Privacy Policy

Effective Date: April 21, 2026

Last Updated: April 21, 2026

Nutrify Me AI is a product of Kash India (Proprietorship), operating the website www.nutrifyme.ai, the Nutrify Me AI mobile application (available on iOS and Android), and all related services (collectively, the “Service”). In this Privacy Policy, “we,” “us,” or “our” refers to Kash India, doing business as Nutrify Me AI. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Service.

Nutrify Me AI is an AI-powered nutrition and meal planning platform that enables users to receive personalized dietary recommendations based on their health profile, goals, and preferences. Our Service includes features such as AI-powered meal plan generation, photo-based food analysis, a conversational AI nutrition assistant, health profile management, dietary preference tracking, and nutritional goal monitoring.

IMPORTANT — HEALTH DATA NOTICE: Our Service collects and processes health-related information, including (optionally) medical conditions, medications, blood/lab reports, and family medical history. This information is classified as sensitive personal data under the Digital Personal Data Protection Act, 2023 (India), special category data under the General Data Protection Regulation (GDPR), and sensitive personal data or information under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. We process this data only with your explicit consent and implement enhanced security measures to protect it.

By accessing or using our Service, you explicitly consent to the collection, use, storage, and processing of your information — including health-related data — as described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you create a Nutrify Me AI account, we collect your name, email address, and password (or third-party authentication credentials if you sign in via Google or Apple). If you contact us through our website or app, we collect the information you submit.

1.2 Basic Health Profile (Required)

To provide personalized meal plans and nutrition recommendations, we collect the following during onboarding:

  • Body Metrics: Height, weight, age, and biological sex.
  • Activity Level: Your self-reported physical activity level (sedentary, lightly active, moderately active, very active).
  • Dietary Goals: Your nutritional objectives (e.g., weight loss, muscle gain, maintenance, general health improvement).
  • Dietary Preferences: Dietary type (e.g., vegetarian, vegan, eggetarian, non-vegetarian, keto, paleo, Jain, no preference) and any specific food preferences or dislikes.

1.3 Sensitive Health Data (Optional)

You may optionally provide additional health information to enable more personalized recommendations. None of the following is required to use the Service — the app functions fully without it. You may provide:

  • Food Allergies and Intolerances: Specific allergens (e.g., gluten, dairy, nuts, shellfish, soy, eggs) and food intolerances (e.g., lactose intolerance, fructose malabsorption).
  • Medical Conditions: Self-reported diagnosed conditions such as diabetes (Type 1, Type 2, gestational), hypertension, PCOS/PCOD, thyroid disorders (hypothyroidism, hyperthyroidism), cardiovascular disease, kidney disease, fatty liver, high cholesterol, anemia, or other conditions you choose to disclose.
  • Current Medications: Names and dosages of medications you are currently taking, provided so the AI can attempt to consider potential dietary interactions. This is not a substitute for pharmacist or physician guidance — see Section 2.3.
  • Blood and Lab Reports: You may upload photographs or scanned copies of your blood test reports (e.g., CBC, lipid panel, HbA1c, thyroid panel, vitamin/mineral levels, liver function tests, kidney function tests). Our AI uses vision technology to extract values from these reports. The original image is processed transiently and is NOT permanently stored — only the extracted numerical values and test names are retained in your health profile. See Section 3.2 for details.
  • Family Medical History: You may provide information about medical conditions that run in your family (e.g., family history of diabetes, heart disease, cancer, or other hereditary conditions).

By providing any Sensitive Health Data, you grant explicit consent to its processing for the specific purpose of generating personalized nutrition recommendations. You may withdraw this consent and delete any or all of your Sensitive Health Data at any time (see Section 7).

