Privacy Policy

1. Information We Collect

a) Information You Provide Directly - Account details: name, email, password, gender, age, etc. - Profile photo (if applicable). - Health / wellness inputs: weight, height, BMI, workout habits, diet preferences, goals. - Communications: messages you send to support or via contact forms. - Subscription / payment details (when you purchase or subscribe).

b) Automatically Collected Information - Log data: IP address, browser type, pages visited, timestamps. - Device information: device type, operating system, unique identifiers. - Usage metrics: which features you use, how often, timezones, session times. - Cookies, tracking technologies, analytics tools.

c) Information from Third-Party Sources - If you link or authorize integration with external services (e.g. health platforms), we may receive data from them (with your consent). - Aggregated or anonymized data from partners or analytics providers.

2. Purposes for Processing Personal Data

• To operate and deliver the core features of Fitnutri AI (e.g. profile, diet plans, progress tracking).
• To improve and develop new features.
• To provide support, respond to your inquiries, and maintain communication.
• To send service-related communications (e.g. password resets, notifications).
• Marketing emails or promotions, where permitted by law and with your consent.
• To maintain security, detect fraud or abuse, and improve system stability.
• To comply with legal obligations, enforce our policies, or respond to legal requests.
• To aggregate or anonymize your data for research and trends.

3. Legal Basis for Processing (GDPR/EEA/UK)

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)) — Account creation and management, authentication, payment processing, and error reporting. This processing is required to deliver the Fitnutri AI service to you and applies while you hold an account.
• Explicit consent for health data (Art. 9(2)(a))— Processing of special-category data (weight, body measurements, workout history, nutrition intake, and other fitness data) rests on your explicit consent, which you provide during onboarding through our in-app consent screen. The boxes are unchecked by default and you can decline. If you decline, Fitnutri AI cannot provide its service and your account will be deleted; you can also withdraw consent at any time through Profile Settings → Manage Consents, which likewise triggers account deletion. We treat consent as freely given because the alternative — declining and not using the service — is real and available to you.
• Explicit consent for AI processing — Sending your personal data to our AI provider (Google Gemini via OpenRouter) for plan generation and coach replies rests on a separate explicit consent. The same opt-in defaults and withdrawal-equals-deletion rule apply: this processing is required for our service, and if you decline or later withdraw, your account is deleted.
• Consent for optional data — Analytics (anonymous usage data to improve the service) and marketing communications are genuinely optional. You can grant or withdraw either at any time in Profile Settings without affecting your account.
• Legitimate interests — For security monitoring, fraud detection, and service improvement where these interests are not overridden by your rights.
• Legal obligation — To comply with applicable laws, including Dutch and EU tax regulations for financial records.

4. Data Retention

We retain your account data for as long as your account is active so we can provide the Services to you. Deletion is user-initiated — you can request full account deletion at any time via Profile Settings → Delete Account (see Section 5) or by emailing support@fitnutri.com. Once requested, your data is permanently removed within 30 days, except for financial records that we are required to keep under Dutch and EU tax law.

Mobile-app analytics retention: Anonymized product-analytics events collected via Firebase Analytics (Google LLC) are retained for 14 months. Ad-attribution events collected via Meta App Events (Meta Platforms Ireland Ltd.) are retained per Meta's data policy (currently 24 months). Both are subject to your consent — see Sections 3 and 9.

All user-initiated deletions are hard deletes — your data is permanently removed from our systems, not merely deactivated.

5. Your Rights & Choices

Depending on your jurisdiction, you may have rights such as:

• Access to your personal data.
• Correct or update inaccurate data.
• Delete your account or data (subject to retention requirements).
• Restrict or object to processing (e.g. for marketing).
• Withdraw consent at any time.
• Data portability (in certain regions).
• Lodge a complaint with a data protection authority.

How to exercise your rights:

• Data export (portability): You can request a complete export of your personal data directly from the app via Profile Settings → Export My Data. Your data will be compiled and sent to your registered email address in JSON format.
• Consent management: You can review and change your consent preferences at any time through Profile Settings → Manage Consents.
• Account deletion: You can request account deletion through Profile Settings → Delete Account. Your data will be permanently removed within 30 days, with the exception of financial records retained under legal obligation.
• Other requests: For access, correction, restriction, or objection requests, contact us at support@fitnutri.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at https://autoriteitpersoonsgegevens.nl.

6. Security

We use reasonable technical, organizational, and administrative measures (encryption, access controls, vulnerability assessments) to protect your data. However, no system is perfect; in the event of a security breach, we will follow applicable laws to notify affected users or authorities.

7. Children

Our Services are not intended for children under 18. If we become aware of a person under 18 using the Services, we will remove their data.

