Privacy Policy

Last updated: February 14, 2026

Nutrina ("we", "our", or "us") operates the Nutrina mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller: Nutrina, Gaziantep, Turkey. For all data protection inquiries, please contact us at support@nutrina.org.

1. Information We Collect

We collect the following categories of information:

a) Account Information

• Email address and password (stored securely using industry-standard hashing).
• Display name (optional).
• Profile pictures.
• Preferred language setting.
• Email verification status.

b) Third-Party Authentication Data

• If you sign in using Google, we receive your name, email address, and profile photo from Google.
• If you sign in using Apple, we receive your name and email address from Apple.
• We store the associated provider identifier to link your social account.

c) Food and Nutrition Data

• Photos of meals you upload for AI analysis.
• Food entries you log (food name, portion, meal type, notes).
• Nutritional data generated from AI analysis (calories, macronutrients, micronutrients).
• Personal nutrient tracking preferences and custom limits (e.g., sodium, gluten, lactose, purine).
• Macro targets and nutrition plan selections.
• Diet compliance and food diversity data.

d) AI Interaction Data

• AI chat messages and conversation history (stored temporarily per session, up to 20 messages).
• AI food scan usage logs (for quota management).

e) Device and Technical Data

• Device type, operating system version, and device name.
• Push notification tokens (Firebase Cloud Messaging).
• App version and platform (Android/iOS).

f) Information We Do NOT Collect

• We do not collect your location or GPS data.
• We do not collect medical records, health conditions, or diagnoses.
• We do not collect payment or financial information (payments are handled entirely by Google Play Store or Apple App Store).

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service.
• Analyze food images using AI to generate nutritional information.
• Track and display your nutrition history, trends, and scores.
• Provide AI-powered nutrition chat and personalized suggestions.
• Send push notifications (updates, reminders) with your consent.
• Manage your subscription and usage limits.
• Monitor and analyze usage patterns to improve user experience.
• Detect, prevent, and address technical issues and abuse.
• Enforce our Terms of Service and rate limits.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds, in accordance with GDPR Article 6 and Turkey's KVKK:

• Consent: When you create an account, upload food photos, or enable push notifications, you provide consent for processing your data for those specific purposes. You may withdraw consent at any time.
• Contract Performance: Processing necessary to provide the Service you signed up for, including account management, food logging, nutrition tracking, and subscription management.
• Legitimate Interest: Processing for service improvement, security monitoring, fraud prevention, and technical issue resolution, where our interests do not override your rights and freedoms.
• Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders.

4. AI Data Processing

When you use our AI-powered features, your data is processed as follows:

• Food Photo Analysis: Photos you upload are sent to third-party AI providers (Google Gemini, OpenAI) via their API for nutritional analysis. These providers process the images solely for generating a response and do not use your photos to train their AI models (per their API terms of service).
• AI Chat: Your chat messages are sent to AI providers to generate nutrition-related responses. Chat history is stored temporarily for session continuity and is not retained by AI providers.
• No AI Training: Your personal data, food photos, and chat messages are not used to train any AI models, by us or by our AI providers.

5. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including:

• TLS/SSL encryption for all data transmission.
• Secure password hashing (bcrypt/argon2id).
• RS256 JWT authentication with refresh token rotation.
• Rate limiting on API requests to prevent abuse.
• Access controls and monitoring.
• Database encryption and prepared statements to prevent SQL injection.

6. Third-Party Services

We use the following third-party services that may process your information:

• Google Firebase: Authentication and push notifications (Firebase Cloud Messaging). Subject to Google Firebase Privacy Policy.
• Google Sign-In: Social authentication. Subject to Google Privacy Policy.
• Apple Sign-In: Social authentication. Subject to Apple Privacy Policy.
• Google Gemini API: AI food image analysis and nutrition chat. Subject to Google AI Terms.
• OpenAI API: AI food image analysis (fallback provider). Subject to OpenAI Privacy Policy.
• Cloudflare R2: Cloud storage for user-uploaded images. Subject to Cloudflare Privacy Policy.

7. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. When you allow notifications:

• Your device token is registered with our servers.
• We store your device token, platform (Android/iOS), and device name.
• Device tokens are removed when you log out or unregister.
• You can disable notifications at any time through your device settings.

8. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following cases:

• With your explicit consent.
• With third-party AI providers solely for processing your requests (food analysis, chat), as described in Section 3.
• To comply with legal obligations, court orders, or government requests.
• To protect our rights, safety, and property, or that of our users.
• With service providers who assist in operating the Service (under strict confidentiality and data processing agreements).

9. Your Rights

You have the right to:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate information through the app or by contacting us.
• Deletion: Delete your account and all associated data through the app settings or by contacting us.
• Notification Opt-Out: Disable push notifications through your device settings.
• Withdraw Consent: Withdraw consent for data processing at any time (note: this may limit your ability to use certain features).
• Data Portability: Request your data in a portable format by contacting us.

Right to Complain: Lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully. In Turkey, this is the Personal Data Protection Authority (KVKK). In the EU, contact your national Data Protection Authority.

To exercise any of these rights, please contact us at support@nutrina.org. We will respond within 30 days.

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Users between 13 and 18 may use the Service with parental or guardian consent. If you become aware that a child under 13 has provided us with personal information, please contact us immediately so we can delete the data and close the account.

11. Data Retention

We retain your personal data as follows:

• Account Data: Retained for as long as your account is active.
• Food Entries and Nutrition Data: Retained for as long as your account is active.
• AI Chat History: Stored temporarily per session (up to 20 messages), then automatically cleared.
• AI Usage Logs: Retained for quota management and billing purposes.
• Push Notification Tokens: Removed upon logout or account deletion.

When you delete your account, all associated personal data is permanently deleted from our servers within 30 days. Some anonymized, aggregated data may be retained for analytical purposes.

12. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States and the European Union, where our third-party service providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

13. Cookies and Tracking

The Nutrina mobile application does not use cookies. We may use the following technologies for app functionality:

• Secure Storage: Authentication tokens are stored securely on your device using encrypted storage.
• Local Preferences: Language and display preferences are stored locally on your device.

14. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information to third parties.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page.
• Updating the "Last updated" date.
• Sending a push notification or in-app notice for significant changes.

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
support@nutrina.org