Privacy Policy
01 Introduction
NutriFell ("we," "us," or "our") is a nutrition tracking and meal planning application operated by an individual developer based in Georgia (the country). We are committed to protecting your personal data and being transparent about how we collect and use it.
This Privacy Policy explains what information we collect when you use NutriFell at any domain we operate, how we use that information, and what choices you have. By using NutriFell, you agree to the practices described in this policy.
If you have questions at any time, contact us at support@nutrifell.com. We respond within 48 hours.
02 Information We Collect
Account Information
- Name and email address (provided at registration)
- Password (stored as a one-way bcrypt hash — we cannot read it)
- Email verification status
Profile & Health Data
- Age, biological sex, height, and current weight
- Target weight and timeline
- Activity level and fitness goal
- Calculated values: BMR, TDEE, daily calorie target, macro targets
Usage Data
- Foods viewed and searched
- Fridge contents and meal plans you generate or save
- Daily food and calorie log entries
- Water intake logs
- Quit-smoking tracker data (quit date, cravings, milestones)
- App-open streak and visit dates (stored locally in your browser)
Social Content
- Posts, photos, and videos you upload to the social feed
- Comments, reactions, and recipe submissions
- Direct messages you send to other users
- Follow relationships
- Profile photos and cover images
Device & Technical Data
- IP address (logged by the server for security and abuse prevention)
- Browser type and operating system (from User-Agent header)
- Pages visited and actions taken (server request logs)
Payment Information
NutriFell is currently in free beta. If paid plans are introduced, payments will be processed entirely by Stripe. We will never store your card number, CVV, or full payment details on our servers.
If you join the waitlist, we store only the email address you provide.
03 How We Use Your Information
- Provide the service — authenticate your account, calculate your calorie plan, generate meal suggestions, and display your fridge and logs.
- AI meal planning and chat — your profile data and fridge contents are sent to Google Gemini to generate personalised meal plans and nutrition advice. We send only what is necessary; we do not send your password or payment data.
- Email verification — we send a one-time 6-digit code to confirm your email when you register.
- Service communications — transactional emails about your account (e.g. password reset, plan changes). We do not send marketing emails without your explicit opt-in.
- Security and abuse prevention — IP addresses and request logs help us detect unusual activity and enforce rate limits.
- Product improvement — aggregate, anonymised usage patterns (e.g. which foods are most viewed) help us improve the app. We do not sell individual data.
04 Data Storage & Security
- User data is stored on Hostinger servers in European data centres.
- All connections use HTTPS/TLS encryption in transit.
- Passwords are hashed with bcrypt (cost factor 10) — they are never stored in plain text and cannot be reversed.
- JSON authentication tokens (JWT) expire after 7 days.
- Data files are stored on the server filesystem; no external database is used at this time.
- Uploaded media (photos, videos) is stored under
public/uploads/on the same server.
We take security seriously but no system is 100% secure. If you discover a vulnerability, please contact us at support@nutrifell.com before public disclosure.
05 Third-Party Services
We use the following third-party services. Each has its own privacy policy and data practices.
- Google Gemini AI — powers NutriAI chat and meal plan generation. Prompts include your profile stats and fridge contents. See Google Privacy Policy.
- Stripe — payment processing (when billing is active). Stripe receives payment card data directly; we receive only a customer ID and subscription status. See Stripe Privacy Policy.
- Hostinger — web hosting and server infrastructure in the EU. See Hostinger Privacy Policy.
- Google Fonts — typography loaded from Google's CDN. Google may log the request IP. See Google Fonts Privacy FAQ.
- jsDelivr / cdnjs — CDNs for Three.js and other open-source libraries. Standard CDN request logs apply.
We do not sell, rent, or share your personal data with any third party for advertising purposes.
06 Your Rights
You have the following rights over your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate data via your profile settings or by contacting us.
- Deletion — request deletion of your account and all associated data. We will process this within 30 days.
- Data portability — request an export of your data in a machine-readable format.
- Opt-out of emails — reply to any email from us with "unsubscribe" or contact us directly.
- Restrict processing — request that we limit how we use your data in specific circumstances.
To exercise any of these rights, email support@nutrifell.com with your request. We will respond within 48 hours and fulfil the request within 30 days.
EU/EEA residents have additional rights under GDPR. See our GDPR page for full details.
07 Children's Privacy
NutriFell is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that an account belongs to a person under 18, we will delete that account and its data promptly.
Users under 18 should not use NutriFell. Calorie and nutrition targets are based on adult clinical formulas and are not appropriate for children or adolescents. Anyone under 18 with nutrition-related goals should consult a paediatric healthcare provider.
If you believe a person under 18 has created an account, please contact us at support@nutrifell.com.
08 Cookies
NutriFell uses only essential cookies — small text files stored in your browser that are strictly necessary to make the app work. We do not use advertising cookies, tracking pixels, or analytics cookies.
- nb_token — your authentication token. Keeps you logged in for up to 7 days.
- nf_lang — your language preference (English or Georgian). Stored for 1 year.
- nf_cookies_v1 — records that you have accepted this cookie notice.
Several features also store data in localStorage (not cookies) in your browser: recently viewed foods, streak counter, tour completion state. This data never leaves your device.
For full details, see our Cookie Policy.
09 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes — such as new data collection practices or new third-party processors — we will notify registered users by email at least 14 days before the change takes effect.
Continued use of NutriFell after a change takes effect constitutes acceptance of the updated policy. If you do not agree, you may delete your account at any time.
10 Contact Us
For any privacy-related questions, data requests, or concerns:
NutriFell
Email: support@nutrifell.com
Location: Georgia
Response time: within 48 hours
If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.