1.4 Meal and Nutrition Data

When you use the Service, we collect and store:

  • Meal Logs: Records of meals you log (manually entered or AI-analyzed from photos), including food items identified, portion sizes estimated, and nutritional values calculated.
  • AI Chat History: Your conversations with the AI nutrition assistant, including questions you ask and responses provided. Chat history is retained to provide contextual continuity and to improve the relevance of future recommendations within your account.
  • Meal Plan Data: AI-generated meal plans, saved recipes, and dietary schedules created for you.
  • Goal Progress: Tracked metrics including daily caloric intake, macronutrient breakdown (protein, carbohydrates, fat), micronutrient estimates, and progress toward your stated goals.

1.5 Food Photos

When you use the photo-based food analysis feature, you capture or upload a photograph of your meal. This photograph is transmitted to our AI providers (Google Gemini) for food identification and nutritional estimation. The photograph is processed transiently — it is sent to the AI provider for analysis, the results (identified food items and estimated nutritional values) are returned and stored in your meal log, and the original photograph is NOT permanently stored on our servers. The photograph may be temporarily cached in memory during processing (typically for seconds to minutes) but is not written to persistent storage. We do not retain a library of your food images.

1.6 Usage and Analytics Data

We collect standard usage data to improve our Service, including:

  • Pages and screens visited within the app or website, features used, session duration, and interaction patterns.
  • Device information: device type, operating system and version, app version, screen resolution, and device identifiers (where permitted).
  • Network information: IP address, approximate location (city/region level, derived from IP address — we do not collect precise GPS location).
  • Error logs and crash reports (via Firebase Crashlytics).

1.7 Cookies and Tracking Technologies

Our Service uses the following cookies and tracking technologies:

  • Essential Cookies: Required for authentication, session management, and core Service functionality on the web application. These cannot be disabled.
  • Analytics Cookies: We use Google Analytics and Firebase Analytics to collect anonymized usage statistics and app performance data. These services may set cookies on your device or use mobile advertising identifiers. You can learn more about how Google uses data at policies.google.com/technologies/partner-sites.
  • Push Notification Tokens: If you enable push notifications, we store a device token to deliver notifications. You can disable push notifications through your device settings at any time.

You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of our web application. On mobile, you can limit ad tracking through your device's privacy settings.

2. How We Use Your Information

2.1 Primary Uses

We use the information we collect to provide and improve the Nutrify Me AI Service. Specifically:

  • Personalized Meal Planning: To generate AI-powered meal plans tailored to your health profile, dietary preferences, goals, allergies, and (if provided) medical conditions and lab values.
  • Food Analysis: To analyze photographs of your meals using AI image recognition and estimate nutritional content.
  • AI Nutrition Assistant: To power the conversational AI nutrition assistant that answers your dietary and nutrition questions based on your profile context.
  • Goal Tracking: To track and display your nutritional intake, goal progress, and dietary patterns over time.
  • Notifications: To send you meal reminders, goal progress updates, and Service-related communications via push notifications and email.
  • Customer Support: To respond to your inquiries and resolve issues.
  • Security and Fraud Prevention: To detect and prevent fraud, abuse, and unauthorized access.

2.2 Secondary Uses

  • Service Improvement: To analyze aggregated, anonymized usage patterns to improve features, fix bugs, develop new capabilities, and enhance platform performance. We do not use your individual health data for product development — only aggregated, de-identified statistics.
  • Analytics: To understand how users interact with the Service and identify areas for improvement using Google Analytics and Firebase Analytics.

We reserve the right to use aggregated, anonymized, and de-identified data (from which no individual can be identified and from which no individual health information can be reconstructed) for any lawful business purpose, including analytics, benchmarking, research, product development, and marketing. This right survives termination of your account.

2.3 How We Do NOT Use Your Information

To be explicit about the boundaries of our data use:

  • We do NOT sell your health data. We do not sell, rent, trade, or share your personal health information, medical conditions, medications, lab values, or dietary data with any third party for their own commercial use, advertising, profiling, insurance underwriting, employment screening, or any other independent purpose.
  • We do NOT use your health data for advertising. We do not use your medical conditions, medications, lab reports, or health profile to target advertisements to you. We do not serve third-party ads in our Service.
  • We do NOT share your data with insurance companies, employers, or data brokers. Under no circumstances do we disclose your health information to insurers, employers, or commercial data brokers.
  • We do NOT provide medical advice. Our AI generates dietary suggestions and nutritional information only. See the important disclaimers in our Terms and Conditions.

