Privacy Policy
Effective Date: September 2025
This Privacy Policy explains how NutraGPT (nutragpt.co), operated by Aigentis, collects, uses, and protects your personal information when you use our AI nutritional and somatics coaching service.
1. Information We Collect
1.1 Personal Information
To provide our services and maintain your account, we collect the following personal information:
| Data Type | Purpose | Required/Optional |
|---|---|---|
| Full Name | Account identification and personalization | Required |
| Email Address | Account management, communication, and recovery | Required |
| Date of Birth | Age verification (18+ requirement) and personalized recommendations | Required |
1.2 Technical Information
For security, abuse prevention, and service optimization, we automatically collect:
- IP Addresses: Used for security monitoring, fraud prevention, and geographic service optimization
- Device Information: Browser type, operating system, and device identifiers
- Usage Data: How you interact with our service, including session duration and features used
- Log Data: Server logs that may include IP addresses, timestamps, and system events
1.3 Health and Wellness Information
Through your interactions with NutraGPT, you may provide information related to:
- Dietary preferences and restrictions
- Health goals and concerns
- Lifestyle and wellness practices
- Questions and conversations with the AI system
2. How We Use Your Information
2.1 Service Provision
We use your information to:
- Provide personalized AI coaching and recommendations
- Maintain and manage your user account
- Process your requests and respond to your inquiries
- Improve the accuracy and relevance of our AI responses
2.2 Security and Compliance
Your information helps us:
- Verify your identity and prevent unauthorized access
- Monitor for suspicious activity and prevent abuse
- Comply with legal obligations and law enforcement requests
- Maintain the security and integrity of our systems
2.3 Communication
We may use your email address to send you:
- Service-related notifications and updates
- Account security alerts
- Responses to your support requests
- Important changes to our terms or policies
3. Information Sharing and Disclosure
🔒 Our Commitment to Privacy
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
3.1 Limited Disclosure
We may only share your information in the following circumstances:
- Legal Compliance: When required by law, court order, or government regulation
- Law Enforcement: To comply with valid legal processes or protect against legal liability
- Safety Protection: To protect the safety and rights of our users, staff, or the public
- Business Transfer: In connection with a merger, acquisition, or sale of assets (with user notification)
3.2 Service Providers
We may share limited information with trusted third-party service providers who assist us in:
- Data hosting and storage
- Technical maintenance and support
- Security monitoring and fraud prevention
These providers are contractually bound to protect your information and use it only for specified purposes.
4. Data Security
🛡️ Security Measures
We implement comprehensive security measures to protect your personal information:
- Encryption: Data is encrypted both in transit and at rest using industry-standard protocols
- Access Controls: Strict access controls limit who can view your information
- Regular Audits: We conduct regular security audits and vulnerability assessments
- Secure Infrastructure: Our systems are hosted on secure, monitored servers
- Staff Training: Our team is trained on data protection and privacy best practices
5. Data Retention
📅 Retention Policy
Data Retention Period: 2 Years After Account Deletion
We retain your personal information for 2 years after you delete your account to:
- Comply with legal and regulatory requirements
- Resolve any disputes or legal issues
- Maintain security and prevent abuse
- Provide account recovery if requested within a reasonable timeframe
After this 2-year period, your data will be securely and permanently deleted from our systems.
5.1 Active Account Data
While your account is active, we retain your information to provide continuous service. You can request data deletion at any time by deleting your account.
5.2 Automatic Deletion
We have automated systems in place to ensure data is deleted according to our retention schedule without requiring manual intervention.
6. Your Privacy Rights
6.1 Access and Control
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correct: Update or correct inaccurate personal information
- Delete: Request deletion of your personal information (subject to legal requirements)
- Restrict: Limit how we process your personal information
- Export: Receive your data in a portable format
6.2 Account Management
You can manage most of your information directly through your account settings. For additional requests, contact us through our website.
7. Age Restrictions
NutraGPT is intended for users who are at least 18 years old. We do not knowingly collect personal information from individuals under 18. If we discover we have collected information from someone under 18, we will delete it immediately.
8. International Users
If you are accessing NutraGPT from outside your home country, please note that your information may be transferred to and processed in countries with different privacy laws. We ensure appropriate safeguards are in place for such transfers.
9. GDPR Rights (European Users)
🇪🇺 European Union Users
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
9.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: For marketing communications and non-essential features
- Contract Performance: To provide our AI coaching services
- Legitimate Interest: For security, fraud prevention, and service improvement
- Legal Obligation: To comply with applicable laws and regulations
9.2 Your GDPR Rights
Under GDPR, you have the right to:
- Right of Access (Article 15): Obtain confirmation of data processing and access to your data
- Right of Rectification (Article 16): Correct inaccurate or incomplete data
- Right of Erasure (Article 17): Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing (Article 18): Limit how we process your data
- Right to Data Portability (Article 20): Receive your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Rights Related to Automated Decision-making (Article 22): Protection against solely automated decisions
- Right to Withdraw Consent: Withdraw consent for processing at any time
9.3 Data Protection Officer
For GDPR-related inquiries, you can contact our Data Protection Officer through our website at nutragpt.co. We will respond to your requests within one month as required by GDPR.
9.4 Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with GDPR requirements.
9.5 Data Transfers
If we transfer your data outside the EU, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for countries with equivalent data protection
- Other appropriate safeguards as required by GDPR
10. Cookie Policy
10.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Strictly Necessary | Essential for website function, login sessions, security | Session/1 year | No (Legal basis) |
| Performance | Analyze usage, improve service performance | 1-2 years | Yes |
| Functional | Remember preferences, language settings | 1 year | Yes |
| Marketing | Personalized content (if implemented) | 1-2 years | Yes |
10.2 Managing Cookie Preferences
You can control and manage cookies in several ways:
- Browser Settings: Most browsers allow you to control cookies through their settings
- Opt-Out: You can opt out of non-essential cookies through our cookie banner
- Third-Party Tools: Use browser extensions or privacy tools to manage tracking
10.3 Cookie Consent
We obtain your consent before placing non-essential cookies on your device. You can:
- Accept all cookies
- Accept only necessary cookies
- Customize your cookie preferences
- Withdraw consent at any time through your account settings
10.4 Third-Party Cookies
We may use third-party services that set their own cookies:
- Analytics Services: To understand user behavior and improve our service
- Security Services: For fraud prevention and security monitoring
- Support Services: For customer support and communication
10.5 Impact of Blocking Cookies
Blocking certain cookies may affect your experience:
- You may need to log in repeatedly
- Your preferences may not be remembered
- Some features may not work properly
- We may not be able to provide personalized recommendations
11. Third-Party Links
Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. We will notify you of significant changes by:
- Posting the updated policy on our website
- Sending you an email notification
- Providing in-app notifications
Continued use of NutraGPT after changes become effective constitutes acceptance of the updated policy.
13. California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and how it's used, and the right to delete personal information.
14. Data Breach Notification
In the unlikely event of a data breach that may affect your personal information, we will:
- Notify relevant supervisory authorities within 72 hours (where required by law)
- Inform affected users without undue delay if there is a high risk to your rights
- Provide clear information about the nature of the breach and steps being taken
- Offer guidance on protective measures you can take
Contact Us
Questions about this Privacy Policy?
Contact us through our website at nutragpt.co
We will respond to your privacy-related inquiries within 30 days.
Last Updated: September 2025
This Privacy Policy is effective as of the date listed above.