Privacy Policy

NutriNex Privacy Policy

Last Updated: January 18, 2026
Version: 1.0
Effective Date: January 18, 2026

1. Introduction

Welcome to NutriNex ("we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect your personal data when you use our mobile application ("App").

NutriNex is a nutrition and calorie tracking application that helps users track their food intake, calories, and nutritional values. This privacy policy is drafted in accordance with the General Data Protection Regulation (GDPR) and Apple's privacy requirements.

Data Controller:
ICT-Worx BVBA
Ter Waarde 45
8900, Ypres
Belgium
Email: support@nutrinex.app

2. Data We Collect

2.1 Account and Authentication Data

When you sign in via Apple Sign In, we collect:

  • Email address (if available via Apple Sign In)
  • Name (if available via Apple Sign In)
  • Apple User ID (unique identifier)
  • Authentication tokens (for session management)

Legal Basis: Performance of contract (GDPR Art. 6(1)(b))

2.2 Profile Data

During the onboarding process, we collect:

  • Gender (optional)
  • Date of birth
  • Height (in cm or inches)
  • Current weight (in kg or lbs)
  • Target weight (in kg or lbs)
  • Fitness goals (lose weight, maintain, gain weight)
  • Diet preferences (Classic, Pescatarian, Vegetarian, Vegan)
  • Workout frequency (0-2, 3-5, 6+ times per week)
  • Calories burned preference (Yes/No)
  • Obstacles (e.g., lack of consistency, unhealthy eating habits)
  • Objectives (e.g., eat and live healthier, boost energy)
  • Previous experience with nutrition apps
  • Referral source (where you heard about us)

Legal Basis: Performance of contract and consent (GDPR Art. 6(1)(b) and (a))

2.3 Food Data

When you log food via the App, we collect:

  • Food photos (stored locally and in the cloud)
  • Food name (identified via AI analysis)
  • Calories
  • Macronutrients (protein, carbohydrates, fats, fiber)
  • Portion sizes
  • Timestamp of logging
  • Confidence score of AI analysis

Legal Basis: Performance of contract (GDPR Art. 6(1)(b))

2.4 Chat and AI Interaction Data

When you use the AI assistant, we collect:

  • Chat messages (questions and answers)
  • Chat sessions (title, last message, timestamp)
  • Contextual information (nutrition goals, history)

Legal Basis: Performance of contract (GDPR Art. 6(1)(b))

2.5 Progress and Tracking Data

We automatically collect:

  • Daily calorie intake
  • Macro goals and achievements
  • Progress overviews (charts, trends)
  • Weight history (if entered by user)

Legal Basis: Performance of contract (GDPR Art. 6(1)(b))

2.6 Technical Data

For App functionality, we collect:

  • App version
  • Operating system (iOS version)
  • Device type
  • Unique device ID (for synchronization)
  • Crash reports (only with your consent)
  • Usage statistics (only with your consent)

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) and consent for analytics/crash reporting

2.7 Payment Data

For premium subscriptions:

  • Subscription status (via RevenueCat)
  • Transaction ID (via App Store)
  • Subscription date and expiration date

Note: We do not process credit card data. All payments are processed by Apple via the App Store and RevenueCat.

Legal Basis: Performance of contract (GDPR Art. 6(1)(b))

2.8 Data We Do NOT Collect

We do NOT collect:

  • Location data (unless explicitly shared by user)
  • Biometric data (except for authentication via Apple Face ID/Touch ID)
  • Health data from Health app (unless explicitly shared by user)
  • Personal data of third parties
  • Data for advertising tracking (we do not engage in cross-app tracking)

3. How We Use Your Data

3.1 Primary Purposes

We use your data for:

  1. Service Delivery
    • Providing nutrition and calorie tracking functionality
    • AI analysis of food images
    • Personalized nutrition advice via AI assistant
    • Generating personalized nutrition plans
    • Synchronizing data between your devices
  2. Account Management
    • Authentication and authorization
    • Account management and support
    • Communication about your account
  3. Service Improvement
    • App usage analysis (only with consent)
    • Bug fixes and crash reporting (only with consent)
    • Product development and improvement

3.2 Marketing (Only with Consent)

We do NOT use your data for:

  • Direct marketing emails (unless you have explicitly given consent)
  • Personalized advertisements
  • Cross-app tracking
  • Selling data to third parties

4. Sharing Data with Third Parties

We only share your data with trusted service providers who help us deliver our services:

4.1 Supabase (Database and Backend)

Purpose: Storage of user data, food items, chat history
Data: Account data, profile data, food data, chat data
Location: Europe
Privacy Policy: https://supabase.com/privacy
GDPR Compliant: Yes

4.2 OpenAI (AI Services)

Purpose: AI analysis of food images and chat functionality
Data: Food photos, chat messages, contextual information
Location: United States
Privacy Policy: https://openai.com/privacy
GDPR Compliant: Yes (via Standard Contractual Clauses)
Data Processing Addendum: https://openai.com/enterprise-privacy

Important: OpenAI does not use your data to train their models. Your data is only used to generate responses and is not stored for training purposes.

