Privacy Policy

1. Introduction

NutriShot AI ("we," "our," "us") respects your privacy. This Privacy Policy explains how we handle information when you use our app. We do not collect, store, or send personal data such as your name or email address on our servers or to third parties. To provide app features, we process anonymous user-input data such as height, weight, nutrition goals, and food photos.

2. Authentication and Identity

Authentication is managed securely by third-party OAuth providers (e.g., Google). We do not see or store your login credentials. Instead, we receive a unique user identifier from the OAuth provider. This ID lets us associate your sessions and data with your account, without storing personal identity details in our system.

3. Information We Process

• Anonymous Profile Inputs: Height, weight, and nutrition goals you enter in the app.
• Meal Data: Photos and descriptions you submit for nutritional analysis.
• Session Data: An OAuth user ID used to maintain your account and ensure continuity across sessions.
• Diagnostic Data: Anonymous error reports, crash logs, and basic device information (e.g., browser type, operating system) collected automatically to help us identify and fix issues. This data is not linked to your identity.

We do not link this information to your name, email, or other direct personal identifiers.

4. How We Use Information

• Provide calorie totals, macro estimates, and meal insights based on submitted data.
• Maintain account sessions using the OAuth user ID.
• Improve app performance and functionality.

5. Data Sharing

We do not sell your data. We do not send your name or email to third parties, and we do not link the data we process to direct personal identifiers in our systems. To operate the app, we rely on the service providers listed below. Each receives only the limited data needed for its function, and none receive your name or email from us.

• AI providers (e.g., OpenAI, Anthropic), receive anonymous user-input data such as height, weight, nutrition goals, and food photos in order to generate calorie totals and meal insights.
• Sentry, receives anonymous crash logs, error reports, and basic device information (OS, device model, app version) to help us detect and fix issues. An internal account identifier may be attached to error reports to correlate crashes across a session; no name, email, or profile data is included.
• RevenueCat, processes subscription purchase events and entitlement status. Receives your platform-issued purchase identifier (from Apple or Google) and our internal account identifier so subscriptions can be restored across devices. Does not receive your name or email from us.
• AppsFlyer, our mobile measurement partner for marketing attribution. Receives the platform-provided device identifier (Apple IDFV or Google Advertising ID), install and app-open events, and an anonymous registration event so we can understand which marketing channels drive installs. Does not receive your name, email, food photos, or health data.
• Advertising networks (Meta, Google, Apple Search Ads, and other networks we may test in the future), when you install the app after interacting with an ad, these networks receive privacy-preserving attribution data via Apple's SKAdNetwork framework or equivalent platform APIs. This data is aggregated and does not identify you individually.
• OAuth providers (e.g., Apple, Google), handle authentication and may process login data under their own privacy policies, which we do not control.
• Infrastructure providers (e.g., cloud hosting, databases, CDNs), process limited data solely to operate the app.

Some of these providers may be located outside your country of residence. Where required by law, transfers are protected by appropriate safeguards (such as standard contractual clauses).

6. Health Data (Apple Health & Health Connect)

With your permission, the app reads activity data (active and total calories burned, and weight) from Apple Health (iOS) or Health Connect (Android) so it can display calories burned alongside your nutrition tracking. It may also write meals, nutrition, and hydration entries back to Apple Health or Health Connect when you choose to log them. Health data stays on your device and is not transmitted to our servers or to any of the third-party services listed above. You can revoke Apple Health or Health Connect permissions at any time through your device's system settings.

7. Advertising and Attribution

We use Apple's SKAdNetwork and similar platform-level attribution frameworks to measure the effectiveness of our marketing campaigns in a privacy-preserving way. These frameworks are designed by the operating system to report aggregated, delayed, and anonymized results, so individual users cannot be identified from the data shared with ad networks. We do not currently show the App Tracking Transparency (ATT) prompt and do not collect the Apple IDFA. We do not engage in cross-app tracking of your behavior.

8. Data Storage and Security

Data is stored securely using industry-standard encryption and access controls. We do not store your name or email in our systems. The OAuth user ID is stored only to maintain your account and is never combined with direct personal identifiers inside our system.

9. Your Rights

You may request deletion of your account and associated data at any time. Since accounts are keyed only to the OAuth identifier, we will require you to authenticate via your OAuth provider to process such requests.

10. Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect information from children.

11. Policy Updates

We may update this Privacy Policy from time to time. The latest version will always be posted here with the effective date updated.