Privacy Policy

Effective date: 13 September 2025

NutriScan helps you understand your food and build better habits with privacy by design. This page explains what we collect, why we collect it, how we protect it, and the choices you have. Simple, honest, and in your control. 👍

Our Privacy Promise

• Collect the minimum needed to run and improve the app.
• No sale of personal data. Ever.
• Strong encryption, strict access, clear controls.

Privacy Policy in Other Languages

• 🇺🇸 English (Current): Privacy Policy | Terms of Use
• 🇮🇳 हिन्दी (Hindi): गोपनीयता नीति | उपयोग की शर्तें
• 🇪🇸 Español (Spanish): Política de Privacidad | Términos de Uso
• 🇫🇷 Français (French): Politique de Confidentialité | Conditions d'Utilisation
• 🇩🇪 Deutsch (German): Datenschutzerklärung | Nutzungsbedingungen

Scope & Multi-Language Compliance

Geographic Coverage

This Privacy Policy covers the NutriScan mobile applications (iOS and Android) and documentation website (nutriscan.app) for users worldwide.

Language Versions & Legal Equivalency

This policy is available in multiple languages to serve our global user base:

• English: Global version covering all jurisdictions
• हिन्दी (Hindi): India-specific provisions under DPDP Act 2023
• Español (Spanish): Spain-specific provisions under GDPR and LOPDGDD
• Français (French): France-specific provisions under GDPR and CNIL requirements
• Deutsch (German): Germany-specific provisions under GDPR and BDSG

Important: All language versions are legally equivalent and contain the same core protections. Regional variations address specific local legal requirements. In case of conflicts between language versions, the English version governs, except where mandatory local consumer protection laws apply.

Feature Availability

Some features are optional (voice, location, community features) and work only with your permission. Feature availability may vary by region due to local regulatory requirements.

Who We Are

• Company: NutriScan App (data controller)
• Contact: support@nutriscan.app
• In‑app: Profile → Contact Us

Data We Collect

Account & Authentication

• Name, email, phone number (India only for OTP sign-in)
• Sign‑in method (Google, Apple, or mobile OTP via Authkey.io)
• Authentication tokens and session data

Profile & Health Information

• Personal details: Age, gender, height, weight, activity level
• Health goals: Weight loss, muscle gain, diabetes management, PCOS, pregnancy, viral recovery
• Food preferences: Vegetarian, vegan, non-vegetarian, eggitarian
• Food restrictions and allergies
• Eating schedule and meal preparation preferences

Meal & Nutrition Data

• Meal photos and manual meal entries
• Nutrition analysis results: calories, macros (protein, carbs, fat), micronutrients
• NutriScore ratings and meal classifications
• Food categorization: cooking methods, food types, oil levels
• Meal timing: breakfast, lunch, dinner, snacks
• Portion size adjustments and meal modifications
• Diet plan data and personalized recommendations
• Meal timeline history and repeat meal patterns

Voice & AI Assistant (Optional) - Special Category Biometric Data

• Voice recordings for Monika assistant interactions (classified as biometric identifiers under GDPR Article 9)
• Transcribed text from voice inputs
• Voice pattern analysis for personalized AI responses
• Questions asked through NutriBites feature
• AI-generated responses and recommendations
• Processing requires explicit consent as special category biometric data

Location Data (Optional)

• City-level location for map insights and regional food customization
• Precise location for India mobile sign-in requirement only
• Regional preferences for diet plan localization

Device & App Usage

• Device information: model, operating system, app version
• Language preferences and app settings
• Usage analytics: feature interactions, scan frequency, session duration
• Crash reports and error logs
• Push notification tokens and preferences
• iOS Motion & Activity Data (special category biometric data under GDPR Article 9 - requires explicit consent for personalization features)

Community & Social Features - Public Data Sharing

• Community Rankings: Calculated using formula (Total Meals × Avg NutriScore) + Consistency Bonus - displayed publicly in top 50 rankings
• Shared meal photos and posts (public by choice - visible to all app users globally)
• Referral program participation and rewards (successful referrals tracked and rewarded)
• Public meal timeline galleries (if enabled - creates shareable URL accessible by anyone with the link)
• Profile data in rankings: Display name and ranking position visible to community
• ⚠️ Important: Any data you choose to share publicly cannot be fully anonymized and may be visible indefinitely

Subscription & Payment Data

• Subscription plan type (Track Plan, Premium Plan)
• Payment status and billing cycle
• Purchase receipts processed via RevenueCat
• Trial usage and upgrade patterns
• Refund and cancellation requests

Website Analytics (Documentation Site Only)

• Consent-based Google Analytics with anonymized IP
• Page views, session duration, and navigation patterns
• Cookie preferences and consent status

App Permissions

• Required: Camera (scan meals), Photos (select images).
• Optional: Microphone (voice - biometric data), Location (insights, India OTP sign‑in), Notifications (reminders), Motion/Activity on iOS (biometric data for personalization).

Apple Privacy Manifest Compliance (2025)

• Privacy Manifest File: Includes complete data collection and usage disclosure as required by Apple
• Required Reason APIs: All API usage documented with specific business justifications
• Third-Party SDK Compliance: All embedded SDKs provide their own privacy manifests
• App Store Compliance: Aligned with Apple's enhanced privacy requirements (12% of apps rejected in Q1 2025 for privacy violations)

Manage Permissions

• Android: Settings → Apps → NutriScan → Permissions
• iOS: Settings → NutriScan → Permissions Important: Denying biometric data permissions (voice, motion) may limit personalization features but preserves core functionality.

Why We Use Your Data

Essential App Functions

• Meal Analysis: Process photos to identify food items and calculate nutrition values
• Diet Planning: Create personalized 28-day diet plans based on your goals and preferences
• Nutrition Tracking: Maintain your meal timeline and track daily macro/micro nutrients
• AI Assistant: Power Monika voice assistant and NutriBites Q&A features
• Account Management: Authenticate users and maintain secure access

Personalization & Recommendations

• Custom Diet Plans: Tailor meal recommendations to your health goals (weight loss, muscle gain, diabetes, PCOS, pregnancy)
• Regional Customization: Adapt suggestions to local food preferences and availability
• Meal Insights: Analyze eating patterns to identify what affects your energy and health
• Portion Recommendations: Suggest appropriate serving sizes based on your profile

Subscription & Payment Processing

• Plan Management: Validate subscriptions for Track and Premium plan features
• Trial Offers: Determine eligibility for free trials and promotional offers
• Payment Processing: Handle billing through App Store, Play Store, and RevenueCat
• Referral Rewards: Process refer-and-earn benefits and track successful referrals

Community & Social Features

• Ranking System: Calculate community rankings based on meal count and NutriScore
• Meal Sharing: Enable public meal timeline galleries when you choose to share
• Progress Motivation: Support community engagement and healthy competition

Product Improvement & Safety

• Feature Development: Analyze usage patterns to improve app functionality
• Quality Assurance: Monitor AI responses and meal recognition accuracy
• Security: Prevent abuse, spam, and unauthorized access
• Technical Support: Diagnose issues and provide customer assistance

Legal & Compliance

• Regulatory Requirements: Maintain records as required by tax and consumer protection laws
• Terms Enforcement: Ensure compliance with terms of service
• Safety Measures: Protect users from harmful or inappropriate content

Legal Bases (EEA/UK)

For Regular Personal Data

• Contract: Core app functionality (account management, meal scanning, subscription services)
• Legitimate Interests: Product improvement, security, fraud prevention, customer support
• Legal Obligation: Tax/transaction records, respond to lawful requests
• Consent: Optional features (analytics cookies on website)

For Special Category Data (Health Information)

Under GDPR Article 9, we process health-related data (weight, medical conditions, diet goals) only with your explicit consent for the following purposes:

• Health Goal Personalization: Tailoring diet plans for diabetes, PCOS, pregnancy, weight management
• Nutrition Analysis: Providing health-specific meal recommendations and insights
• Progress Tracking: Monitoring health metrics and dietary patterns

You can withdraw consent for health data processing at any time via Profile → Privacy Settings. This may limit personalized health features but won't affect basic meal scanning functionality.