3. Data Storage and Retention

3.1 What We Store

  • Account Data: Your name, email, authentication credentials (hashed), and account preferences, stored for the duration of your account.
  • Health Profile Data: Your body metrics, dietary preferences, goals, activity level, and (if provided) allergies, medical conditions, medications, family history, and extracted lab values — stored for the duration of your account unless you delete specific data points earlier.
  • Meal and Nutrition Data: Meal logs, AI chat history, generated meal plans, and goal progress data — stored for the duration of your account.
  • Extracted Lab Values: If you upload a lab report, only the extracted numerical values and test names (e.g., “HbA1c: 6.2%”, “Total Cholesterol: 210 mg/dL”) are stored in your health profile. The original image is not stored (see Section 3.2).
  • Notification Preferences: Your push notification and email notification settings.

3.2 How We Handle Lab Report Images

When you upload a photograph or scan of a blood/lab report:

  1. The image is transmitted via encrypted connection (HTTPS/TLS 1.2+) to our servers.
  2. The image is sent to our AI provider (Google Gemini) for value extraction using vision/OCR capabilities.
  3. The AI returns extracted test names and numerical values.
  4. The extracted values are stored in your health profile.
  5. The original image is discarded from our servers and is NOT written to persistent storage. It may exist in transient memory/cache during processing (typically seconds to minutes) but is programmatically purged after extraction is complete.
  6. We do not retain, archive, or back up the original lab report images.

Note: The image is transmitted to Google's servers for AI processing during step 2. Google's handling of this data is subject to their privacy policy (see Section 6.2). We cannot control or guarantee Google's transient data handling practices, though our API usage is governed by Google's data processing terms which restrict Google from using API data for model training.

3.3 What We Do Not Store

  • Your food photographs (processed transiently and discarded — see Section 1.5).
  • Your lab report images (processed transiently and discarded — see Section 3.2).
  • Your payment card details (handled entirely by Razorpay, Apple, or Google).
  • Precise GPS location data (we use only IP-derived approximate location).
  • Your password in plain text (passwords are salted and hashed using industry-standard algorithms).

3.4 Retention After Account Deletion

When you delete your Nutrify Me AI account:

  • All health profile data (including medical conditions, medications, lab values, allergies, and family history) is permanently deleted within 15 days. We apply a shorter retention window for health data given its sensitive nature.
  • All meal logs, AI chat history, meal plans, and goal progress data are deleted within 15 days.
  • Account information (name, email) is deleted within 30 days.
  • Anonymized, aggregated analytics data that cannot be used to identify you or reconstruct your health information may be retained indefinitely for service improvement purposes. The anonymization process we apply is irreversible — once data has been anonymized, it cannot be re-identified or linked back to you, and therefore falls outside the scope of personal data under applicable data protection laws.

4. Data Security

We implement enhanced security measures to protect your data, with additional safeguards for health-related information:

  • Encryption in Transit: All data transmitted between your device and our servers, and between our servers and third-party APIs (including OpenAI, Google Gemini, Anthropic Claude, Firebase, and Razorpay), is protected using HTTPS with TLS 1.2 or higher.
  • Encryption at Rest: All sensitive data, including health profile data (medical conditions, medications, lab values, allergies, family history), account credentials, and API keys, is stored using AES-256 encryption at rest.
  • Health Data Segregation: Health-related data is logically segregated from general account and usage data in our database architecture, with separate access controls.
  • Access Controls: We employ strict role-based access controls (RBAC) and require multi-factor authentication (MFA) for all internal system access. Access to health data is restricted to a minimal set of authorized personnel and is logged and audited.
  • No Unauthorized Human Access: Our policy prohibits employees or contractors from manually viewing, accessing, or analyzing your health data, meal logs, or AI chat history unless strictly required for: (a) responding to a support request you have initiated and with your explicit permission, (b) security auditing or investigating suspected abuse, (c) critical debugging necessary to maintain the Service, or (d) compliance with applicable law or legal process. Health data access requires additional authorization from a senior team member and is logged.
  • Infrastructure: Our Service is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), with regular security patches, automated monitoring, and intrusion detection. AWS maintains SOC 1, SOC 2, and ISO 27001 certifications for its infrastructure.
  • Mobile App Security: The mobile application uses secure local storage (iOS Keychain / Android Keystore) for authentication tokens. Health data displayed in the app is not cached to the device's local storage beyond the current session unless explicitly required for offline functionality.

While we implement reasonable and enhanced security measures for health data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data, and you acknowledge and accept this inherent risk.

In the event of a data breach affecting your personal data or health data, we will notify you as required by applicable law. Where GDPR applies, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of natural persons, and will notify affected individuals without undue delay where the breach is likely to result in a high risk. Under the DPDP Act, 2023, we will notify the Data Protection Board of India and affected Data Principals as required by applicable rules. Given the sensitive nature of health data, we will prioritize breach notifications involving health information. Our liability in connection with any data breach is limited to the extent set forth in our Terms and Conditions. We will take commercially reasonable steps to mitigate the impact of any breach, but we are not liable for breaches resulting from factors outside our reasonable control, including zero-day vulnerabilities, sophisticated cyberattacks, or failures of third-party service providers.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or share your health data, personal information, meal logs, or AI chat history with any third party for their own advertising, profiling, marketing, insurance underwriting, employment screening, or independent use.

We may share limited data only in the following circumstances:

  • AI Service Providers: We use the following AI providers that process data on our behalf under strict contractual obligations to maintain confidentiality and security. These providers do not have independent rights to use your data:
    • Google Gemini API: For food photo recognition, lab report value extraction (vision/OCR), and nutritional analysis. Receives food photographs (transiently) and lab report images (transiently) for processing. Also receives contextual health profile data necessary for personalized meal plan generation. Google's use of API data is governed by their API Terms of Service and Data Processing Terms, which restrict Google from using API data to train or improve their models.
    • OpenAI API: For AI-powered meal plan generation, dietary recommendation engine, and nutritional analysis. Receives contextual health profile data (dietary preferences, goals, allergies, and if provided, medical conditions and extracted lab values) necessary to generate personalized recommendations. OpenAI's use of API data is governed by their API Terms and Data Processing Addendum. OpenAI does not use data submitted via the API to train or improve their models.
    • Anthropic Claude API: Powers the conversational AI nutrition assistant. Receives your chat messages and relevant health profile context necessary to provide personalized conversational responses. Anthropic's use of API data is governed by their API Terms and Privacy Policy. Anthropic does not use data submitted via the API to train their models.
  • Cloud Infrastructure: Amazon Web Services (AWS) — for hosting, database, storage, and computing services.
  • Analytics: Google Analytics and Firebase Analytics — for anonymized usage statistics and crash reporting. We do not send health data (medical conditions, medications, lab values, allergies) to analytics services. Only general usage patterns (screens viewed, features used, session data) are collected by analytics.
  • Email Notifications: We use third-party email delivery services (which may change from time to time at our discretion) to send transactional emails (account verification, password resets, meal reminders). Only your email address and the email content are shared with the email delivery provider — not your health data. We reserve the right to change our email delivery provider without prior notice, provided the replacement provider maintains equivalent data protection standards.
  • Legal Requirements: We may disclose your information if required to do so by applicable law, regulation, legal process, or governmental request. Where legally permitted, we will attempt to notify you before disclosing your health data in response to a legal request.
  • Safety and Security: We may disclose information if we believe in good faith that it is necessary to prevent fraud, protect the safety of any person, address security or technical issues, or protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described in this policy. We will notify you via email or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy. Given the sensitivity of health data, we will provide at least 30 days' notice before transferring health data to any successor entity and will provide you the opportunity to delete your health data before the transfer.
  • With Your Consent: We may share your information for purposes not described in this policy if you provide explicit consent.
  • Sub-Processor Changes: We reserve the right to engage new sub-processors (service providers who process your data on our behalf) or replace existing sub-processors, provided any replacement maintains equivalent or higher data protection standards. We will update this Privacy Policy to reflect material sub-processor changes. Where required by GDPR, we will provide prior notification of new sub-processors.