8. Sharing & Disclosure of Personal Data

We may share your personal data in the following circumstances:

• Service providers / subprocessors (hosting, email, analytics, payments) under contractual obligations.
• Legal or regulatory authorities when required.
• In aggregated / anonymized form (non-identifying) for research or reporting.
• Affiliates or during corporate transactions (e.g. merger, acquisition), with notice to you.
• AI routing subprocessor: OpenRouter, Inc. (United States) routes our AI requests to underlying large-language-model and image-generation providers. Inputs (your health and fitness profile, meal data, and chat messages) and the resulting Outputs pass through OpenRouter on the way to and from the downstream models listed in Section 10. OpenRouter is engaged as a processor under Standard Contractual Clauses (SCCs); see Sections 10 and 13 for the data categories, downstream models, and transfer safeguards.
• Downstream AI model providers: Google LLC (Gemini text and image models) and Black Forest Labs, Inc. (FLUX image models). They receive your Inputs from OpenRouter only for the duration needed to generate a response and are subject to their own terms; see Section 10.
• Cloud hosting and storage: Amazon Web Services EMEA SARL / Amazon Web Services, Inc. (AWS) hosts our backend (Amazon ECS, Frankfurt — eu-central-1) and stores user-uploaded files such as profile and meal photos in Amazon S3. AWS also processes meal photos through Amazon Rekognition for content moderation and sends transactional email through Amazon SES.
• Push notifications: Expo (650 Industries, Inc., United States) delivers push notifications to your device via the Expo Push Service. Expo receives your Expo push token, notification payload (e.g. workout reminder, achievement), and device platform. It does not receive your account credentials, health profile, or chat content.
• Error monitoring: Sentry (Functional Software, Inc., United States) for crash reporting and error tracking to maintain app stability. Sentry may collect device information, error logs, and app state data. No personally identifiable information is intentionally shared.
• Payment processing: RevenueCat, Inc. (United States) for managing in-app subscriptions. RevenueCat receives your email address and purchase transaction data to process and validate subscriptions.
• Product analytics: Google LLC (Firebase Analytics / Google Analytics for Firebase) for measuring feature usage, screen flows, and retention. Receives pseudonymous identifiers, app-event names + parameters, and high-level user properties (plan tier, fitness goal). Used only when you grant Analytics consent during onboarding. Subject to Google's Privacy Policy.
• Ad attribution: Meta Platforms Ireland Ltd. (Facebook App Events) for measuring the performance of our marketing campaigns. Receives bottom-funnel events (install, registration, trial start, purchase) and, on iOS only when you grant App Tracking Transparency authorization, your device's advertising identifier (IDFA). Used only when you grant Marketing consent. Subject to Meta's Privacy Policy.

We do not sell your personal data to third parties for their direct marketing.

9. Cookies & Tracking Technologies

We and our partners may use cookies, SDKs, pixels, beacons, and other technologies to collect usage and device data. You may have options to manage or disable them via browser or device settings, but disabling may reduce functionality.

Website cookie banner: On our website, a consent banner appears on your first visit and no non-essential cookie or tracker is set until you act on it. Cookies are grouped into three categories: Essential (always on — required for security, storing your consent choice, and basic site function), Analytics (e.g. Google Analytics, to understand site usage), and Marketing (e.g. Meta, to measure campaigns). Analytics and Marketing scripts load only after you accept the relevant category; if you reject, they never fire and the site stays fully functional. Your choice is stored for 6 months and can be changed at any time via the "Manage cookies" link in the website footer, which reopens the preferences panel.

In-app SDKs: The Fitnutri AI mobile app embeds Firebase Analytics (Google LLC) and the Meta App Events SDK (Meta Platforms Ireland Ltd.). Both default to a denied state on launch and are activated only after you grant the relevant consent during onboarding (Analytics and Marketing, respectively). You can revoke either consent at any time from Profile Settings → Manage Consents; revocation takes effect immediately and stops further event collection.

iOS App Tracking Transparency: If you grant Marketing consent on iOS, the system will prompt you with Apple's App Tracking Transparency dialog. Authorizing it allows Meta to receive your device's advertising identifier (IDFA) for cross-app ad attribution. Declining prevents IDFA collection — Meta will still receive aggregated conversion postbacks via Apple's SKAdNetwork, which is privacy-preserving and device-anonymous.

Opt-out: You can disable Firebase Analytics and Meta App Events globally by toggling the Analytics and Marketing consents off in Manage Consents. To delete previously collected mobile analytics data, you can permanently delete your account from Profile Settings → Delete Account, which clears your in-app analytics identifiers.

10. Automated Decision-Making and AI

Fitnutri AI uses third-party artificial intelligence services to generate personalized workout plans, meal plans, chatbot responses, daily suggestions, and meal images.

How AI requests are routed: All AI requests are sent first to OpenRouter, Inc.("OpenRouter"), a US-based AI routing platform. OpenRouter forwards each request to the appropriate downstream model and returns the response to us. OpenRouter is engaged as a processor and we have not opted in to OpenRouter's prompt-logging feature, which means OpenRouter does not retain your Inputs or Outputs beyond what is necessary to route and meter the request. OpenRouter's handling of data is subject to its Privacy Policy and Terms of Service.