For Voice/Location Data & Biometric Processing

• Explicit Consent (GDPR Article 9): Voice recordings as biometric identifiers (Monika assistant), iOS Motion/Activity data as biometric data
• Consent: Precise location (India sign-in requirement only)
• Legitimate Interests: City-level location for regional food customization
• ⚠️ Biometric Data Notice: Voice patterns and iOS motion data are classified as special category biometric data under GDPR requiring separate explicit consent

Do We Share Data?

We do not sell personal data. We share limited data with service providers who process it on our behalf under strict agreements:

• Supabase: Database, auth, storage (cloud hosting of app data).
• Firebase (where used): Auth, crash logs, push; restricted to service needs.
• RevenueCat: Subscription management; validates App Store/Play Store receipts.
• Apple App Store / Google Play: Payments, subscriptions, fraud prevention.
• Authkey.io: OTP delivery for India mobile sign‑in.
• Appsflyer: Referral deep links and attribution (refer & earn).
• Analytics: PostHog (in‑app product analytics, if enabled); Google Analytics on docs site only (consent‑based, anonymized IP).
• AI Model Providers: Selected LLM services (e.g., Google Gemini or Azure OpenAI) to analyze content and generate responses. We minimize personal data sent and do not allow training on your personal data.
• Netlify hosting & CDNs: Serve this website and static assets.

We may also disclose data to comply with law, enforce terms, or protect users’ safety.

Note: Anything you choose to share publicly (e.g., in community features) may be visible to other users by design.

International Transfers & Cross-Border Data Processing

Legal Framework for Data Transfers

Our vendors process data across multiple regions including EU, US, India, and other territories. We ensure adequate protection through:

Adequacy Decisions: Where European Commission or other authorities have determined adequate protection levels Standard Contractual Clauses (SCCs): Latest 2021 SCCs with required supplementary measures Transfer Impact Assessments (TIAs): Mandatory assessments to evaluate if destination country laws could prevent SCC compliance Supplementary Measures: End-to-end encryption and additional technical safeguards when required

Specific Transfer Safeguards for Health Data

Enhanced Protection: Health data (GDPR Article 9) receives additional transfer protections including:

• Pre-transfer risk assessments for each destination country
• Encryption in transit and at rest for all health-related personal data
• Contractual prohibitions on government access to health information
• Regular monitoring of political and legal developments in destination countries
• Immediate suspension mechanisms if adequate protection can no longer be guaranteed

Geographic Processing Transparency

AI Processing Regions: Google Gemini (US, EU), Azure OpenAI (US, EU) with data processing agreements Database Hosting: Supabase (multiple regions with data residency controls) Analytics Processing: PostHog (EU), Google Analytics (US with IP anonymization) India-Specific: Local data storage options available for Indian users upon request

Ongoing Monitoring & Compliance

We continuously monitor legal developments affecting international transfers and will notify users of any material changes to data processing locations or protection measures.

Data Retention & Technical Implementation

Specific Retention Periods

• Account & Profile Data: Retained while account is active + 30 days after deletion request for recovery
• Meal Photos: Stored until user deletion or account closure + 90 days in secure backups
• Nutrition History: Retained for timeline functionality until user deletion or 7 years (whichever is sooner)
• Voice Recordings: Audio files deleted within 24 hours after transcription; transcripts retained for conversation context (up to 30 days)
• Location Data: Precise location deleted immediately after use; city-level data retained for regional customization
• Usage Analytics: Raw data 90 days, aggregated insights up to 2 years
• Payment Records: 7 years for tax/legal compliance in applicable jurisdictions
• AI Training Data: We do not retain user data for AI model training purposes

Data Portability Technical Specifications

When you request data portability, you will receive:

• Format: JSON format with CSV option for tabular data
• Content: Complete meal history, nutrition data, profile information, diet plans
• Delivery: Secure download link valid for 7 days, with email notification
• Processing Time: Up to 30 days for complex accounts with extensive history
• File Security: Password-protected archive with separate delivery of password

Consent Management System

• Granular Controls: Separate consent toggles for health data, voice, location, marketing
• Withdrawal Process: Immediate effect through Profile → Privacy Settings or email request
• Consent Records: Timestamped logs of consent changes maintained for 3 years
• Re-consent: Automatic prompts when privacy policy changes materially affect data processing
• Children's Consent: Enhanced verification for users under 18 in applicable jurisdictions

Security & Data Protection Measures

Comprehensive Security Framework

Encryption Standards:

• In Transit: TLS 1.3 for all data communications
• At Rest: AES-256 encryption for databases and file storage
• End-to-End: Health data encrypted before AI processing
• Key Management: Hardware security modules (HSMs) and regular key rotation

Access Control & Monitoring:

• Zero-Trust Architecture: Least-privilege access with continuous verification
• Multi-Factor Authentication: Required for all administrative access
• Audit Logging: Comprehensive logs of all data access and processing activities
• Role-Based Controls: Granular permissions based on job function and data sensitivity
• Real-Time Monitoring: 24/7 security monitoring with automated threat detection

Health Data Specific Protections

Enhanced Safeguards for GDPR Article 9 Data:

• Data Minimization: Only process health data necessary for specified purposes
• Purpose Limitation: Strict controls preventing health data use beyond stated purposes
• Pseudonymization: Health records processed with cryptographic pseudonyms where possible
• Breach Detection: Specialized monitoring for unauthorized health data access
• Incident Response: Dedicated procedures for health data breaches with 72-hour notification capability

Compliance & Vulnerability Management

Regular Security Assessments:

• Penetration Testing: Quarterly third-party security assessments
• Vulnerability Scanning: Automated daily scans with immediate patching protocols
• Dependency Management: Automated monitoring and patching of software dependencies
• Security Training: Regular staff training on health data protection requirements

Data Protection Impact Assessment (DPIA):

• Mandatory DPIA Conducted: As required under GDPR Article 35 for high-risk processing of health data with AI at scale
• DPIA Scope: Health data processing, AI nutrition analysis, voice biometric processing, and community features
• Risk Mitigation: Continuous monitoring and assessment of processing activities that may pose high risk to individual rights
• DPIA Updates: Regular review and updates when processing activities change significantly

Data Breach Notification Procedures

Immediate Response Protocol:

• Detection: Automated alerts for suspicious data access patterns
• Assessment: Rapid evaluation of breach scope and risk to individuals
• Notification Timeline: Users notified within 72 hours for high-risk breaches affecting health data
• Regulatory Reporting: Automatic compliance with all applicable breach notification requirements
• Remediation: Immediate containment and corrective measures

No system is 100% secure, but we implement industry-leading protections specifically designed for health data compliance.

Cookies & Tracking (Website)

• Strictly Necessary: Site functionality and load performance.
• Analytics (Opt‑In): Google Analytics with Consent Mode and anonymized IP. Disabled unless you allow in the cookie banner.
• No targeted ads or third‑party marketing cookies on docs. You can change your choice anytime via the cookie banner link.

Your Rights & Choices

• Access & Portability: Request a copy of your data.
• Correction: Update profile details, preferences, and goals.
• Deletion: Delete meals or delete your full account. Backups delete on rotation.
• Consent Controls: Revoke optional permissions (voice, location); opt out of promotional emails.
• Objection/Restriction (EEA/UK): Object to certain processing or request restriction.

California (CCPA/CPRA) - Enhanced Rights for Sensitive Personal Information

• Right to Know: Request details about personal information collection, use, and sharing
• Right to Delete: Request deletion of personal information (subject to legal exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of sale or sharing of personal information (we do not sell/share)
• Right to Limit Use of Sensitive Personal Information: Request limitation of use and disclosure of sensitive personal information including:
  • Health information (weight, medical conditions, diet goals)
  • Biometric identifiers (voice recordings)
  • Precise geolocation data
  • Personal information revealing racial/ethnic origin through food preferences
• Non-Discrimination: We will not discriminate against you for exercising these rights

Brazil (LGPD) - Lei Geral de Proteção de Dados

• Access (Acesso): Confirm processing and request access to your personal data
• Correction (Correção): Correct incomplete, inaccurate, or outdated data
• Anonymization/Blocking/Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data
• Data Portability: Receive your data in a structured format for transfer to another service
• Information: Receive information about public and private entities with whom we share your data
• Consent Withdrawal: Withdraw consent where processing is based on consent
• Review: Request review of automated decisions that affect your interests

India (DPDP Act 2023) - Enhanced Rights for Sensitive Personal Data

• Access & Correction: Request details of personal data processing and correction of inaccuracies
• Erasure: Delete personal data when no longer necessary or upon consent withdrawal
• Consent Withdrawal: Withdraw consent for sensitive personal data processing (health information, voice, location)
• Data Portability: Receive your data in a structured, machine-readable format
• Grievance Redressal: Dedicated grievance mechanism for privacy concerns (contact: support@nutriscan.app with subject "DPDP Grievance")
• Breach Notification: Right to be informed of data breaches that may cause harm

Important for Indian Users: Health data, voice recordings, and biometric information are classified as "sensitive personal data" under DPDP Act. We will seek separate explicit consent before processing such data and provide granular control over its use.

DPDP Act Implementation Update (2025): The Digital Personal Data Protection Rules 2025 (draft released January 2025) introduce enhanced security requirements including mandatory encryption, access controls, and data backup procedures. We are implementing these measures in advance of enforcement to ensure full compliance upon rules finalization.

Request via support@nutriscan.app or in‑app (Profile → Contact Us). We may need to verify your identity.

Children's Privacy & Age Requirements

Minimum Age by Jurisdiction

• India: 18 years (as per DPDP Act 2023)
• European Economic Area (EEA): 16 years (or lower if set by member state, minimum 13)
• United States: 13 years (COPPA requirement)
• Other regions: 13 years or the digital age of consent in your jurisdiction, whichever is higher

Parental Responsibility

• We do not knowingly collect data from users below the minimum age
• If you are below the age of majority in your jurisdiction but meet the minimum age, you must have parental/guardian consent
• Parents can contact us to request deletion of their child's data
• We may request age verification during registration in jurisdictions where required

Special Protections for Minors

• Enhanced privacy protections for users under 18
• Limited data sharing with third parties
• Simplified privacy controls and clear consent mechanisms

AI‑Specific Disclosures

AI Processing & Data Sharing

• Purpose: Analyze meal images, interpret nutrition questions, generate dietary insights through Monika assistant and NutriBites features
• Data Sent to AI Providers: Meal photos, food descriptions, nutrition questions, basic demographic info (age, gender) for context
• AI Providers: Google Gemini (primary), Azure OpenAI (secondary), with data processing agreements in place
• Geographic Processing: AI processing may occur in multiple regions (US, EU) with appropriate safeguards
• Model Training: We contractually prohibit AI providers from training on your personal data

Health & Medical Limitations

⚠️ CRITICAL HEALTH DISCLAIMER - READ BEFORE USING:

NOT A MEDICAL DEVICE OR SERVICE

• FDA Classification: NutriScan is NOT a medical device under FDA regulations and has not been evaluated by FDA, Health Canada, EMA, or other medical device authorities
• No Medical Claims: We make NO therapeutic, diagnostic, treatment, or preventive claims about any health condition or disease
• Wellness Product Only: NutriScan is classified as a general wellness product providing educational nutrition information only

NUTRITION ACCURACY & AI LIMITATIONS

• Estimation Only: All nutrition calculations are rough estimates that may contain errors of 20-50% or higher
• AI Limitations: Computer vision may misidentify foods, especially mixed dishes, regional cuisines, or processed foods
• No Clinical Validation: Our AI nutrition analysis has NOT been clinically validated or tested for medical accuracy
• Brand/Recipe Variations: Actual nutrition values may vary significantly due to preparation methods, ingredients, portions, and brands

COMPREHENSIVE HEALTH GOAL-SPECIFIC LIABILITY DISCLAIMERS

🚨 DIABETES MANAGEMENT LIABILITY PROTECTION:

• NEVER use carbohydrate estimates for insulin dosing decisions - errors could cause life-threatening hypoglycemia or hyperglycemia
• Blood glucose monitoring cannot be replaced by nutrition estimates - continue prescribed testing regimens
• Medication interactions: Dietary changes may affect diabetes medications, insulin sensitivity, and blood sugar control
• Emergency situations: App cannot detect diabetic emergencies (DKA, severe hypoglycemia) - seek immediate medical care
• Medical supervision mandatory: All dietary changes require endocrinologist or certified diabetes educator approval
• Carbohydrate counting accuracy: 20-50% error margins make estimates unsuitable for medical diabetes management

🚨 PREGNANCY NUTRITION LIABILITY PROTECTION:

• Prenatal care cannot be replaced - nutrition estimates do not substitute for obstetric care or prenatal vitamins
• Fetal development risks: Inadequate nutrition during pregnancy may harm fetal development - professional guidance essential
• Gestational diabetes risk: Pregnancy changes insulin sensitivity - dietary recommendations may be inappropriate
• Food safety warnings: App cannot detect pregnancy-unsafe foods (raw fish, unpasteurized cheese, high mercury fish)
• Weight gain guidance: Pregnancy weight gain requires medical supervision based on pre-pregnancy BMI and health status
• Nutritional deficiency prevention: Pregnancy requires specific nutrients (folic acid, iron, calcium) that estimates cannot guarantee

🚨 PCOS MANAGEMENT LIABILITY PROTECTION:

• Hormonal impacts: Dietary changes may affect hormone levels, insulin resistance, and reproductive health unpredictably
• Fertility considerations: PCOS nutrition management may impact ovulation and fertility - reproductive endocrinologist supervision required
• Insulin resistance complexity: PCOS-related insulin resistance requires medical monitoring beyond app capabilities
• Weight management risks: Rapid weight changes may worsen PCOS symptoms - gradual, medically supervised approaches required
• Supplement interactions: PCOS often involves supplements (inositol, metformin) that may interact with dietary changes

🚨 WEIGHT LOSS LIABILITY PROTECTION:

• Eating disorder triggers: Calorie tracking and weight focus may trigger or worsen eating disorders (anorexia, bulimia, binge eating)
• Metabolic damage prevention: Extreme calorie restriction may cause metabolic slowdown, nutrient deficiencies, and health complications
• Sustainable vs rapid loss: App cannot prevent users from pursuing unhealthy rapid weight loss methods
• Body dysmorphia risks: Weight/appearance tracking may worsen body image issues and psychological health
• Medical supervision for significant loss: Weight loss >10% body weight requires medical monitoring for nutritional adequacy
• Plateau and rebound effects: Weight loss plateaus and regain are normal but may cause psychological distress without proper education

🚨 MUSCLE BUILDING LIABILITY PROTECTION:

• Supplement interaction warnings: Protein supplements, creatine, and other muscle-building supplements may interact with medications
• Exercise coordination required: Muscle building requires coordinated exercise programming beyond app scope - personal trainer recommended
• Protein overconsumption risks: Excessive protein intake may stress kidneys, especially in individuals with existing kidney conditions
• Performance enhancement limits: App does not support or recommend performance-enhancing substances or extreme bulking methods
• Age-related considerations: Muscle building approaches differ significantly by age, gender, and baseline health status
• Hormonal factors: Testosterone, growth hormone, and other factors affecting muscle building require medical assessment

🚨 VIRAL/FLU RECOVERY LIABILITY PROTECTION:

• Medical treatment cannot be replaced: Nutrition support during illness does not replace antiviral medications, antibiotics, or medical treatment
• Immune system claims prohibited: App makes no claims about immune system enhancement or disease prevention capabilities
• Symptom monitoring essential: Worsening symptoms during illness require medical evaluation - app cannot detect serious complications
• Hydration and electrolyte balance: Illness affects hydration needs beyond app tracking capabilities - medical guidance essential for severe illness
• Recovery timeline variability: Individual recovery varies significantly - nutrition alone cannot guarantee recovery speed or completeness
• Long COVID considerations: Post-viral conditions may require specialized medical nutrition therapy beyond app capabilities

CRITICAL MEDICAL CONDITIONS WARNINGS

• FOOD ALLERGIES: Cannot detect allergens in food images. Always verify ingredients independently
• EATING DISORDERS: Not suitable for individuals with diagnosed eating disorders without medical supervision
• CHRONIC CONDITIONS: Users with kidney disease, heart conditions, liver disease, or other chronic illnesses must consult healthcare providers

EMERGENCY & LIABILITY

• Medical Emergencies: NEVER use for medical emergencies. Contact emergency services (911/999/112) immediately
• No Professional Substitution: Cannot replace dietitians, nutritionists, doctors, or other healthcare professionals
• User Responsibility: You assume full responsibility for any health decisions made using our app
• Consult Professionals: Always verify nutrition information and consult qualified healthcare providers before making medical decisions