We explicitly do NOT share your data with:

  • Insurance companies or health insurers
  • Employers or employment agencies
  • Data brokers or data aggregators
  • Advertising networks or ad tech companies
  • Government health databases (unless compelled by law)
  • Any third party for medical research without your separate, explicit, informed consent

6. Third-Party AI Processing

6.1 Overview of AI Data Flow

Our Service uses multiple AI providers to deliver different features. When your data is sent to an AI provider, it is transmitted via encrypted connections and processed according to the provider's API terms. We use only enterprise/API-tier access for all AI providers, which includes contractual commitments that your data will not be used to train the provider's general AI models.

The following table summarizes which data goes to which provider:

Data TypeGoogle GeminiOpenAIAnthropic Claude
Food photos✅ (transiently)
Lab report images✅ (transiently)
Health profile context✅ (in chat context)
Chat messages
Meal plan generation

6.2 Google Gemini

Google Gemini is used for food photo analysis (image recognition and nutritional estimation) and lab report value extraction (vision/OCR). When you use these features:

  • Food photographs and lab report images are transmitted to Google's servers for processing. Images are processed transiently and are not permanently stored by us (see Sections 1.5 and 3.2).
  • Health profile context (dietary preferences, goals, allergies, and if provided, medical conditions) may be sent to Gemini for context-aware meal planning.
  • Google's use of this data is governed by the Google API Terms of Service and Google Privacy Policy. Under the Google Cloud Data Processing Terms, Google is prohibited from using API data to train or improve their general models.

6.3 OpenAI

OpenAI powers the meal plan generation engine and dietary recommendation system. When you use these features:

  • Your health profile context (dietary preferences, goals, body metrics, allergies, and if provided, medical conditions, medications, and extracted lab values) is sent to OpenAI for generating personalized meal plans and recommendations.
  • OpenAI's use of this data is governed by their API Terms and Data Processing Addendum. OpenAI does not use data submitted via the API to train their models.

6.4 Anthropic Claude

Anthropic Claude powers the conversational AI nutrition assistant. When you use the chat feature:

  • Your chat messages and relevant health profile context (to provide personalized responses) are sent to Anthropic's servers.
  • Anthropic's use of this data is governed by their Commercial Terms and Privacy Policy. Anthropic does not use data submitted via the API to train their models.

6.5 AI Provider Changes

We reserve the right to change the underlying AI service providers, models, or technologies used in the Service at any time. When we change AI providers, we may change where your data is processed (potentially in a different jurisdiction). We will update this Privacy Policy to reflect material changes in AI providers. Given the sensitivity of health data, we will provide at least 15 days' notice before any AI provider change that materially affects how your health data is processed. Your continued use of the Service after notification constitutes acceptance of the new processing arrangements.

6.6 AI Output Accuracy

AI providers generate outputs based on statistical models and patterns. Nutritional estimates, meal plan suggestions, and conversational responses generated by AI are NOT verified by licensed dietitians, nutritionists, or healthcare professionals. AI outputs may be inaccurate, incomplete, or inappropriate for your specific health situation. See our Terms and Conditions for important health disclaimers.

