Skip to main content
Hysa Tech LogoHYSA TECH

Privacy Policy

Nutrio

Last Updated: 2 April 2026

Nutrio ("we", "our", or "us"), operated by Hysa Tech, respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you use the Nutrio mobile application (the "App"). By installing or using the App, you agree to the practices described below. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide

  • Account Information — email address, display name, and profile photo when you create an account via email, Google Sign-In, or Sign in with Apple.
  • Body & Profile Details — age or date of birth, gender, height, current weight, goal weight, activity level, eating style, dietary preferences, past dieting experience, nutrition challenges, and unit preference (metric/imperial).
  • Meal Photos & Food Logs — photos you take or upload for AI-powered food analysis, along with the resulting nutrition data (calories, macronutrients, micronutrients, nutrition score, portion sizes). You can delete any meal entry and its associated photo at any time.
  • Exercise Logs — exercise type, intensity, duration, and estimated calories burned.
  • Water Intake Logs — daily water consumption records.
  • Weight Entries — historical weight records you log over time to track progress.
  • Energy Level Feedback — optional self-reported energy ratings after meals.
  • Chat Messages — messages and images you send to our AI nutrition assistant, including full conversation history.
  • Saved Foods — foods you save for quick re-logging, including usage frequency.
  • Notification Preferences — your chosen meal reminder times and notification settings.
  • Health Platform Data — if you choose to connect Apple Health (iOS) or Health Connect (Android), we may read the following data from your device's health platform: daily step counts, workout activities (type, duration, and calories burned), weight measurements, and active energy burned. With your permission, we also write your Nutrio data back to the health platform, including food logs (calories and macronutrients), water intake, weight entries, and exercise logs. Each data type can be individually enabled or disabled in your sync preferences.

1.2 Sensitive Health Data (Pregnancy & Breastfeeding)

If you choose to enable pregnancy or breastfeeding features, we collect additional sensitive health data, including: pregnancy status, due date, breastfeeding type (exclusive or partial), and gestational information. This data is collected only with your explicit consent through a dedicated consent flow before the feature is activated. We maintain an audit trail of your consent, including the timestamp. You may delete your pregnancy data independently at any time through Settings without deleting your entire account. This data is processed under GDPR Article 9(2)(a) (explicit consent for special category data).

1.3 Automatically Collected Information

  • Device & Notification Tokens — Firebase Cloud Messaging (FCM) tokens to deliver push notifications you opt in to receive.
  • Analytics Data — anonymised usage events, crash reports, and performance data collected via Firebase Analytics and Firebase Crashlytics.
  • Subscription Data — purchase identifiers, subscription status, entitlements, and expiration dates processed through RevenueCat.
  • Gamification Data — streak counts, longest streaks, achievements, and daily calorie log summaries to power motivational features.
  • Advertising Identifiers — on iOS, we request your permission via Apple's App Tracking Transparency (ATT) framework before collecting your Identifier for Advertisers (IDFA). You may decline, and the App will function normally without it.
  • Health Sync Metadata — when health platform integration is enabled, we automatically sync data (such as steps and workouts) when you open the App. On Android, this requires the Activity Recognition permission for step counting. Sync timestamps and connection status are stored to manage the integration.

2. How We Use Your Information

  • Provide AI-powered food analysis by sending your meal photos and descriptions to our AI services for nutrient identification.
  • Create, adjust, and recalibrate your personalised calorie and macronutrient plan based on your profile, goals, and progress.
  • Adjust nutrition targets for pregnancy or breastfeeding when you opt in to that feature.
  • Power the AI nutrition assistant (chat) to provide personalised coaching, meal suggestions, and weekly nutrition insights.
  • Deliver adaptive coaching tips from Cal the Carrot, our in-app mascot.
  • Track exercise, water intake, weight history, and energy levels to give you a holistic view of your nutrition journey.
  • Maintain streaks, badges, and other gamified motivational elements.
  • Send timely, personalised push notifications and meal reminders.
  • Measure advertising campaign effectiveness and attribute app installs (with your consent on iOS).
  • Improve the App through anonymous analytics and crash reporting.
  • Sync health and fitness data between Nutrio and Apple Health or Health Connect to provide a unified view of your nutrition, activity, and body measurements across your health apps.
  • Import workouts and step data from your health platform to automatically track your activity and calorie expenditure within Nutrio.

3. Third-Party Services & Data Sharing

Nutrio does not sell your personal data. We share data with the following categories of service providers, solely to operate and improve the App:

3.1 AI & Machine Learning

  • Google (Firebase AI / Gemini) — meal photos and food descriptions are sent to Google's Gemini AI models for food identification and nutrient estimation. Google processes this data under its Data Processing Terms.
  • OpenAI — anonymised weekly nutrition summaries (meal names, nutrition scores, energy levels) are sent to OpenAI to generate personalised weekly insights. No photos or direct identifiers are shared with OpenAI.

