In a nutshell: NutriScan AI respects your privacy. We only collect the data necessary to operate the app (email, meals, weight). You can delete your account and all your data at any time from within the app. We never sell data to third parties.
1. Who we are
NutriScan AI is a mobile app for AI-powered nutrition tracking, published by:
- Publisher: Clyse NZE
- Legal status: Individual in France [AUTO_ENTREPRENEUR_STATUS_PENDING]
- SIRET: [SIRET_TO_BE_FILLED]
- Country: France
- Contact email: contact@nutriscanai.net
- Website: nutriscanai.net
We are the data controller under the General Data Protection Regulation (GDPR).
2. Data we collect
To provide the service, we process the following categories of data:
2.1. Authentication data
- Email address (for magic link login and Sign in with Apple)
- Apple identifier (if you use Sign in with Apple)
- Session tokens (encrypted)
2.2. Nutrition and health data
- Scanned meals (photos, descriptions, macronutrients, calories)
- Weight entries and history
- Body progress photos (if you choose to save them)
- Personal goals (weight loss, muscle gain, maintenance)
2.3. Profile data
- Age, height, sex (used only to calculate your caloric needs)
- Physical activity level
- Preferred language
2.4. Technical data
- Device type (iPhone, iPad)
- iOS and app version
- Anonymized error logs (for debugging)
We do NOT collect: your GPS location, your contacts, your web browsing history, advertising identifiers (IDFA).
3. Why we process your data (purposes)
| Purpose | Data used | Legal basis |
|---|---|---|
| Authentication | Email, Apple ID | Contract performance |
| AI nutrition analysis | Meal photos, profile | Contract performance |
| Multi-device sync | Meals, weight, photos | Contract performance |
| Service improvement | Anonymized logs, stats | Legitimate interest |
| Push notifications | Notification token | Consent |
4. Data retention
- Active account: as long as you use the app
- Inactive account: accounts with no activity for 24 months are automatically deleted (we send a warning email 30 days before)
- Deleted account: immediate and full deletion via the "Delete my account" button in the app. All your data is permanently erased
- Technical logs: 30 days maximum
- Billing records: kept for 10 years (French legal obligation)
5. Sub-processors and hosts
To operate NutriScan AI, we use the following providers. They are contractually bound to protect your data:
| Provider | Role | Location |
|---|---|---|
| Supabase | Database, authentication, storage | ๐ฎ๐ช Ireland (EU) |
| Anthropic | AI meal photo analysis (Claude) | ๐บ๐ธ United States |
| Resend | Email delivery (magic link, OTP) | ๐บ๐ธ United States |
| RevenueCat | In-app subscription management | ๐บ๐ธ United States |
| Apple | App Store, Sign in with Apple, payments | ๐บ๐ธ USA / ๐ฎ๐ช Ireland |
| GitHub Pages | Hosting of nutriscanai.net | ๐บ๐ธ United States |
6. Transfers outside the European Union
Some of our providers are located in the United States. These transfers are governed by:
- The EU-U.S. Data Privacy Framework (since July 2023)
- Standard Contractual Clauses approved by the European Commission
- Technical protection measures (encryption in transit and at rest)
7. Your rights (GDPR)
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: delete your account and all your data
- Right to portability: get your data in a structured format
- Right to object: object to certain processing
- Right to restriction: request temporary suspension of processing
To exercise these rights, contact us at contact@nutriscanai.net. We will respond within 30 days maximum.
8. Data security
- HTTPS encryption for all communications
- Row Level Security (RLS) in the database
- Passwordless authentication (magic link, OTP, Sign in with Apple)
- Encrypted daily backups
- Regular audits of code and dependencies
9. Cookies
The nutriscanai.net website uses no tracking cookies, no advertising pixels, no third-party analytics tools (no Google Analytics, no Facebook Pixel).
10. Minors
NutriScan AI is intended for users aged 16 and over. We do not knowingly collect data from children under 16.
11. Policy changes
If we make substantial changes, we will notify you by email (at least 30 days in advance) and a notification will appear in the app.
12. Complaints (CNIL)
If you believe your rights are not respected, you can contact us first, or file a complaint with the CNIL (French data protection authority): cnil.fr/en/plaintes
13. Contact
Email: contact@nutriscanai.net
We commit to responding within 30 days maximum.