7. Your Rights and Data Deletion

7.1 Your Rights

You have the following rights regarding your data:

  • Access: You may request a copy of the personal data and health data we hold about you.
  • Correction: You may request correction of inaccurate or incomplete personal or health data. You can also directly edit your health profile through the app at any time.
  • Deletion: You may request deletion of your personal data and health data at any time (see Section 7.2).
  • Data Portability: You may request your data in a structured, machine-readable format.
  • Withdraw Consent: You may withdraw your consent to data processing at any time. For health data, you may withdraw consent for specific data categories (e.g., delete medical conditions while keeping dietary preferences) without deleting your entire account.
  • Restrict Processing: You may request restriction of processing of your personal data in certain circumstances (e.g., while we verify accuracy of data you have contested), as provided under GDPR Article 18 where applicable.
  • Object: You may object to certain processing of your data, including processing for direct marketing purposes.
  • Granular Health Data Control: You may delete individual health data categories at any time through the app (e.g., remove your medical conditions, clear your medication list, delete extracted lab values, or remove your family history) without deleting your entire account or other data.

7.2 Deleting Your Data

You may delete your data through the following methods:

  • In-app (Granular): Delete individual health data categories, specific meal logs, AI chat history, or specific lab report data through the app settings and profile management screens.
  • In-app (Full Account): Delete your entire account and all associated data through the app settings.
  • Email: Send a request to help@nutrifyme.ai with the subject line “Data Deletion Request.” We will confirm receipt within 48 hours and complete the deletion within 15 days for health data and 30 days for other data.

7.3 Children's Data

Nutrify Me AI is designed for adults aged 18 and above. We do not knowingly collect personal information or health data from anyone under 18. If you are a parent or guardian and believe that your child has provided us with personal or health information, please contact us immediately at help@nutrifyme.ai. If we become aware that we have collected personal information from a child, we will take steps to delete that information within 48 hours.

8. Health Data — Special Considerations

8.1 Sensitivity Classification

Under the Digital Personal Data Protection Act, 2023 (India), health data is classified as personal data that requires explicit consent for processing. Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, health data (including medical records and history) constitutes “sensitive personal data or information” (SPDI) requiring heightened security standards. Under GDPR (for users in the EEA/UK), health data constitutes “special category data” under Article 9 and may only be processed with explicit consent or under another lawful basis.

We process your health data under the following lawful bases:

  • India (DPDP Act): Your explicit consent, provided when you voluntarily input health data into the Service.
  • India (IT Act/SPDI Rules): Your explicit consent, with reasonable security practices implemented as required.
  • GDPR (EEA/UK): Your explicit consent under Article 9(2)(a), provided when you voluntarily input health data.

8.2 Purpose Limitation

Your health data is processed exclusively for the purpose of generating personalized nutrition recommendations and meal plans within the Service. We do not use your health data for:

  • Advertising or marketing targeting
  • Insurance risk assessment or underwriting
  • Employment screening or background checks
  • Medical diagnosis, treatment, or clinical decision-making
  • Sale to third parties for any purpose
  • Training our own AI models on your individual health data
  • Any purpose other than providing the Service to you

8.3 Data Minimization

We collect only the health data that is relevant and necessary for providing personalized nutrition recommendations. All health data beyond basic body metrics is optional. The Service functions fully without medical conditions, medications, lab reports, or family history — providing these simply enables more tailored recommendations.

8.4 Right to Withdraw Consent for Health Data

You may withdraw your consent to health data processing at any time by:

  • Deleting specific health data categories through the app (e.g., removing medical conditions, medications, or lab values).
  • Deleting your entire account.
  • Contacting us at help@nutrifyme.ai.

Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal. After withdrawal, the Service will continue to function using only the data you have chosen to retain, but recommendations may be less personalized.

8.5 No Sale of Health Data

We will never sell your health data. This commitment is absolute and unconditional. It applies regardless of any future change in ownership, business model, or corporate structure of Kash India. In the event of a merger or acquisition, any successor entity is contractually bound to maintain this commitment under the terms of the asset transfer.

