Privacy Policy

Last updated: April 18, 2026

Nutraze is an AI-assisted meal planning, workout tracking, and grocery coordination app. This policy explains what information we collect, why we collect it, and how you can control or delete it. It’s deliberately plain-English; if anything here is unclear, email hello@nutraze.in and we’ll clarify.

1. What we store

• Account basics: your email address, display name, password hash (only if you set a password), and — if you sign in with Google — the Google subject ID. We do not store your Google password.
• Kitchen data: the household name, size, cuisine preference, invite code, and the email or name of people you explicitly add or invite.
• Meal, workout, and grocery data: anything you enter into the calendar, workout tracker, or grocery list, including notes and Copilot conversations.
• Operational metadata: timestamps, your approximate timezone, and standard web request logs (IP address, user agent) for security and debugging.

2. What we never sell

We do not sell your personal information to third parties. We do not rent, trade, or share it for advertising. Analytics is limited to Google Analytics with pseudonymous event data (no raw identifiers).

3. Who we share data with

We share only what’s needed to run the service:

• Our hosting provider (Railway) stores your data in its infrastructure.
• Transactional email goes through Brevo when we send you login codes. The message body contains only the OTP and your email address.
• AI completions for Copilot, meal planning, and grocery generation are sent to our model provider (OpenRouter). We only send the task prompt and the minimum context needed to answer; we never send payment information or passwords.

4. Cookies and analytics

We use a single HttpOnly session cookie (token) to keep you signed in, plus Google Analytics to understand how the product is used. See our Cookie Policy for specifics.

5. Your controls

• View or correct your data: most of it is editable from the app (Settings, Kitchen, Meals, Workouts).
• Delete your account: email hello@nutraze.in from the account email address and we’ll remove your records within 30 days.
• Export: on request, we’ll send you a JSON export of everything tied to your account.

6. Retention

Account and kitchen data persist while your account is active. OTP codes expire within 10 minutes. Request logs are rotated out within 30 days. Deleted accounts are scrubbed from the primary database within 30 days of the request; encrypted backups roll off on a 90-day cycle.

7. Security

Data is encrypted in transit over TLS and at rest by our hosting provider. Passwords are bcrypt-hashed. We do our best, but no service is perfectly secure — if you spot something, please report it to hello@nutraze.in.

8. Children

Nutraze is not directed at children under 13 and we don’t knowingly collect their data.

9. Changes

If we change this policy materially, we’ll post a notice on this page and, when it affects active accounts, email you directly.

10. Contact

Questions, data-subject requests, or complaints: hello@nutraze.in.