nutritious.love ♥

Data controller

nutritious.love is operated by Josef Richter (sole proprietor). For privacy inquiries, contact josef.richter@me.com.

What we collect and why

We collect the following data, each with a specific legal basis:

• Email address — for authentication via magic links. Legal basis: contract performance.
• Food entries — the meals, nutrition data, and photos/labels you submit. Legal basis: contract performance.
• Payment information — processed by Stripe for paid subscriptions. We do not store your card details. Legal basis: contract performance.
• Usage analytics — anonymous page views and interactions via PostHog (EU servers), loaded only with your consent. Legal basis: consent.
• Error reports — technical error data collected by Sentry to maintain service reliability. May include IP address and browser information. Legal basis: legitimate interest (service stability).

AI processing and third-party data sharing

When you submit food descriptions, photos, or nutrition labels, this data is sent to OpenAI for AI analysis. Specifically:

• Text descriptions of meals are sent to OpenAI's API to estimate nutritional values.
• Photos of food and nutrition labels are sent as images for analysis.
• Voice recordings (if used) are sent to OpenAI's Whisper API for transcription, then deleted.

OpenAI processes this data under their API data usage policy, which states that API inputs are not used to train their models. We do not send your email address or account information to OpenAI.

Sub-processors

We use the following third-party services to operate nutritious.love:

International data transfers

Your data may be transferred to and processed in the United States by our hosting provider (Fly.io), AI provider (OpenAI), payment processor (Stripe), and email provider (Resend). These transfers are necessary to provide the service. Each provider maintains appropriate data protection measures.

Cookies

We use the following cookies:

• Session cookie (_nutrition_tracker_key) — essential for authentication. Cannot be disabled.
• Analytics cookies (PostHog) — loaded only if you click "Accept" on the cookie banner. You can change your preference at any time by clearing your browser's local storage.

Data retention

• Demo entries (no account) — automatically deleted after 3 days.
• Registered accounts — your data is retained as long as your account exists.
• After account deletion — all personal data (email, food entries, usage records) is permanently deleted within 30 days of your request.
• Magic link tokens — expired tokens are automatically purged hourly.

Your rights

Under GDPR and applicable privacy laws, you have the right to:

• Access — request a copy of all data we hold about you.
• Rectification — correct inaccurate data (you can edit entries directly in the app).
• Erasure — request deletion of your account and all associated data.
• Data portability — request your data in a machine-readable format.
• Withdraw consent — opt out of analytics at any time via the cookie banner.
• Object — object to processing based on legitimate interest.
• Lodge a complaint — with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, email josef.richter@me.com. We will respond within 30 days.

Account deletion

To delete your account and all associated data, email josef.richter@me.com from the email address associated with your account. We will process your request and permanently delete all your data within 30 days.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app or email. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions, contact josef.richter@me.com.