NutriTracker

Get started now
Plans & pricing

Last updated: 3 March 2026

This Privacy Policy explains how NutriTracker (“we”, “us”, “our”) collects, uses, shares, and protects your personal information when you use our website, apps, and services (together, the “Service”).

Who we are

Our website address is: https://www.nutritracker.io.

If you have questions about this policy or your data, you can contact us at: privacy@nutritracker.io.

What data we collect

Depending on how you use NutriTracker, we may collect the following types of information:

  • Account data: name, email address, password (stored as a secure hash), and basic profile details including date of birth, gender, and country.
  • App and coaching data you provide: goals, preferences, dietary information, workouts you log, messages you send to your AI coach, and files or media you upload (for example, progress photos or meal images).
  • AI coaching memory: if you have given consent for AI data processing, we may store facts and preferences your AI coach learns from your conversations (for example, dietary preferences or training habits). You can view, correct, delete, export, or pause this memory at any time from within the app.
  • Usage and device data: app interactions, pages viewed, feature usage, device type, operating system, app version, language, and approximate location (derived from IP address).
  • Health and fitness data (optional): if you choose to connect Apple Health, Garmin, or similar services, we may access the data you authorise via those integrations to provide coaching insights. Apple Health data is aggregated on your device; only daily summaries are sent to our servers. We do not receive or store raw health samples.
  • Payment data: if you subscribe to NutriTracker Pro, payment processing is handled by Stripe (for web and Android) or Apple (for iOS in-app purchases). We store subscription status and entitlement information but do not store full card details.
  • Support and communications: information you share with support, bug reports, and feedback.

Health and fitness data and your choices

NutriTracker may process health and fitness-related information to provide personalised coaching. You control whether to provide this information and whether to connect third-party services such as Apple Health. You can disconnect integrations at any time using your device or account settings.

We aim to minimise what we store. Apple Health data is aggregated on your device and only daily summaries (such as step counts, sleep hours, and workout duration) are sent to our servers when you use the app. We do not upload raw health samples. We do not sell your health data.

How we use your data

We use your information to:

  • Provide, operate, and improve NutriTracker, including personalised AI coaching and recommendations.
  • Create and manage your account, authentication, and preferences.
  • Process payments and manage your subscription entitlement.
  • Analyse usage to improve performance, reliability, and user experience.
  • Communicate with you about updates, security notices, and support requests.
  • Protect against fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our terms.

AI processing and your consent

NutriTracker’s AI coaching is powered by Google Gemini, a large language model provided by Google LLC. When you use the AI coaching features, relevant information from your profile, goals, health summaries, and conversation history is sent to the Gemini API to generate coaching responses. This data is processed by Google in accordance with Google’s data processing terms.

We ask for your explicit consent before processing your personal data through AI. You will be shown a consent screen the first time you use AI coaching features, and again if our data practices change in a material way. You must actively agree before any of your data is sent to the AI model.

You can withdraw your AI data consent at any time from Settings → Privacy within the app. Withdrawing consent will stop your data from being included in future AI requests. It will not affect coaching sessions that have already taken place.

NutriTracker also stores an AI memory: a set of facts and preferences your coach has learned over time (for example, that you are vegetarian, or that you train on weekday mornings). From Settings → Memory Controls you can:

  • View everything your coach remembers about you.
  • Pin important facts so your coach always references them.
  • Delete individual memory items.
  • Export all memory as a file (for portability or review).
  • Pause memory learning so no new facts are stored.

AI outputs are generated by a machine learning model and can be imperfect. They are provided for informational and motivational purposes only and should not be treated as medical, nutritional, or clinical advice. If you have medical concerns, consult a qualified healthcare professional.

Legal bases for processing (UK GDPR)

If you are in the UK or EEA, we process your personal data when we have a legal basis to do so, including:

  • Contract: to provide the Service you request, including account management, subscription processing, and core coaching features.
  • Consent: for AI data processing (sending your data to Google Gemini), optional health integrations, marketing communications, and other processing where your explicit agreement is required. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate interests: to operate, secure, and improve our Service, detect and prevent fraud, and protect the safety of our users and platform (balanced against your rights and interests).
  • Legal obligation: where we must comply with applicable law.