9. International Data Transfers

Nutrify Me AI is operated by Kash India from Ahmedabad, India. Our primary data infrastructure is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), meaning your data is primarily stored and processed in India.

Certain third-party services we use (including Google Gemini, OpenAI, and Anthropic Claude) may process data in other jurisdictions, including the United States. When your health data is sent to AI providers for processing, it may be temporarily processed on servers located outside India.

We take appropriate safeguards to ensure that data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed. Where required by applicable law (such as transfers from the European Economic Area), we implement appropriate legal mechanisms such as standard contractual clauses to ensure adequate data protection. All AI providers we use have contractual commitments regarding data security and restrictions on data use.

10. Compliance with Data Protection Laws

10.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, or if your health data is processed under GDPR jurisdiction, additional obligations apply. Our legal basis for processing your health data (special category data under Article 9) is your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise your GDPR rights, please contact us at help@nutrifyme.ai. We will respond within 30 days.

10.2 California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to know what personal information is collected about you, the right to delete your personal information, the right to opt out of the sale of your personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell your personal information or health data. To exercise your CCPA rights, please contact us at help@nutrifyme.ai.

10.3 Digital Personal Data Protection Act, 2023 (India)

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), and the Digital Personal Data Protection Rules, 2025, as applicable. In accordance with the DPDP Act:

  • We process your personal data and health data only with your explicit consent.
  • We collect and process only the data that is necessary to provide the Service.
  • We provide clear mechanisms to withdraw consent, request data deletion, and exercise your rights as a Data Principal.
  • We maintain reasonable security safeguards to protect your personal data, with enhanced safeguards for health-related data.
  • We have designated a Grievance Officer to address your concerns (see Section 13).

We also comply with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including implementing reasonable security practices (ISO 27001 equivalent or higher) for the handling of sensitive personal data or information (which includes health data).

10.4 Data Processing Agreement (DPA)

If you are a business, organization, or data controller subject to GDPR or other data protection frameworks that require a Data Processing Agreement, you may request a DPA by contacting us at help@nutrifyme.ai. We will provide a DPA that reflects the processing activities described in this Privacy Policy and complies with applicable data protection requirements.

10.5 Health Data Regulatory Note

Nutrify Me AI is a wellness and nutrition application. It is not a medical device, electronic health record (EHR) system, telemedicine platform, or clinical decision-support system. It is not subject to medical device regulations, HIPAA (U.S. Health Insurance Portability and Accountability Act), or equivalent healthcare-specific data regulations. However, we voluntarily apply heightened data protection standards to all health-related data as described throughout this policy.

11. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for interpreting DNT signals, our Service does not currently respond to DNT signals. You may opt out of tracking technologies as described in Section 1.8.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Service, applicable law, or the addition of new features and integrations. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy.
  • Notify you via email and/or a prominent in-app notification at least 15 days before the changes take effect.
  • For changes that materially affect how your health data is collected, used, shared, or stored, we will request your renewed explicit consent before applying the changes to your health data.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy (except for health data changes requiring renewed consent). We reserve the right to update this policy as our Service evolves.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact us at:

Kash India (doing business as Nutrify Me AI)

Email: help@nutrifyme.ai

Phone: +91 96629 18458

Address: 610, Venus Atlantis Corporate Park, 100 Feet Road, near Shell Petrol Pump, Prahlad Nagar, Ahmedabad, Gujarat 380015, India

Grievance Officer (India — DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, we have appointed the following Grievance Officer to address your concerns:

Name: Prakhar Dubey

Email: prakhar.d@hashtechy.com

If you have any grievances relating to the processing of your personal data or health data, you may contact the Grievance Officer. We will acknowledge your grievance within 48 hours and endeavor to resolve it within 30 days. Grievances related to health data will be prioritized.

We will respond to all privacy-related inquiries within 48 hours.