Privacy Policy

Effective Date: June 7, 2025

This Privacy Policy explains how Nutrevo ("we", "us", or "our") collects, processes, stores, and protects your personal data when you use our mobile application, Nutrevo (the "App"), and our associated website (nutrevo.app, the "Website"). We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA).

Introduction

We are dedicated to safeguarding your personal information. This Privacy Policy details our practices concerning the collection, use, and disclosure of your data. We only collect, process, and use personal data if they are necessary for the establishment, design, or amendment of a contractual relationship (inventory data). We only collect, process, and use personal data about the use of our product (usage data) if it is necessary for enabling the use of our service or for billing purposes.

1. Data We Collect and Process

We collect and process various types of data to provide and improve our services.

1.1 Personal Data You Provide Directly:

When you use our App, you input certain personal data that is essential for the functionality of the App, particularly for correctly calculating your calorie needs and managing your diet and workout diary. This data includes:

• Gender
• Birthday
• User goal (e.g., weight loss, muscle gain)
• Diet and workout diary entries

This data is processed and stored centrally on our servers. This processing is necessary for the performance of the contract with you, i.e., to provide the core functionality of the App.

1.2 Data Automatically Collected for Monitoring (Server Logs & Device Information):

For monitoring and operational purposes, we automatically collect certain data. The legal basis for this processing under GDPR is our legitimate interest in ensuring the stability and security of our services (Art. 6(1)(f) GDPR).

• Device Type and Operating System: To optimize our app for different devices and operating systems.
• Server Logs with Truncated IPs: When you access our App or Website, our servers automatically record information in server log files. This includes truncated IP addresses, which are anonymized by removing the last octet (e.g., 192.168.1.xxx). These truncated IPs are used for technical troubleshooting and security purposes and are not merged with other user data or used to identify individuals.

1.3 Website Cookies:

On our website, we only use essential cookies to track a user on this single website. These cookies are strictly necessary for the website to function and do not track your activity across other websites. No third-party cookies are used on our website.

1.4 Contact Form:

If you send us inquiries using the contact form on our website or within the App, your details from the inquiry form, including the contact details you provided there (e.g., your name and email address), will be stored by us to process the request and in case of follow-up questions. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR) and/or our legitimate interest in responding to your inquiries (Art. 6(1)(f) GDPR).

1.5 User-Uploaded Content (Food Photos):

The App allows you to upload food photos for meal detection. We do not link this data to clearly identifiable information such as email addresses or phone numbers as we do not even process those directly. However, please be aware that you may incidentally include identifiable information (e.g., faces, documents) within the photos you upload. It is your sole responsibility to prevent the inclusion of any personal or identifiable information within your uploaded photos.

2. How We Use Your Data

We use the data we collect for the following purposes:

• To Provide and Maintain the Service: This includes enabling the core functionality of the App, such as calculating calorie needs and managing your diet and workout diary.
• To Improve Our Services (Training of AI): We may use anonymized data from your diary and anonymized images for meal detection to improve our services, including the training and enhancement of our artificial intelligence (AI) models. If you wish to object to this processing, please contact xxx@yyy.app. The legal basis for this is our legitimate interest in improving our services (Art. 6(1)(f) GDPR).
• To Communicate with You: To respond to your inquiries submitted via the contact form.
• For Monitoring and Security: To ensure the stability, security, and performance of our App and Website.

3. Sharing Your Data

We do not sell your personal data to third parties.

3.1 Third-Party Service Providers (e.g., Google Gemini):

We utilize third-party services, such as Google Gemini, for specific functionalities like meal detection from images and analyses of anonymized diary data. When you send images for meal detection or anonymized data from your diary to these services, they process this data on our behalf.

• Data Processed: Images for meal detection and anonymized data from the diary are sent to these services for analysis. We ensure that no identifiable information of users is sent from us to these providers.
• Location and Data Processing Policies: We cannot control where the servers of these providers are located or what specific processing policies apply at their end. The data processing laws in the countries where these servers are located might differ from where you are located. We encourage you to review the data governance policies of such providers. For more information regarding Google Gemini's data governance, please refer to: Google Gemini Data Governance.
• User Responsibility: As stated in Section 2.5, users should ensure not to include any identifiable information within the uploaded photos.
• Legal Basis: The use of these third-party services is necessary for the performance of the contract with you (Art. 6(1)(b) GDPR) to provide the app's functionality, or based on our legitimate interest in utilizing advanced technologies to enhance our services (Art. 6(1)(f) GDPR).

3.2 Legal Requirements:

We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

4. Data Security

We implement all feasible and reasonable technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, alteration, and disclosure. These measures include, but are not limited to, data encryption, access controls, and regular security assessments. While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Retention

Your personal data will be stored on our server until the closure of your account or upon your request for deletion. Once your account is closed or you request deletion, your personal data will be promptly deleted or anonymized, unless there is a legal obligation or legitimate interest to retain certain data for a longer period (e.g., for tax or accounting purposes, or for the defense of legal claims).

6. Your Data Protection Rights

Under GDPR and CCPA, you have certain rights regarding your personal data. To exercise any of these rights, please contact us at xxx@yyy.app. We will respond to your request within the timeframes required by applicable law.

6.1 Rights under GDPR:

• Right of Access (Art. 15 GDPR)
• Right to Rectification (Art. 16 GDPR)
• Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)
• Right to Restriction of Processing (Art. 18 GDPR)
• Right to Data Portability (Art. 20 GDPR)
• Right to Object (Art. 21 GDPR)
• Right to Withdraw Consent (Art. 7(3) GDPR)
• Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

6.2 Rights under CCPA:

• Right to Know
• Right to Delete
• Right to Opt-Out of Sale
• Right to Non-Discrimination

To exercise any of these rights, please contact us at xxx@yyy.app. We will verify your request according to CCPA guidelines.