Cookies

We use cookies and similar technologies to help the website work, keep you signed in, remember preferences, and understand how the site is used.

If you visit our login page, we may set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we may set cookies to save your login information and display preferences. Login cookies typically last for two days, and display preference cookies may last for up to a year. If you select “Remember Me”, your login may persist for up to two weeks. If you log out, the login cookies are removed.

You can usually control cookies through your browser settings. If you disable cookies, parts of the Service may not work properly.

Comments

If visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (for example videos, images, and articles). Embedded content from other websites behaves in the exact same way as if you visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

Who we share your data with

We share data only as needed to provide the Service. Key third parties include:

  • Google LLC (Gemini API): when you have given AI data consent, your profile information, health summaries, and conversation history are sent to Google’s Gemini API to generate coaching responses. Google processes this data under their API terms and data processing agreements.
  • Stripe: payment processing for NutriTracker Pro subscriptions on web. Stripe handles card data directly and we receive only subscription status and identifiers.
  • Apple: in-app purchase processing on iOS, Sign in with Apple authentication, and HealthKit data integration. Apple’s privacy practices are governed by Apple’s own privacy policy.
  • Google (Analytics): we use Google Analytics to understand how our website and app are used. Analytics data is aggregated and does not identify individual users to us.
  • Firebase (Google): push notification delivery via Firebase Cloud Messaging.
  • Infrastructure and hosting providers: cloud database hosting (Neon), caching infrastructure (Upstash Redis), and server hosting, all under contractual data processing obligations.
  • Integration partners: if you connect third-party services such as Apple Health or Garmin, we receive and send data as needed to provide the integration, based on your authorisation.
  • Legal and safety: if required by law, or to protect the rights, safety, and security of NutriTracker, our users, or others.
  • Business transfers: if we are involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction.

If you request a password reset, your IP address may be included in the reset email.

International transfers

Your information may be processed in countries other than where you live, including the United States, where many of our service providers (including Google and Stripe) are based. Where required by applicable law, we use appropriate safeguards for international transfers, such as standard contractual clauses approved by the UK Information Commissioner’s Office or the European Commission.

How long we retain your data

We retain personal data only for as long as necessary to provide the Service and for legitimate business purposes, including legal, accounting, or reporting requirements.

If you delete your account, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it by law or for legitimate purposes such as fraud prevention.

AI memory items you have deleted are soft-deleted (retained in our database for a short period for audit and recovery purposes) before being permanently removed.

If you leave a comment on our website, the comment and its metadata may be retained indefinitely to help recognise and approve follow-up comments automatically.

Your rights

Depending on where you live, you may have rights including:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Delete your data (subject to legal exceptions).
  • Object to or restrict certain processing.
  • Port your data to another service.
  • Withdraw AI data consent at any time via Settings → Privacy in the app, or by contacting us. Withdrawal stops future AI processing of your data but does not affect past processing.
  • Withdraw any other consent where processing is based on consent.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

To exercise your rights, contact us at privacy@nutritracker.io. We may need to verify your identity before responding.

Security

We use reasonable technical and organisational measures designed to protect your data, including encrypted connections (HTTPS), secure session management, input validation, and role-based access controls. However, no method of transmission over the internet or electronic storage is completely secure.

Children’s privacy

NutriTracker is not intended for children under 13 (or the minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at privacy@nutritracker.io so we can take appropriate steps.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will update the “Last updated” date at the top of this page. Where changes are material, particularly changes affecting how we process your data through AI, we will notify you within the app and ask for your consent again where required.

Where your data is sent

Visitor comments may be checked through an automated spam detection service. When you use AI coaching features and have given consent, your data is sent to Google’s Gemini API for processing. Payment data is sent to Stripe (web) or processed by Apple (iOS). See the “Who we share your data with” section above for a full list of third parties.