INSURANCE & COVERAGE DISCLAIMER

• No Health Insurance Coverage: NutriScan is not a covered health benefit and cannot be used for insurance claims
• Not FSA/HSA Eligible: Our services do not qualify for flexible spending account or health savings account reimbursement
• No Clinical Documentation: We do not provide medical records or clinical documentation for healthcare purposes

AI Quality & Oversight

• Human Monitoring: Regular review of AI outputs for accuracy and safety
• Error Reporting: Users can report incorrect AI responses for improvement
• Content Filtering: Automated systems to prevent harmful or inappropriate AI responses
• Continuous Improvement: Regular updates to AI models and safety measures

Comprehensive Liability Protection & Legal Disclaimers

Product Liability & Defect Disclaimers

CRITICAL LEGAL PROTECTIONS - ENFORCEABLE DISCLAIMERS:

Software & AI System Disclaimers

• No Warranty of Accuracy: NutriScan software, AI models, and nutrition databases are provided "AS IS" without any warranty of accuracy, completeness, or fitness for any purpose
• Known Defects: Users acknowledge that nutrition analysis software inherently contains defects, inaccuracies, and limitations
• No Perfect Recognition: Image recognition technology cannot perfectly identify foods, portions, or preparation methods
• Database Limitations: Nutrition databases may contain outdated, incomplete, or incorrect information

Medical Liability & Negligence Protection

• Assumption of Risk: By using NutriScan, users expressly assume all risks associated with relying on nutrition estimates for health decisions
• No Duty of Care: NutriScan has no duty to provide medically accurate nutrition information or health advice
• No Professional Relationship: No doctor-patient, nutritionist-client, or healthcare provider relationship is created through app use
• Contributory Negligence: Any harm resulting from app use is the result of user's own negligence in relying on estimates rather than professional advice

Consumer Protection & Misrepresentation Defenses

• Clear Disclaimers: All marketing materials and app interfaces contain prominent disclaimers about estimation accuracy
• Informed Consent: Users provide explicit consent acknowledging nutrition estimates are not medically reliable
• No Reliance Intended: NutriScan is not intended for users to rely upon for medical, health, or safety decisions
• Educational Purpose Only: All features are designed for educational and informational purposes, not medical guidance

Specific Condition-Based Liability Protections

• Diabetes Liability Shield: Users with diabetes explicitly acknowledge carbohydrate estimates are not suitable for insulin dosing
• Allergy Liability Shield: Users with food allergies acknowledge app cannot detect allergens and must verify safety independently
• Pregnancy Liability Shield: Pregnant users acknowledge app recommendations are not prenatal nutrition advice
• Eating Disorder Shield: Users with eating disorders acknowledge app may not be suitable and require professional supervision

Regulatory Compliance & Government Authority Disclaimers

FDA & Medical Device Regulatory Status

• Non-Device Classification: NutriScan has self-determined it does not meet FDA medical device criteria and operates as general wellness product
• No FDA Approval: App has not received FDA clearance, approval, or authorization for medical use
• Regulatory Changes: If regulatory status changes, users will be notified and may need to discontinue use
• Compliance Monitoring: We monitor regulatory developments but cannot guarantee continued compliance with all evolving regulations

Professional Licensing & Scope Disclaimers

• No Licensed Practitioners: NutriScan employees are not licensed healthcare professionals providing services through the app
• No Medical Practice: App operation does not constitute practice of medicine, dietetics, or nutrition counseling
• State Licensing: App may not comply with state-specific licensing requirements for nutrition professionals
• Scope Limitations: Any health-related information provided exceeds neither general wellness scope nor educational content

Force Majeure & External Factors

• AI Provider Dependencies: Nutrition analysis depends on third-party AI services beyond our control
• Data Source Limitations: Accuracy depends on external nutrition databases that may contain errors
• Technology Limitations: Current technology cannot provide clinically accurate nutrition analysis from images
• Scientific Uncertainty: Nutrition science itself contains uncertainties and ongoing research developments

MAXIMUM LEGAL PROTECTION: These disclaimers are designed to provide maximum legal protection under applicable law while maintaining transparency about app limitations.

