Privacy Policy

1. Information We Collect

We collect the following types of information:

Information You Provide Directly:

• Account information: email address, password (encrypted)
• Profile information: name, dietary preferences, health goals, allergies, dietary restrictions
• User-generated content: meal plans, favorite recipes, shopping lists, meal photos, notes
• AI conversations: questions and interactions with our AI Nutrition Assistant
• Payment information: billing details (processed securely through Stripe - we do not store full credit card numbers)
• Communications: messages you send us for support or feedback

Information Collected Automatically:

• Device information: device type, operating system, unique device identifiers
• Usage data: features used, time spent in app, interactions with content
• Log data: IP address, browser type, access times, pages viewed
• Location data: general location based on IP address (not precise GPS location)

Information from Third Parties:

• Payment processors (Stripe) provide transaction confirmation and billing status
• Authentication providers if you sign in through third-party services

2. How We Collect Your Information

We collect information through:

• Direct input when you create an account, update your profile, or use app features
• Automatic collection through cookies, log files, and similar technologies
• File uploads when you add meal photos or other content
• API integrations with third-party services (payment processing, AI services)
• Analytics tools that track app usage and performance

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Provide, maintain, and improve our nutrition app and features
• Personalization: Customize recipe recommendations, meal plans, and content based on your preferences
• AI Assistance: Power our AI Nutrition Assistant to answer your questions (conversations are stored to improve responses)
• Payment Processing: Process subscriptions, manage billing, and prevent fraud
• Communications: Send service updates, subscription notifications, and respond to support requests
• Marketing: Send newsletters and promotional content (you can opt out anytime)
• Analytics: Analyze usage patterns, measure app performance, and identify areas for improvement
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our terms of service

4. Information Sharing and Third Parties

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers:

• Stripe: Payment processing (subject to Stripe's privacy policy)
• OpenAI: AI conversation processing (subject to OpenAI's privacy policy)
• Cloud Hosting: Data storage and app infrastructure
• Email Services: Transactional and marketing emails
• Analytics Providers: App usage analytics and performance monitoring

All third-party service providers are contractually required to protect your data with the same level of security we provide and may only use your information to perform services on our behalf.

Legal Requirements:

• When required by law, court order, or government request
• To protect our rights, property, or safety, or that of our users
• To enforce our terms of service or investigate violations

With Your Consent:

We may share information with other parties when you explicitly consent to such sharing.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Passwords are encrypted using industry-standard hashing (Argon2)
• All data transmission uses secure HTTPS/TLS encryption
• Database access is restricted and monitored
• Regular security audits and updates
• Payment information is processed through PCI-DSS compliant providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

How Long We Keep Your Data:

• Account data: Retained while your account is active
• AI conversations: Stored for service improvement and retained while your account is active
• Payment records: Retained for 7 years for tax and legal compliance
• Analytics data: Aggregated and anonymized data may be retained indefinitely
• Deleted account data: Permanently removed within 30 days of account deletion

Exceptions: We may retain certain information longer if required by law, to resolve disputes, enforce agreements, or for legitimate business purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information through your account settings
• Deletion: Request deletion of your account and all associated data
• Data Portability: Request an export of your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (service emails will still be sent)
• Revoke Consent: Withdraw consent for data processing where consent was the legal basis
• Object: Object to certain types of data processing

To exercise these rights, contact us at support@growandglownutrition.com or use the account settings in the app.

8. Account Deletion

You can delete your account at any time:

• Go to Account Settings in the app
• Select "Delete Account"
• Confirm by entering your password

What gets deleted: All personal data including profile information, meal plans, preferences, favorites, photos, AI conversation history, and account credentials.

What is retained: Anonymized analytics data and payment records required for legal compliance.

This action is permanent and cannot be undone.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze app usage and performance
• Provide personalized content

You can control cookies through your browser settings, but disabling cookies may limit app functionality.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately. If you believe we have collected information from a child under 13, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: