Privacy Policy

Omnutrient (“we,” “our,” or “us”) operates the Omnutrient mobile application and website (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Omnutrient, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

Account Information

When you create an account, we collect your name, email address, and authentication credentials. You may also provide a profile photo, date of birth, and physical characteristics (height, weight) to personalize your experience.

Nutrition & Health Data

To provide our core service, we collect information you voluntarily enter, including:

• Meal logs (food items, calorie and macronutrient data, meal timing)
• Hydration tracking data
• Nutrition goals and dietary preferences
• Supplement intake logs
• Exercise and workout data
• Wellness goals and health profile information

Apple HealthKit Data

With your explicit permission, we may read and/or write data from Apple HealthKit, including steps, sleep, heart rate, workouts, and active energy. HealthKit data is used solely to provide health insights within the app and is never sold to third parties or used for advertising. You can revoke HealthKit access at any time through your device Settings.

Wearable & Fitness Integrations

If you connect third-party fitness services (such as Strava, WHOOP, or Oura), we collect activity and health data from those services in accordance with their respective privacy policies and your authorization. This data is used exclusively to enrich your Omnutrient experience.

Food Images & Barcode Data

When you use our food scanner feature, images are processed to identify food items and nutritional content. Images may be sent to our AI service provider for analysis. We do not permanently store food images after processing. Barcode scans are used to look up product information from public nutrition databases.

Chat & AI Interactions

Conversations with our AI nutrition assistant are stored to maintain chat history and provide contextual responses. Chat data may be used to improve the quality of AI responses but is not shared with third parties for marketing purposes.

Usage & Device Data

We automatically collect device type, operating system version, app version, and general usage analytics to improve performance and user experience. This data is collected in aggregate and is not used to personally identify you.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate personalized nutrition insights, recommendations, and analytics
• Power AI-driven features including the nutrition assistant and food recognition
• Sync health data across connected devices and services
• Send notifications you have opted into (meal reminders, weekly summaries)
• Respond to support requests
• Detect, prevent, and address technical issues or abuse
• Comply with legal obligations

We do not sell your personal data. We may share information with the following categories of third parties solely to operate the Service:

• Cloud Infrastructure: Vercel (hosting), Supabase (database and authentication)
• AI Services: OpenAI — see “AI Features & OpenAI” section below for full disclosure
• Payment Processing: Stripe (subscription billing) — we do not store your payment card details
• Nutrition Databases: USDA FoodData Central and OpenFoodFacts for food and barcode lookups

We require all third-party service providers to maintain appropriate security measures and to process your data only as instructed by us.

Omnutrient’s AI features — the AI Health Coach (chat), “Describe to AI” food entry, photo analysis for meals and nutrition labels, daily AI insights, “What to Eat” recommendations, and bulk meal parsing — transmit the input you provide to OpenAI, LLC (the operator of GPT-4 and related models) for processing.

In-app consent. The first time you use any AI feature, Omnutrient displays a consent screen disclosing what is sent, who receives it, and how it is handled, and asks you to either “Allow and continue” or “Not now.” AI features are disabled until you grant consent. You may revoke consent at any time via Settings → AI Features → Allow AI features.

What is sent. Only the specific input required to fulfill the request:

• Chat messages you type in the AI Health Coach
• Photos you upload for meal or nutrition-label analysis (transmitted as a base64-encoded image, deleted after the response)
• Text descriptions you type into “Describe to AI” or bulk meal entry (e.g. “chicken and rice for lunch”)
• Numerical summaries of your logged nutrition and activity (e.g. daily calorie/protein totals over the past 7 days) when you tap to generate an AI insight or meal suggestion

What is NOT sent. Your email address, name, location, date of birth, phone number, payment information, raw HealthKit data, and your full logged meal history are never transmitted to OpenAI. AI requests are dispatched server-side from our backend so OpenAI does not receive your IP address.

How OpenAI handles your data. Under our agreement with OpenAI, request inputs and outputs are not used to train OpenAI’s models. OpenAI may retain request data for up to 30 days for abuse monitoring, after which it is deleted from their systems. OpenAI’s data handling is governed by their API Data Usage Policy and Privacy Policy, available at openai.com/policies/api-data-usage-policies. We have confirmed that OpenAI provides protections substantially equivalent to those described in this Privacy Policy for the data we send them.

Declining AI consent. If you choose not to grant consent (or you revoke it later), AI features will be unavailable. All non-AI features — manual meal logging, barcode scanning, HealthKit sync, manual nutrition/activity tracking, and analytics — continue to work without sending any data to OpenAI.

In accordance with Apple’s HealthKit guidelines:

• HealthKit data is not used for advertising or marketing
• HealthKit data is not sold to data brokers or third parties
• HealthKit data is not shared with third parties without your explicit consent
• HealthKit data is stored securely and encrypted at rest
• You may revoke HealthKit permissions at any time via iOS Settings > Health > Data Access & Devices

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication via Supabase Auth with JWT tokens
• Row-level security policies ensuring users can only access their own data
• Regular security reviews of our infrastructure

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

We retain your personal data for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and service improvement.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent for optional data processing (e.g., HealthKit, notifications)
• Opt out of non-essential communications

You can delete your account directly from the app under Settings > Account > Delete Account. For other requests, contact us at nutrimind.ai.support@gmail.com.

If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it. You also have the right to request deletion and to opt out of the “sale” of personal information. We do not sell personal information.

To exercise your CCPA rights, contact us at nutrimind.ai.support@gmail.com.

Omnutrient is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at nutrimind.ai.support@gmail.com.

Your data may be transferred to and processed in countries other than your own, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email. The “Effective date” at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us: