NutriPlan is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. If you have questions, email us at nutriplan@polsia.app.
1. Data We Collect
We collect only what's necessary to provide the service:
- Email address — used for account creation and magic-link authentication.
- Dietary preferences & biometric inputs — height, weight, age, activity level, dietary restrictions, and health goals you enter to generate meal plans. This data is stored to save and reload your preferences.
- Generated meal plans — the meal plans we create for you are stored so you can access them later.
- Analytics events — anonymized usage events (page views, feature interactions) to improve the product. No personally identifiable data is included in these events.
- Session identifiers — a random session token stored in your browser's sessionStorage to track a single browsing session.
- Payment information — if you subscribe to Premium, your payment details are handled directly by Stripe. NutriPlan does not store credit card numbers.
2. How We Use Your Data
- Meal plan generation — your biometric inputs and dietary preferences are fed to our LP solver to generate optimized meal plans tailored to your goals.
- Service improvement — aggregated, anonymized analytics help us understand which features are most useful and identify bugs.
- Authentication — your email is used to send magic-link login emails and, if applicable, subscription receipts from Stripe.
- Subscription management — billing status is tracked to enforce plan limits and grant premium access.
We do not sell your data. We do not use your data for advertising or share it with third-party marketers.
3. Data Storage
Your data is stored in a PostgreSQL database hosted on Neon (a managed cloud database provider). The database is encrypted at rest. All data is processed and stored within the United States.
OAuth tokens and sensitive credentials are stored using AES-256-GCM encryption.
4. Third-Party Services
NutriPlan uses the following third-party services:
- Stripe — payment processing for Premium subscriptions. Stripe handles all credit card data under their own privacy policy. We receive only a customer ID and subscription status.
- Polsia — our hosting and infrastructure provider. NutriPlan is built on Polsia's platform, which provides the server, database, and deployment infrastructure.
- Google Fonts — typography loaded from Google's CDN. Google may log the request (IP address, browser) per their privacy policy.
5. Cookies & Local Storage
- Session cookies — used to maintain your login session. These expire when you sign out or after 7 days of inactivity.
- localStorage — stores your preferences (sidebar state, UI settings) locally in your browser. This data stays on your device and is not transmitted to our servers.
- sessionStorage — stores a short-lived anonymous session ID used for analytics. Cleared when you close your browser tab.
We do not use third-party tracking cookies or advertising cookies.
6. Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, subject to legal obligations.
Anonymized analytics data (not linked to your identity) may be retained indefinitely for product improvement purposes.
7. Your Rights
You have the right to:
- Access your personal data we hold.
- Correct inaccurate information.
- Delete your account and associated personal data.
- Export your meal plan data.
- Withdraw consent at any time by closing your account.
To exercise any of these rights, email nutriplan@polsia.app.
8. Children's Privacy
NutriPlan is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We'll update the "last updated" date at the top of this page. Continued use of NutriPlan after changes constitutes acceptance of the updated policy.