your Information
What Dieticians Can See
Professional dieticians contracted by Nutricious4u have access to certain information to provide you with nutrition counseling services:
7.1 Information Accessible to Dieticians
Profile Information:
- First name and last name
- Email address
- Subscription plan details (plan type, start date, end date)
- Total amount paid (may be visible to dieticians through administrative tools)
- App lock status (may be visible to dieticians through administrative tools)
Communication Data:
- Messages you send to dieticians
- Chat history between you and dieticians
- Appointment booking requests
Diet Management:
- Whether you need a new diet plan (countdown status)
- Previously uploaded diet PDFs
7.2 Information Typically Not Provided to Dieticians
Dieticians are not provided access through the dietician interface to:
- Your food logs (daily food intake records)
- Your workout logs (exercise history)
- Your chatbot conversation history with NutriBot
- Detailed health metrics beyond what's in your basic profile
- Your password or authentication credentials
7.3 Purpose of Access
Dieticians access your information solely to:
- Create personalized diet plans
- Provide nutrition counseling
- Respond to your messages
- Schedule appointments
- Track diet plan renewal needs
7.4 Dietician Confidentiality
All dieticians are bound by professional confidentiality obligations and our contractual agreements. They may not:
- Share your information with third parties
- Use your information for purposes other than providing services
- Access your data after you delete your account or unsubscribe
8. Cookies and Tracking Technologies
8.1 Mobile App Data
As a mobile application, Nutricious4u does not use traditional web cookies. However, we do collect and store:
- Authentication State: Managed by Firebase; the App may store session state locally
- App Preferences: To remember your settings
- Push Notification Tokens: Stored in our database to deliver notifications to your device
- Cache Data: Temporary app cache to improve performance (e.g., UI state)
8.2 Diagnostics and Debug Logs
We may collect technical diagnostics (e.g., error logs and request metadata) to troubleshoot issues and improve stability. These logs may include device type, app version, and timestamps. We do not use advertising or third-party analytics SDKs.
8.3 Third-Party Tracking
We do not allow third-party advertising networks or tracking technologies in our App. We do not use advertising trackers or sell personal data for targeted advertising.
9. Children's Privacy
Age Restriction: Nutricious4u is not intended for use by individuals under the age of 18.
We do not knowingly collect personal information from children under 18 years of age. If we learn that we have collected personal information from a child under 18, we will:
- Delete the information immediately
- Terminate the account
- Notify the account holder if contact information is available
If you believe a child under 18 has provided us with personal information, please contact us immediately at nutricious4u@gmail.com.
9.1 COPPA Compliance
While we primarily serve users in India, we comply with the U.S. Children's Online Privacy Protection Act (COPPA) as a best practice. We:
- Do not target children under 13
- Do not knowingly collect data from children under 13
- Do not market to children
10. International Data Transfers
10.1 Data Processing Locations
Nutricious4u is based in India, but your data may be processed and stored in multiple countries due to our use of global services:
- Firebase/Google Cloud: Data centers in United States, Europe, Asia
- Google Gemini AI: Processed on Google's global infrastructure
- Railway: May use servers in various jurisdictions
10.2 Data Protection Standards
When your data is transferred internationally, we ensure it is protected through:
- Contractual agreements with service providers (Data Processing Agreements)
- Standard Contractual Clauses where applicable
- Compliance with applicable data protection laws
- Security measures equivalent to or exceeding Indian standards
10.3 European Economic Area (EEA) Users
If you are located in the EEA, your data may be transferred outside the EEA. We ensure such transfers comply with GDPR requirements through:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses
- Consent where appropriate
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
11.1 Right to Know
You have the right to request:
- Categories of personal information we collect
- Specific pieces of personal information we hold
- Categories of sources from which information is collected
- Business or commercial purpose for collecting
- Categories of third parties with whom we share information
11.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, fraud prevention).