NutraForge

Privacy Policy

Effective Date: February 18, 2025 · Last Updated: March 26, 2026

NutraForge Technologies Inc. (“NutraForge,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use the NutraForge Consumer App and NutraForge Pro Practitioner Platform.

1. Information We Collect

1.1 Identifiers and Account Information

  • Name, email address, phone number, postal address
  • Account credentials and authentication tokens
  • IP address and device identifiers

1.2 Health and Nutrition Data

  • Dietary preferences, food allergies, and dietary restrictions
  • Meal logs (including text, photo, and barcode submissions)
  • Hydration logs
  • Fitness goals, biometric data, and body composition metrics
  • AI-generated nutrition insights and analysis
  • Macro and micronutrient targets (set by user or practitioner)

1.3 Practitioner and Organization Data (NutraForge Pro)

  • Organization name, business type, and structure
  • Practitioner professional credentials
  • Client roster and assignment records
  • Practitioner-set macro targets and notes for clients
  • AI analysis requests and chat history related to client nutrition

1.4 Commercial and Transactional Data

  • Purchase and subscription history
  • Billing records and payment method details (processed by Stripe, Apple, or Google)

1.5 Usage and Technical Data

  • Device type, browser, operating system
  • Session activity, feature usage patterns
  • Cookies and similar tracking technologies

2. How We Use Your Information

  • To provide, maintain, and improve our services
  • To personalize your nutrition tracking experience and generate AI-powered insights
  • To enable practitioners to manage client nutrition data and provide analysis through NutraForge Pro
  • To process payments and manage subscriptions
  • To communicate with you about your account, updates, and support
  • To analyze usage patterns and improve product features (using anonymized and aggregated data)
  • To comply with legal obligations

3. Legal Basis for Processing

  • Consent — When you create an account, submit health data, or opt into communications
  • Contractual Necessity — To fulfill our obligations under your subscription
  • Legal Obligations — To comply with applicable laws and regulations
  • Legitimate Interests — To improve our services, prevent fraud, and ensure security

4. Practitioner-Client Data Relationship

When a practitioner uses NutraForge Pro, they may access their clients' nutrition data including meal logs, hydration data, macro compliance, and AI-generated insights. NutraForge acts as a data processor on behalf of the practitioner (the data controller) for client data managed through the Pro platform. Practitioners are responsible for:

  • Obtaining appropriate consent from their clients for data collection and analysis
  • Complying with applicable privacy and health information legislation in their jurisdiction
  • Ensuring their use of client data is consistent with their professional obligations

5. Data Sharing with Third Parties

We share data only with the following categories of service providers:

  • Stripe — Payment processing (billing and subscription data)
  • Apple App Store / Google Play — App distribution and in-app purchase processing
  • Google Cloud — Data storage and infrastructure (encrypted at rest)
  • PostHog — Product analytics (pseudonymized and aggregated data only)
  • Auth0 — Authentication and identity management
  • Legal and regulatory authorities — When required by law, subpoena, or court order

We do not sell your personal information. We do not share your health or nutrition data with advertisers.

6. Data Security

  • Encryption at Rest — AES-256 encryption for stored data
  • Encryption in Transit — TLS 1.2+ for all data transmission
  • Access Controls — Role-based access controls and multi-factor authentication
  • Security Reviews — Regular security reviews and vulnerability testing
  • Practitioner Isolation — NutraForge Pro practitioners can only access data for their own assigned clients

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Upon account deletion, we will delete your personal data within 30 days, subject to our Data Deletion Policy. Anonymized and aggregated data may be retained indefinitely for research and product improvement purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of your personal data
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data (see our Data Deletion Policy)
  • Withdrawal of Consent — Withdraw consent for data processing at any time
  • Data Portability — Request your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests

To exercise any of these rights, email support@nutraforge.ca. We will respond within 30 days.

9. Children's Privacy

NutraForge is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will promptly delete it.

10. International Data Transfers

Your data may be processed and stored on servers located in Canada and the United States (via Google Cloud). Where data is transferred outside of Canada, we ensure appropriate safeguards are in place in accordance with PIPEDA and applicable laws.

11. Compliance

NutraForge is designed to comply with the following privacy frameworks:

  • PIPEDA — Personal Information Protection and Electronic Documents Act (Canada)
  • CCPA — California Consumer Privacy Act
  • GDPR — General Data Protection Regulation (where applicable)
  • Apple App Store Guidelines
  • Google Play Developer Policies

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last Updated” date. Your continued use of our services constitutes acceptance of the revised policy.

13. Contact

If you have questions or concerns about this Privacy Policy, contact us:

  • Email: support@nutraforge.ca
  • Address: NutraForge Technologies Inc., 100 Signal Hill Rd, St. John's, NL, Canada A1A 1B1