Privacy Policy

1. Who We Are

NutraSafe is operated by Aaron Keen, sole trader, United Kingdom ("NutraSafe", "we", "us", "our").

Contact: contact@nutrasafe.co.uk

3. Data We Collect

Provided by you

• Account details: email (required for login).
• App content: food logs, reactions, allergens, expiry-tracking entries, and optional photos.
• Health and fitness data: nutrition goals, weight, height, age, gender, workout activity (if you use the AI Coach feature).
• AI Coach conversations: messages you send to the AI Coach (if you use this feature).
• Support messages you send to us.

Automatically collected

• Device and app information (e.g., IP address, device model, OS version, app version).
• Notification token (if you enable push notifications).

Passwords are handled securely by Firebase Auth and are never visible to us.

4. How We Use Your Data

• To provide and personalise your NutraSafe account.
• To sync, back up, and display your entries.
• To provide AI-powered coaching (see Section 7a below for full details).
• To troubleshoot, secure, and improve the service.
• To reply to support requests.

We do not use your data for advertising or profiling.

5. Access and Storage

Your data is stored with Google Firebase (Google LLC), which encrypts all data in transit (TLS) and at rest (AES-256).

As the app operator, Aaron Keen may technically access user data through Firebase Console solely for:

• Bug investigation
• User support
• Maintaining database integrity and security

No data is used for any other purpose.

6. Legal Basis (UK GDPR)

• Contract (Art. 6(1)(b)) – to deliver the app and its features.
• Legitimate Interest (Art. 6(1)(f)) – to maintain reliability and security.
• Consent (Art. 6(1)(a)) – for optional features such as notifications, camera access, and AI Coach data sharing with Google Gemini.

7. Data Sharing and Transfers

Data is shared only with:

• Google Firebase (hosting, authentication, storage).
• Google Gemini (third-party AI service for AI coaching — see Section 7a).
• Authorities or law enforcement if legally required.

Where data is processed outside the UK/EU, Firebase relies on Standard Contractual Clauses to ensure adequate protection.

We never sell, rent, or trade data.

7a. AI Coach — Third-Party AI Data Sharing

NutraSafe includes an optional AI Coach feature powered by Google Gemini, a third-party AI service provided by Google LLC. This feature is entirely opt-in — you must give explicit consent before any data is shared.

What data is sent to Google Gemini

• Your nutrition goals and progress
• Food diary summaries
• Workout and fitness activity
• Basic profile information (height, weight, age, gender)
• Your coaching conversation messages

What we never send to Google Gemini

• Your name or email address
• Photos or images
• Apple Health raw data
• Payment or financial information

How your data is protected

• Data is processed by Google Gemini in real-time only to generate coaching responses.
• Your data is not used by Google for AI model training.
• All data is encrypted in transit (TLS).
• Google LLC provides equivalent data protection as described in their Privacy Policy and Gemini API Terms of Service.

Your consent and control

• Before using the AI Coach, you are asked to review what data will be shared and give explicit consent.
• You can revoke AI data sharing consent at any time in Settings → Data & Privacy.
• Revoking consent immediately stops all data sharing with Google Gemini.
• You can continue using all other NutraSafe features without the AI Coach.

8. Retention Periods

• Active accounts: data retained while the account remains active.
• Deleted accounts: data removed or anonymised within 30 days; backups purged within 90 days.
• Support emails: kept up to 24 months for audit and dispute resolution.

9. Your Rights

Under UK GDPR you can request to:

• Access your personal data
• Correct inaccurate information
• Delete your data ("Right to be Forgotten")
• Restrict or object to processing
• Receive a portable copy of your data

Contact contact@nutrasafe.co.uk to exercise these rights.

You may also contact the Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We use industry-standard security controls (encryption, access restrictions, monitoring). No system is 100% secure; please keep your device updated and use a strong password.

11. Children

NutraSafe is not intended for use by anyone under 16. If we learn we hold data for a child under 16 without consent, we will delete it promptly.

12. Changes to This Policy

We may update this policy periodically. Updates will be posted in-app and on our website with a new effective date. Material changes will be clearly communicated before they take effect.