Nutrition Plan

Privacy Policy

Last updated: January 1, 2025

1. Who we are

NutriPilot ("we", "our", "us") operates the website nutripilot.app and the NutriPilot nutrition planning application. This policy explains how we collect, use, and protect your personal data when you use our services.

2. Data we collect

We collect only what we need to provide the service:

  • Account data — email address and password hash when you create an account.
  • Plan data — your nutrition goals, calorie targets, and dietary preferences that you enter to generate plans.
  • Usage data — anonymized analytics (pages visited, features used) via Vercel Analytics. No personal identifiers are stored.
  • Payment data — billing information for Pro subscribers is processed by Stripe. We never store card numbers.

3. How we use your data

  • To generate and save your nutrition plans
  • To send transactional emails (account confirmation, password reset)
  • To improve the product based on anonymized usage patterns
  • To process payments for Pro subscriptions

We do not sell your data. We do not use your data to train AI models.

4. Data storage and security

Your data is stored in encrypted databases hosted in the European Union. We use industry-standard security practices including HTTPS, hashed passwords, and access controls. Plan data you enter without an account is stored only in your browser's local storage and never sent to our servers.

5. Your rights (GDPR)

If you are in the EU or UK, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing or withdraw consent at any time

To exercise any of these rights, email privacy@nutripilot.app.

6. Cookies

We use a single session cookie for authentication. We do not use advertising cookies or third-party tracking cookies. Analytics are cookieless.

7. Third-party services

  • Vercel — hosting and anonymized analytics
  • Stripe — payment processing for Pro subscriptions

Each service operates under its own privacy policy and GDPR-compliant data processing agreements.

8. Data retention

Account data is retained as long as your account is active. If you delete your account, all personal data is removed within 30 days. Anonymized analytics data has no retention limit.

9. Changes to this policy

We will notify registered users by email of any material changes to this policy at least 14 days before they take effect.

10. Contact

For privacy questions or data requests, email privacy@nutripilot.app or visit our contact page.