Nutix
Nutix

Privacy Policy

Last updated: March 10, 2026 | Effective: March 10, 2026

At Nutix, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered calorie tracking application. Please read this policy carefully to understand our practices regarding your personal data.

Data Controller

The data controller responsible for your personal data is:

Hakim Mohamed
Email: kemstroarab@gmail.com

Information We Collect

We collect information that you provide directly to us when using the Nutix app:

  • Account Information: Your name and email address when you create an account
  • Authentication Data: Information received from Apple or Google when you use Sign in with Apple or Sign in with Google
  • Device Information: Device tokens for sending push notifications
  • Health and Fitness Data: Nutrition information, meal logs, weight measurements, fasting records, and data synced from Apple HealthKit
  • Photo Data: Food photos you take for AI nutritional analysis
  • Voice Data: Voice recordings when you use voice input for AI-powered meal logging
  • Usage Data: Information about how you interact with the app, including app preferences and settings

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Create and manage your account
  • Analyze food photos, voice recordings, and text descriptions using AI to estimate nutritional content
  • Sync health data with Apple HealthKit at your request
  • Send you push notifications about meal reminders, fasting timers, and other app-related updates
  • Analyze usage patterns to enhance the user experience
  • Diagnose technical issues and improve app stability
  • Respond to your inquiries and support requests

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with the Nutix service, including account creation, meal tracking, and AI nutritional analysis
  • Consent: For processing health data from HealthKit and sending marketing communications. You can withdraw consent at any time
  • Legitimate Interests: For improving our services, ensuring security, and analyzing app usage to enhance user experience
  • Legal Obligations: When we need to comply with applicable laws and regulations

Health and Fitness Data

Nutix collects sensitive health and fitness information to provide our core service. This includes:

  • Nutritional intake and calorie consumption
  • Weight and body measurements
  • Fasting schedules and duration
  • Data from Apple HealthKit (with your explicit permission)

Important: We treat health data with the highest level of protection. Your health data is:

  • Encrypted in transit and at rest
  • Never sold to third parties
  • Never used for advertising purposes
  • Never used to train AI models - your personal data remains private and is only used to provide services to you

Photo, Voice & Text Data and AI Processing

When you use AI-powered features to log food (via photos, voice recordings, or text descriptions):

  • Your data is sent to our servers, which forward it to a third-party AI service (OpenAI) for nutritional analysis
  • Photos are stored securely on our servers
  • Voice recordings are processed in real-time and are not permanently stored by Nutix or OpenAI
  • Your data is NOT used to train any AI models
  • You can delete your photos at any time through the app

Third-Party AI Data Sharing

To provide AI-powered nutritional analysis, Nutix sends certain data to OpenAI, a third-party AI service provider. This section explains what data is shared, how it is collected, and how it is used.

What Data Is Shared

The following data may be sent to OpenAI for processing:

  • Food Photos: Images of meals you capture within the app for nutritional analysis
  • Voice Recordings: Audio recordings when you use voice input to log meals (e.g., saying "I had a salad for lunch")
  • Food Descriptions: Text descriptions of food items you enter when logging meals
  • Meal Context: Related meal information such as meal type or portion details that help improve the accuracy of the nutritional analysis

How Data Is Collected

This data is collected when you log a meal using the Nutix app — by taking a photo, recording your voice, or entering a text description. The data is sent to OpenAI only when you actively use the AI-powered meal logging feature. Before any data is sent, you are asked for explicit consent through an in-app prompt.

Purpose of Data Sharing

Your data is sent to OpenAI solely for the purpose of AI-powered nutritional analysis — to identify food items in your photos or descriptions and estimate their nutritional content (calories, macronutrients, etc.). This data is not used for any other purpose.

Data Protection by OpenAI

OpenAI processes your data as a third-party service provider under our instructions. OpenAI provides adequate data protection measures, including:

  • Data sent via the OpenAI API is not used to train OpenAI's models
  • Data is encrypted in transit and handled in accordance with OpenAI's enterprise-grade security practices
  • OpenAI retains API data for a limited period for abuse and misuse monitoring, after which it is deleted
  • For more information, see OpenAI's Privacy Policy and API Terms of Use

Fair Usage Policy – AI Features

Nutix provides AI-powered features to enhance your nutrition tracking experience. To ensure fair access for all users, the following usage limits apply:

  • AI Usage Limit: Each user is allowed up to 500 AI requests per day across all AI features combined (including meal photo analysis, nutritional estimates, and any other AI-powered functionality)
  • Custom Foods: Each user can create up to 500 custom foods
  • Meal Logging: Free users can log up to 3 meals per day, while Premium users can log up to 10 meals per day
  • Limit Reset: The daily AI request count resets every 24 hours

These limits are in place to maintain service quality and prevent abuse. If you consistently reach the daily limit, please contact us to discuss your needs.

Apple HealthKit Integration

If you choose to connect Nutix with Apple HealthKit:

  • We only access HealthKit data with your explicit permission
  • HealthKit data is used solely to provide and improve your nutrition tracking experience
  • We do not share HealthKit data with third parties for advertising or marketing
  • HealthKit data is not sold to data brokers or information resellers
  • You can revoke HealthKit access at any time in your device settings

Third-Party Services

We use the following third-party services that may collect information:

  • Sign in with Apple: If you choose to sign in with Apple, we receive your name and email address (or a relay email if you choose to hide your email) from Apple. Apple's Privacy Policy
  • Sign in with Google: If you choose to sign in with Google, we receive your name and email address from Google. Google's Privacy Policy
  • Firebase Crashlytics: We use Crashlytics to collect crash reports and diagnostic information to improve app stability. This may include device information, app state, and crash logs. Firebase Privacy Policy
  • Amazon Web Services (AWS): We use AWS to host our servers and store your data securely. AWS Privacy Policy
  • OpenAI: We use OpenAI's API to power our AI-based nutritional analysis. When you log a meal via photo, voice, or text, your food photos, voice recordings, descriptions, and meal context are sent to OpenAI for processing. See our "Third-Party AI Data Sharing" section above for full details. OpenAI's Privacy Policy

Data Sharing and Sale of Information

We do not sell your personal information to anyone.

We may share your information only in the following circumstances:

  • With Service Providers: We share data with Apple, Google, AWS, and OpenAI as necessary to provide authentication services, crash reporting, data hosting, and AI-powered nutritional analysis
  • For Legal Compliance: We may disclose information if required by law or in response to valid legal requests
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred

Data Storage and International Transfers

Your data is stored on secure servers located in the European Union (AWS EU region).

Some of our third-party service providers (such as Firebase Crashlytics) may process data in the United States. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection laws
  • Certification schemes such as EU-US Data Privacy Framework

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Secure authentication mechanisms
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data

Right to Lodge a Complaint: If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

To exercise any of these rights, please contact us at kemstroarab@gmail.com. We will respond to your request within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Notice Regarding Sale of Personal Information: We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

To exercise your California privacy rights, contact us at kemstroarab@gmail.com.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Account Deletion

You can delete your account and all associated data at any time:

  • Open the Nutix app
  • Go to Settings
  • Select "Delete Account"
  • Confirm your decision

Upon deletion, all your personal data, including meal logs, photos, and health data, will be permanently removed within 30 days.

Children's Privacy

Nutix is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

Tracking Technologies

Mobile App: We do not use advertising trackers or sell data to advertisers. We only use Firebase Crashlytics for crash reporting and app stability monitoring.

Website: Our website does not use cookies for tracking or advertising purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where appropriate, notifying you via the app or email. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us at:

Hakim Mohamed
kemstroarab@gmail.com