Nutrio+
Nutrio+
Health & Fitness

Legal

Nutrio+ Privacy Policy

Effective date: 19 February 2026. This policy explains how Nutrio+ handles personal data when you use our website, app, and related services.

Controller: Nutrio+ (UK) Jurisdiction focus: UK GDPR & Data Protection Act 2018

1. Scope

This Privacy Policy applies to Nutrio+ services, including our mobile application, website at nutrioplus.co.uk, and related support channels. It covers personal data collected directly from you, automatically from your use of the service, and from trusted third-party integrations you connect.

2. Personal Data We Collect

  • Account data: name, email address, login credentials, authentication identifiers, and support communications.
  • Profile data: age range/date of birth, sex/gender details you provide, height, weight, goals, activity level, and dietary preferences/allergies.
  • Nutrition and fitness records: meals, recipes, barcode scans, nutrition entries, workout logs, goals, streaks, achievements, and progress history.
  • Images and uploads: meal photos and media you upload for logging or AI analysis.
  • Technical data: device model, OS version, app version, crash logs, diagnostics, IP-derived region, language, and timestamps.
  • Usage data: feature interactions, pages/screens viewed, event metadata, and referral information.
  • Notification preferences: push notification tokens and message interaction events.

3. Health and Special Category Data

Some data in Nutrio+ may be health-related and classed as special category personal data under UK GDPR (for example: dietary habits, body metrics, allergies, and fitness activity). We process this data only when necessary to provide requested features and generally based on your explicit consent or another valid legal condition under Article 9 UK GDPR.

Nutrio+ is not a medical service and does not provide medical diagnosis, treatment, or emergency support. Always seek qualified professional advice for medical decisions.

4. How We Use Personal Data

  • Provide core app functionality, including account access, nutrition tracking, workout logging, and progress analytics.
  • Run AI-supported features such as meal analysis and generated suggestions.
  • Personalise your targets, reminders, and in-app experience.
  • Maintain security, detect abuse/fraud, and prevent unauthorised activity.
  • Diagnose crashes, fix bugs, monitor performance, and improve reliability.
  • Respond to support queries and service messages.
  • Comply with legal obligations, law enforcement requests, and dispute handling.

6. How We Share Data

We do not sell your personal data. We may share data with:

  • Service providers/processors: hosting, cloud storage, analytics, crash reporting, authentication, messaging, and AI infrastructure providers under contractual safeguards.
  • Professional advisers: legal, compliance, insurance, and audit advisers when necessary.
  • Authorities: where required by law, court order, or to protect rights, safety, and platform integrity.
  • Corporate transactions: in case of merger, acquisition, financing, or asset transfer, subject to confidentiality and legal protections.

7. International Data Transfers

If personal data is transferred outside the UK, we use lawful safeguards such as UK International Data Transfer Agreement (IDTA), Addendum to EU SCCs, adequacy regulations, or other valid mechanisms. We apply supplementary technical and organisational measures where appropriate.

8. Data Retention

We keep personal data only as long as necessary for the purposes described in this policy, including legal, tax, accounting, and dispute requirements. Retention periods vary by data type and purpose.

  • Active account data is retained while your account remains open.
  • When you request deletion, we remove or anonymise data unless we are legally required to retain specific records.
  • Backups are purged on a rolling schedule and may persist briefly before secure deletion cycles complete.

9. Security Measures

  • Encryption in transit (TLS) and access controls based on role/need.
  • Authentication protections and monitoring for suspicious activity.
  • Secure development and operational practices intended to reduce risk.
  • Incident response processes to investigate and manage potential breaches.

No internet or storage system can be guaranteed 100% secure. If we identify a reportable personal data breach, we will act in accordance with applicable law.

10. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

  • Access a copy of your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion in certain circumstances.
  • Restrict or object to specific processing.
  • Data portability for data provided by you.
  • Withdraw consent where processing is consent-based.

