Privacy Policy

Last updated: 25 April 2026

NutriMatch ("we", "our", "us") respects your privacy. This Privacy Policy explains what personal data we collect when you use the NutriMatch mobile application (the "App"), why we collect it, how we use it, and the rights you have over it.

1. Who we are

NutriMatch is operated by the NutriMatch team. For privacy questions or to exercise your rights under this policy, contact us at support@nutrimatch.org.

2. The data we collect

We only collect data that the App genuinely needs to function. There is no advertising SDK, no third-party analytics that profile you, and no data sale to anyone, ever.

You give us directly

• Email address — when you sign up, sign in, or request a password reset.
• Display name — used only to greet you in the App and on your monthly report.
• Profile data — age, gender, height, weight, activity level. Used to compute calorie / nutrient targets.
• Health information — your declared food intolerances, sensitivity strictness, symptoms you log, Bristol stool entries, hydration log, meals you record.
• Onboarding survey answers — your goals, journey, past tests, dietary habits.
• Photos you take in-App — when you use the AI food-photo or barcode scanner. Photos are sent to our AI provider (Anthropic) for analysis and are not retained on our servers afterwards.

Collected automatically

• Account identifier — a randomly generated UUID assigned by our authentication provider (Supabase).
• Subscription state — your active plan, trial status, and store transaction ID, received from RevenueCat (the App's subscription processor).
• Device data — only what is necessary for the App to run (device type, OS version). We do not track device identifiers, advertising IDs, or your location.
• Crash logs — anonymised technical traces if the App crashes, used to fix bugs.

From third parties

• If you sign in with Apple or Google, we receive your verified email address and (optionally) your display name from them.
• If you opt in to Apple Health or Google Health Connect, we read step count, distance, calories burned, sleep, weight, height, hydration, and nutrition data — and write back hydration and nutrition you log in the App. This data is processed on your device. We do not transmit it to our servers in raw form; only summary statistics may be included in your monthly report.

3. How we use your data

We use your data only to provide and improve the App's core features:

• To create and secure your account.
• To analyse food labels and photos you scan, and personalise the trigger assessment to your declared intolerances.
• To generate your monthly clinical report, which correlates your meals, symptoms, and stool patterns over the past 30 days.
• To send you the App's reminders (only if you grant notification permission), such as your trial-ending reminder or "your monthly report is ready".
• To process your subscription via Apple, Google, and RevenueCat.
• To respond to your support requests.
• To detect and prevent abuse (e.g. rate limiting).

We do not use your data for advertising, profiling, or to train any AI model. Your meal photos and health data are not used to improve any third-party model.

4. Where your data is stored

Your data is stored on managed infrastructure operated by:

• Supabase (database, authentication, file storage) — hosted in the European Union.
• Anthropic (AI processing of food photos and monthly reports) — your photo and journal data are sent at the moment of analysis and not retained by Anthropic for training. See Anthropic's privacy policy.
• RevenueCat (subscription state) — your account UUID and subscription metadata.
• Spoonacular (recipe lookups) — recipe queries you perform are sent to Spoonacular. We cache recipes for one hour to reduce calls. No personally identifying information is sent.
• OpenFoodFacts (barcode lookups) — barcodes you scan are sent to the public OpenFoodFacts API. No personally identifying information is sent.
• OCR.space (text extraction from ingredient photos) — only the photo image is sent.

5. How long we keep it

• Your account and journal: for as long as your account exists. You can delete your account at any time from Settings → Delete Account, which permanently and irreversibly removes all of your data.
• Crash logs: 30 days.
• Subscription receipts: as long as required by Apple, Google, and applicable tax law (typically 7 years).

6. Your rights

If you live in the European Economic Area, the United Kingdom, Switzerland, or California, you have the following rights:

• Right to access: from Settings → Export My Data, you can download every row we have about you in a single JSON file.
• Right to deletion: from Settings → Delete Account, you can erase your account and all associated data within seconds. There is no recovery period.
• Right to rectification: you can update your profile data at any time inside the App.
• Right to portability: the export above gives you a machine-readable copy.
• Right to object / restrict processing: contact support@nutrimatch.org.
• Right to lodge a complaint with your national data protection authority.

7. Children

NutriMatch is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided us with data, please contact us and we will delete the account.

8. Security

We use industry-standard practices: TLS for all data in transit, encryption at rest on our servers, secure storage on your device (iOS Keychain / Android Keystore) for authentication tokens, row-level security on every database table, and rate limiting on every sensitive endpoint. No system is perfectly secure, but we treat your health data with the seriousness it deserves.

9. Changes to this policy

We will post any changes here and update the "last updated" date at the top. If a change materially affects your rights, we will also notify you in-App.

10. Contact

For any privacy question or to exercise your rights, write to support@nutrimatch.org. We aim to respond within 7 days.