3.2 Infrastructure & Backend

  • Google Firebase — authentication, database (Cloud Firestore), file storage (Firebase Storage), push notifications (Cloud Messaging), remote configuration, analytics, and crash reporting (Crashlytics).

3.3 Payments

  • RevenueCat — manages in-app subscriptions and purchases. RevenueCat receives purchase identifiers, entitlement data, and subscription status. Payment card details are handled entirely by Apple (App Store) or Google (Play Store) and are never accessible to us.

3.4 Analytics & Advertising

  • Firebase Analytics — collects anonymised usage events and user properties to help us understand how the App is used.
  • Firebase Crashlytics — collects crash reports and device diagnostics to help us fix bugs.
  • Meta (Facebook) SDK — used for install attribution and advertising measurement. Advertiser ID collection is enabled; automatic event logging is disabled. On iOS, data sharing with Meta requires your ATT consent.
  • TikTok Events SDK — used for install attribution, conversion tracking, and advertising measurement. On iOS, data sharing with TikTok requires your ATT consent.
  • SKAdNetwork — Apple's privacy-preserving framework used for ad attribution without sharing personal identifiers.

3.5 Health Platforms

  • Apple HealthKit (iOS) — if you connect Apple Health, Nutrio reads and writes health data (steps, workouts, weight, nutrition, water) directly through Apple's HealthKit framework. All data exchanged with HealthKit remains on your device within Apple's Health ecosystem. We do not transmit raw HealthKit data to external servers; however, imported data (such as workouts and weight) is stored in your Nutrio account on Firebase as part of your exercise and weight logs.
  • Google Health Connect (Android) — if you connect Health Connect, Nutrio reads and writes health data (steps, workouts, weight, nutrition, water) through Google's Health Connect SDK. All data exchanged with Health Connect remains on your device within Google's health ecosystem. We do not transmit raw Health Connect data to external servers; however, imported data (such as workouts and weight) is stored in your Nutrio account on Firebase as part of your exercise and weight logs.

3.6 Authentication

  • Google Sign-In & Sign in with Apple — if you choose social login, the respective provider shares your name, email, and profile photo with us. We do not receive your password.

4. Data Storage, Retention & Deletion

Your data is stored on Google Firebase servers (Cloud Firestore and Firebase Storage). We retain your data for as long as your account is active or as needed to provide the service.

  • Full Account Deletion — you can permanently delete your account and all associated data (nutrition logs, meal photos, chat history, exercise logs, water logs, weight entries, gamification data, goals, preferences, and profile data) from within the App (Settings → Delete Account) or via our Account & Data Deletion page. Re-authentication is required to confirm deletion.
  • Pregnancy Data Deletion — you can delete pregnancy and breastfeeding data independently through pregnancy settings without deleting your entire account. Your nutrition goals will revert to their previous values.
  • Individual Meal Deletion — you can delete any individual food log entry and its associated photo at any time.

5. Data Security

We use industry-standard encryption in transit (TLS) and at rest. Access to your data is restricted to authorised personnel who require it to operate the service. Firebase Security Rules enforce that users can only access their own data. Despite these measures, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Your Choices & Rights

  • Access & Deletion — request access to or deletion of your personal data at any time by contacting us or using the in-app deletion feature.
  • Withdraw Consent — if you have consented to pregnancy data collection, you can withdraw consent and delete that data at any time.
  • Device Permissions — revoke camera, photo library, or notification permissions at any time through your device's system settings.
  • Tracking Opt-Out (iOS) — decline or revoke app tracking permission via iOS Settings → Privacy & Security → Tracking.
  • Health Data Permissions — you can disconnect Apple Health or Health Connect at any time through the App's settings. You can also enable or disable individual sync categories (steps, workouts, weight, nutrition, water) independently. Revoking health platform access does not delete data previously synced to your Nutrio account. You may also revoke Nutrio's access directly from your device's health platform settings (Apple Health or Health Connect).
  • GDPR Rights (EEA Users) — if you are in the European Economic Area, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Contact us at the address below to exercise these rights.

7. International Data Transfers

Your data may be processed on servers located outside your country of residence (including the United States) by our third-party service providers (Google, OpenAI, RevenueCat, Meta, TikTok). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or the service provider's compliance frameworks.

8. Children's Privacy

Nutrio is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app. The "Last Updated" date at the top will be revised accordingly. Continued use of the App after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Hysa Tech

Email: [email protected]

Return to Home

Back to Home