Privacy Policy

Last Updated: October 27, 2024

TL;DR: Nutritheous is open-source and self-hostable. When you self-host, you have complete control over your data. For the public instance, we collect minimal data necessary for app functionality and use third-party services (OpenAI, Google Cloud) for AI analysis and image storage.

Introduction

Welcome to Nutritheous. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our nutrition tracking application.

Open Source & Self-Hosting

Nutritheous is an open-source project licensed under the MIT License. The entire source code is available at github.com/vishnugt/nutritheous.

You have the option to:

Self-host the application on your own infrastructure, giving you complete control over your data
Use the public instance hosted at api.analyze.food

If you self-host, this privacy policy does not apply to your instance. You are responsible for your own data handling and privacy practices.

Information We Collect

Account Information

When you create an account, we collect:

Email address (used for login)
Password (stored as a secure BCrypt hash)
Profile information: age, height, weight, sex, and activity level

Meal Data

When you track meals, we collect:

Meal photos you upload
Text descriptions of meals
Meal type (breakfast, lunch, dinner, snack)
Timestamp of when the meal was logged
Nutrition data extracted by AI analysis

Usage Data

We may collect:

Device information (operating system, app version)
Log data (errors, API requests)
Analytics data to improve app performance

How We Use Your Information

We use your information to:

Provide core functionality: Analyze meals, calculate nutrition, track your progress
Personalize your experience: Calculate calorie goals based on your profile
Improve the service: Fix bugs, optimize performance, add features
Communicate with you: Send important updates about the service

Third-Party Services

OpenAI (GPT-4 Vision API)

When you upload a meal photo or provide a text description, we send this data to OpenAI's API for nutrition analysis. OpenAI's privacy policy applies to this data processing. Learn more at openai.com/policies/privacy-policy.

Google Cloud Storage

Meal photos are stored in Google Cloud Storage. We generate signed URLs with 24-hour expiration for secure access. Google's privacy policy applies to stored images. Learn more at cloud.google.com/privacy.

Data Storage & Security

We take security seriously:

Passwords: Hashed using BCrypt before storage
Authentication: JWT tokens with 24-hour expiration
Database: PostgreSQL with encrypted connections
Images: Stored in Google Cloud Storage with signed URLs
HTTPS: All data transmission is encrypted

Data Retention

We retain your data as long as your account is active. When you delete your account:

Your account information is permanently deleted
All meal records are deleted from our database
Associated images are removed from cloud storage
Deletion is typically completed within 30 days

Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct your information through the app
Deletion: Delete your account and all associated data
Export: Download your meal data (feature coming soon)
Self-host: Run your own instance with complete data control

Children's Privacy

Nutritheous is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

Updating the "Last Updated" date at the top of this page
Posting a notice in the app
Sending an email to your registered address (for major changes)

International Data Transfers

If you are accessing Nutritheous from outside the country where our servers are located, your data may be transferred internationally. We take appropriate measures to ensure your data is protected in accordance with this privacy policy.

Contact Us

If you have questions about this privacy policy or your data, you can:

Open an issue on GitHub: github.com/vishnugt/nutritheous/issues
Review the source code to see exactly how we handle data
Self-host your own instance for complete control

Remember: Nutritheous is open source. You can audit the entire codebase, contribute improvements, or self-host for complete privacy and control over your nutrition data.

Back to Home View on GitHub