Downstream AI models used (via OpenRouter):

• Google Gemini text models (Google LLC) — used for chatbot conversations, workout plan generation, meal plan generation, exercise swap ranking, grocery list normalization, daily suggestions, and content verification. Specifically: google/gemini-3.1-flash-lite (primary) and google/gemini-3-flash-preview (fallback).
• Google Gemini vision model (google/gemini-3.1-flash-lite, multimodal) — used when you submit a photo of a meal so we can identify the food and estimate macros. Your photo is transmitted as part of the request.
• Black Forest Labs FLUX image model(Black Forest Labs, Inc. — black-forest-labs/flux.2-klein-4b) and Google Gemini image preview (google/gemini-3.1-flash-image-preview, fallback) — used to generate the illustrative meal-card images shown in your meal plan. These requests carry only the meal name, type, description, and ingredient list — no personal identifiers.

What data is shared with OpenRouter and the models:

• Age, gender, weight, and height
• Fitness goals and activity level
• Workout history and exercise preferences
• Dietary preferences, food allergies, and preferred cuisines
• Meal logs and nutrition intake
• Soreness and injury information (when provided)
• Chat messages you send to the in-app assistant
• Meal photos you upload (only for vision-based meal recognition; not stored at the model provider beyond the request)

Why this data is shared: To generate personalized workout plans, meal plans, exercise swap recommendations, daily suggestions, chatbot responses, and meal-card images tailored to your fitness profile.

Data retention by AI providers: We instruct OpenRouter to process your Inputs in real time and do not opt in to its prompt-logging feature, so OpenRouter does not retain your Inputs or Outputs beyond what is necessary to route and meter the request. OpenRouter forwards Inputs to the downstream model providers listed above only for the duration needed to produce a response; each downstream provider's handling of data is subject to its own terms, in particular Google's Privacy Policy (for Gemini) and Black Forest Labs' Privacy Policy (for FLUX). We do not authorize any of these providers to use your Inputs to train their models.

Legal basis and safeguards for transfers: OpenRouter and Black Forest Labs are based in the United States, and Google may process data in the United States and other jurisdictions. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical and contractual measures, as further described in Section 13.

These AI-generated plans are suggestions only and do not constitute medical advice or legally binding decisions. You are free to modify or regenerate your plans at any time.

Nutrition recommendations are grounded in established nutrition and sports science guidelines, including those published by the World Health Organization (WHO), the U.S. Department of Agriculture (USDA), and the International Society of Sports Nutrition (ISSN). However, they are not a substitute for professional medical or dietary advice.

AI data sharing consent is required to use Fitnutri AI's core features. You provide this consent during onboarding. If you wish to stop AI processing of your data, you may delete your account through Profile Settings → Delete Account.

If you have questions about how our AI processes your data, contact us at support@fitnutri.com.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.
• Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required by Article 34 GDPR. Notification will be sent to your registered email address.

Breach notifications will include: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

12. Communications & Marketing

• You will receive essential service emails (account, security, notifications).
• For promotional emails, we will obtain your consent where required.
• Every marketing email includes an unsubscribe link.
• You can also opt out of promotional communications by contacting us or via settings.

13. International Transfers

Our backend and primary user-data storage are hosted in the European Union (Amazon Web Services, eu-central-1 region in Frankfurt, Germany). However, certain subprocessors process personal data outside the European Economic Area (EEA), principally in the United States:

• OpenRouter, Inc. (United States) — AI routing for chat, workout/meal generation, and image generation (Section 10).
• Google LLC (United States and other jurisdictions) — Gemini text, vision, and image models served via OpenRouter (Section 10).
• Black Forest Labs, Inc. (United States) — FLUX meal-image generation served via OpenRouter (Section 10).
• Sentry / Functional Software, Inc. (United States) — error and crash reporting (Section 8).
• RevenueCat, Inc. (United States) — in-app subscription management (Section 8).
• Expo / 650 Industries, Inc. (United States) — mobile push notification delivery (Section 8).

For each of these transfers we rely on the European Commission's Standard Contractual Clauses (SCCs, Decision 2021/914) as the lawful transfer mechanism, together with supplementary technical and contractual measures (such as encryption in transit, role-restricted access, and contractual prohibitions on using your data to train AI models). Where a provider has its own EU representative or EEA region available, we route requests through that region in preference to a US region.

If you would like a copy of the SCCs in force for a specific subprocessor, contact us at support@fitnutri.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version with the "Effective date" updated. If changes materially affect your rights, we will notify you (e.g. via email) where required by law.

15. Contact Us

If you have questions or concerns about this policy, or to exercise your rights, contact:

Fitnutri B.V. Baarnsche Dijk 6 C1 3741 LR Baarn Netherlands

Email: support@fitnutri.com