NutriLoop
FeaturesHow it worksPricingPrivacyTermsSecurity
Log inStart for free

Privacy Policy

Last updated: 25 May 2026

1. Who we are

NutriLoop ("we", "us", "our") is a nutrition-practice management platform operated from the European Union. Our marketing site is hosted at nutriloop.co and the application at app.nutriloop.co.

2. Data we collect

We collect the following categories of personal data:

  • Account data — name, email address, and profile picture when you sign up directly or via Google OAuth.
  • Practice data — client records, meal plans, notes, and progress metrics you create inside the application.
  • Usage data — pages visited, feature interactions, browser type, and IP address (anonymised where possible).
  • Payment data — processed by our payment provider; we never store full card numbers.

3. How we use your data

  • To provide and maintain the NutriLoop service.
  • To authenticate your identity via email/password or Google OAuth.
  • To process subscription payments and send invoices.
  • To send transactional emails (e.g. password resets, plan changes).
  • To improve the platform through aggregated, anonymised analytics.

4. Legal basis (GDPR)

We process personal data under the following legal bases:

  • Contract — processing necessary to deliver the service you signed up for.
  • Legitimate interest — analytics and security monitoring.
  • Consent — optional marketing communications (you can withdraw at any time).

5. Third-party services

We share data only with processors that are necessary to operate the service:

  • Supabase (database & authentication) — EU-hosted.
  • Google (OAuth sign-in) — only your public profile and email are requested.
  • Vercel (hosting) — content delivery via global edge network.
  • Payment provider — PCI-DSS compliant payment processing.

We do not sell your personal data to any third party.

6. Cookies

We use strictly necessary cookies for authentication and session management. We use no third-party advertising or tracking cookies. Analytics, if enabled, rely on anonymised, cookie-free techniques where possible.

7. Data retention

We retain your account and practice data for as long as your account is active. If you delete your account, we remove all personal data within 30 days, except where retention is required by law (e.g. invoicing records for tax purposes).

8. Your rights

Under GDPR and applicable EU/EEA law, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability — export your data in a machine-readable format.
  • Withdraw consent at any time.

To exercise any of these rights, contact us at privacy@nutriloop.co.

9. Security

All data is encrypted in transit (TLS) and at rest. We use row-level security policies in our database, enforce least-privilege access, and conduct periodic security reviews.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy-related questions, reach us at privacy@nutriloop.co.