To exercise rights, contact us using the details below. We may need to verify identity before actioning requests.

11. Children and Age Requirements

Nutrio+ is not directed to young children. If you are under the age required by local law to consent to data processing, parental/guardian consent may be required. If we learn that personal data was collected from a child without valid authorisation, we will take steps to delete it.

12. Cookies and Similar Technologies

Our website may use essential cookies and similar technologies for core functionality, security, and performance. Non-essential analytics or advertising technologies are used only where legally permitted and, where required, based on consent.

You can control cookies through browser settings and, where available, consent controls. Blocking some cookies may affect site functionality.

13. AI-Powered Features

Nutrio+ uses AI systems to provide meal analysis and suggestions. AI outputs are probabilistic and may be inaccurate or incomplete. You are responsible for reviewing outputs before relying on them, especially for allergy, nutrition, or health-sensitive decisions.

We may process the prompts and content you submit to AI features to provide the feature, improve safety, and maintain service quality, subject to contractual and legal controls.

14. Regional Privacy Laws

Depending on your location, specific privacy laws may apply to you. Below are key rights and requirements for major regions:

🇪🇺 Europe (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, the General Data Protection Regulation (GDPR) or UK GDPR applies:

  • Lawful Basis: We process data based on contract necessity, consent, legal obligation, or legitimate interests.
  • Data Subject Rights: Access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing.
  • Special Categories: Health data (nutrition, fitness, body metrics) is processed only with explicit consent or for health care purposes.
  • International Transfers: Data transferred outside EEA uses Standard Contractual Clauses (SCCs) or adequacy decisions.
  • DPO: We have appointed a Data Protection Officer. Contact: dpo@nutrioplus.co.uk
  • Supervisory Authority: You can complain to your local data protection authority (e.g., ICO in UK, CNIL in France).

🇺🇸 United States (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply:

  • Right to Know: Request disclosure of personal information collected, used, shared, or sold.
  • Right to Delete: Request deletion of personal information, with some exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information.
  • Right to Limit Use: Limit use of sensitive personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Shine the Light: California residents can request information about sharing personal information with third parties for direct marketing purposes.

Financial Incentive Notice: We do not currently offer financial incentives for personal data collection.

🇸🇦 Saudi Arabia (PDPL)

If you are in Saudi Arabia, the Personal Data Protection Law (PDPL) applies:

  • Personal data is processed in accordance with Sharia principles and legitimate purposes.
  • Data subjects have rights to access, correct, and request destruction of personal data.
  • Cross-border transfers require adequate protection measures or regulatory approval.
  • Contact our regional representative for Saudi-specific requests.

🇦🇪 UAE (PDPL)

For UAE residents, Federal Decree-Law No. 45 of 2021 on Personal Data Protection applies:

  • Data processing requires consent or another legal basis under UAE law.
  • Data subjects have rights to access, correct, and delete personal data.
  • Cross-border transfers require adequate protection levels.

🌏 Other Regions

We comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to:

  • Canada (PIPEDA): Personal Information Protection and Electronic Documents Act
  • Australia (Privacy Act): Australian Privacy Principles
  • Singapore (PDPA): Personal Data Protection Act
  • Brazil (LGPD): Lei Geral de Proteção de Dados
  • Japan (APPI): Act on the Protection of Personal Information
  • South Korea (PIPA): Personal Information Protection Act

If your region is not listed, contact us to learn about specific privacy rights that may apply to you.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the latest version on this page and update the effective date. Material changes may also be communicated in-app, by email, or through other reasonable notice channels.

16. Contact and Complaints

For privacy requests or concerns, contact: privacy@nutrioplus.co.uk.

You may also lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): ico.org.uk.

Important Notice

This policy is provided for transparency and platform governance. It should be reviewed by qualified legal counsel to ensure full compliance with your exact product configuration, vendors, jurisdictions, and release flows.