4.3 RevenueCat (Subscription Management)

Purpose: Management of premium subscriptions
Data: Device ID, subscription status, transaction ID
Location: United States
Privacy Policy: https://www.revenuecat.com/privacy
GDPR Compliant: Yes

4.4 Apple (Authentication and Payments)

Purpose: Apple Sign In authentication and App Store payments
Data: Apple User ID, email address (if available), name (if available), payment data
Location: United States / Ireland
Privacy Policy: https://www.apple.com/privacy
GDPR Compliant: Yes

4.5 iCloud Keychain and CloudKit (Synchronization)

Purpose: Secure storage and synchronization between devices
Data: Encrypted authentication data, app settings
Location: Apple data centers (worldwide)
Privacy Policy: https://www.apple.com/privacy
GDPR Compliant: Yes

4.6 Data Sharing with Third Parties - General Terms

  • We NEVER sell your data to third parties
  • We only share data necessary for the service
  • All service providers are contractually obligated to protect your data
  • We only use service providers that are GDPR compliant
  • Data is only shared for the specific purposes described above

5. Data Storage and Security

5.1 Storage Locations

Your data is stored:

  • Locally on your device (via AsyncStorage)
  • In the cloud (via Supabase, hosted in Europe)
  • In iCloud (for synchronization between devices, encrypted data only)

5.2 Security Measures

We implement technical and organizational measures to protect your data:

  • Encryption in transit: All data is encrypted during transmission (TLS/SSL)
  • Encryption at rest: Sensitive data is encrypted when stored
  • Access control: Only authorized personnel have access to data
  • Regular security audits
  • Password security: Authentication via Apple Sign In (no passwords stored)
  • Secure Storage: Use of iOS Secure Enclave and Keychain for sensitive data

5.3 Data Retention

We retain your data:

  • As long as your account is active
  • Maximum 365 days after account deletion (unless legally required to retain longer)
  • Crash reports: Maximum 90 days
  • Analytics data: Maximum 2 years (anonymized)

You can adjust your data retention settings in the App settings.

6. Your Rights Under GDPR

As a user in the European Economic Area (EEA), you have the following rights:

6.1 Right of Access (Art. 15 GDPR)

You have the right to know what data we collect about you and how we use it. You can request an overview of your data via the App (Privacy Dashboard) or via email.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate or incomplete data corrected. You can do this via the App settings or by contacting us.

6.3 Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to have your data deleted. You can do this by:

Note: After deletion, we cannot restore your data. Some data may be legally required to retain (e.g., for tax purposes).

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to restrict the processing of your data in certain circumstances (e.g., when you dispute the accuracy of data).

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format. You can export your data via:

6.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your data based on legitimate interest. You can do this via the App settings or by contacting us.

6.7 Right to Withdraw Consent (Art. 7 GDPR)

For processing based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

6.8 Right to Lodge a Complaint

If you believe we are not processing your data correctly, you have the right to lodge a complaint with your local data protection authority:

For Belgium:
Gegevensbeschermingsautoriteit (GBA) / Autorité de la Protection des Données (APD)
Rue de la Presse 35
1000 Brussel / Bruxelles
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be

For other EU countries: Please contact your local data protection authority.

7. Cookies and Tracking Technologies

7.1 Tracking

NutriNex does NOT use cross-app tracking or advertising tracking. We do not track users across apps and websites of other companies.

7.2 Analytics (Opt-in)

We only use anonymized analytics to improve the App. You can disable this via App Settings > Privacy Settings > Analytics.

7.3 Crash Reporting (Opt-in)

We collect crash reports to identify and fix bugs. You can disable this via App Settings > Privacy Settings > Crash Reporting.

8. Children and Privacy

NutriNex is not intended for children under 13 years of age (or 16 years in the EEA, depending on local legislation). We do not knowingly collect data from children under this age.

If you suspect that a child under 13/16 years of age has shared data with us, please contact us at support@nutrinex.app so we can delete the data.

9. International Data Transfers

Some of our service providers are located outside the EEA (e.g., OpenAI and RevenueCat in the United States). When we transfer data to countries outside the EEA, we ensure that:

  • The recipient is located in a country with an adequate level of protection (as determined by the European Commission), OR
  • We use appropriate safeguards such as:
    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Privacy Shield (where applicable)
    • Other legally approved mechanisms

10. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

When we make significant changes:

  • We will notify you via the App or by email
  • We will update the "Last Updated" date
  • We will ask you to accept the updated privacy policy

Your continued use of the App after changes means you accept the updated privacy policy.

11. Apple-Specific Privacy Requirements

11.1 Privacy Nutrition Label

In accordance with Apple's App Store Privacy Requirements:

  • Data used to track you: None
  • Data linked to you: Account data, profile data, food data, chat data, payment data
  • Data not linked to you: Anonymized analytics, crash reports

11.2 App Tracking Transparency

NutriNex does NOT request App Tracking Transparency permission because we do not perform cross-app tracking.

11.3 PrivacyInfo.xcprivacy

Our App contains a PrivacyInfo.xcprivacy file that follows Apple's requirements for privacy disclosure.

12. Contact Information

For questions about this privacy policy or to exercise your rights, you can contact us:

Email: support@nutrinex.app
Website: https://nutrinex.app
Support: https://nutrinex.app/#support

Data Controller:
ICT-Worx BVBA
Ter Waarde 45
8900, Ypres
Belgium

13. Consent

By using the App, you consent to this privacy policy. If you do not agree with this policy, please do not use the App.

If you have questions about this privacy policy, please contact us at support@nutrinex.app.

This privacy policy is drafted in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)
  • Apple App Store Review Guidelines
  • Apple Privacy Requirements

Last Updated: January 18, 2026
Version: 1.0