US/Global-Specific Compliance - Protection Against Claims

US Federal Regulatory Compliance

• FTC Act Compliance: NutriScan makes NO unsubstantiated health claims - all nutrition analysis clearly disclosed as estimates for educational purposes only
• FDA 21 CFR Part 820 Exemption: NutriScan operates as general wellness product exempt from medical device regulations - NOT intended for disease diagnosis, treatment, or prevention
• COPPA Compliance: Enhanced privacy protections for users under 13 with parental consent requirements and limited data collection
• Section 230 Communications Decency Act: User-generated content moderation with clear community guidelines and reporting mechanisms

US State-Specific Consumer Protection

• California CCPA/CPRA Enhanced Rights: Granular privacy controls for sensitive personal information including biometric data (voice), health information, and precise geolocation
• New York State Health Data Protection: Additional safeguards for health information processing with enhanced consent mechanisms
• Illinois BIPA Compliance: Biometric data (voice patterns, iOS motion data) processed with explicit informed consent and secure storage protocols
• Texas Medical AI Restrictions: Content filtering to prevent self-harm responses and enhanced disclosure requirements for AI-generated health content

US Healthcare & Nutrition Specific Warnings

• No HIPAA Covered Entity: NutriScan is NOT a healthcare provider, health plan, or healthcare clearinghouse - does not create protected health information
• FDA Nutrition Labeling Disclaimer: Nutrition estimates do NOT meet FDA nutrition labeling accuracy standards - verify with official product labels
• Dietary Guidelines Disclaimer: Recommendations may not align with USDA Dietary Guidelines for Americans - consult registered dietitians for personalized advice
• Medical Emergency Disclaimer: App cannot detect medical emergencies or life-threatening situations - call 911 immediately for emergencies

Global/International Compliance Framework

• GDPR Article 9 Special Category Data: Enhanced protections for health data processing across all global users with explicit consent requirements
• ISO 27001 Security Standards: Implementation of international security best practices for health data protection
• Cross-Border Transfer Compliance: Standard Contractual Clauses 2021 with Transfer Impact Assessments for adequate protection globally
• Multi-Jurisdictional Age Requirements: Compliance with digital age of consent across 50+ countries with parental controls where required

US Litigation & Product Liability Protection

• Class Action Waiver: Individual arbitration required for disputes under $25,000 with class action prohibition where legally permitted
• Product Liability Insurance: Comprehensive general liability and professional liability insurance maintained for nutrition app operations
• Expert Witness Standards: All nutrition claims based on recognized nutritional databases and peer-reviewed dietary research methodologies
• Statute of Limitations: Claims must be brought within one year of discovering the alleged harm or injury

International Food Safety & Allergen Disclaimers

• Global Allergen Recognition Limitations: Cannot detect allergens in foods across different international labeling standards (US, EU, CODEX, etc.)
• Regional Cuisine Recognition: AI trained primarily on Western/US foods - accuracy may be significantly reduced for regional international cuisines
• Food Safety Authority Disclaimers: NOT approved by FDA, EFSA, Health Canada, FSSAI, or other national food safety authorities for medical nutrition therapy
• International Nutrition Database Limitations: Nutritional data may not reflect local/regional food composition variations or preparation methods

Changes To This Policy

We may update this policy as features or laws change. We will post the updated version here and, when material, notify you in‑app or by email.

Language: This policy is provided in English. Where translations exist, the English version governs in case of conflict.

Multi-Language Policy Access

Legal Framework Consistency

All language versions contain equivalent legal protections and comply with local regulations:

• 🇺🇸 Global Version: Universal protections under international law
• 🇮🇳 India: DPDP Act 2023 compliance with enhanced biometric data protections
• 🇪🇸 Spain: GDPR + LOPDGDD compliance with AEPD requirements
• 🇫🇷 France: GDPR + CNIL compliance with enhanced consent mechanisms
• 🇩🇪 Germany: GDPR + BDSG compliance with DSFA requirements

Note: In case of conflicts between language versions, the English version prevails, except where mandatory local consumer protection laws apply.

Contact

• Email: support@nutriscan.app
• In‑App: Profile → Contact Us
• URL: https://nutriscan.app/privacy-policy

We reply as quickly as possible (usually within 24–72 hours). For urgent requests, use the subject “Privacy Request”.