1. Introduction

1.1. This Privacy Policy (“Policy”) describes how Haur B.V., a company incorporated under the laws of the Netherlands with its registered address at John M. Keynesplein 1, 1066EP Amsterdam (“NutriCal”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects the personal data of individuals (“you”, “your”, or “User”) who access or use the NutriCal mobile application and website (www.nutrical.ai).
‍1.2. We are committed to protecting your personal data and ensuring transparency and accountability in the processing of your information. This Policy has been developed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as applicable national data protection laws in the European Union.
‍1.3. This Policy applies to all personal data collected from users located in the European Economic Area (EEA) and other jurisdictions where GDPR is applicable. By using the NutriCal app or website, you consent to the practices described in this Policy.
‍1.4. We encourage you to read this Policy carefully to understand how your personal data is handled. If you do not agree with any part of this Policy, you should not use our Services.
‍1.5. For the purposes of the GDPR, Haur B.V. is the data controller responsible for the processing of your personal data as described in this Privacy Policy.
‍1.6. If you have any questions or concerns regarding this Policy or your personal data, you may contact us at this form
🏢 Address: Haur B.V., John M. Keynesplein 1, 1066EP Amsterdam, The Netherlands

2. What Personal Data We Collect

When you use the NutriCal app or visit our website, we may collect and process the following categories of personal data, depending on how you interact with our Services:
‍2.1. Data You Provide DirectlyWe collect personal data that you voluntarily submit to us, including when you:Register for an account;Complete your user profile;Begin a subscription;Contact our support team;Fill out forms or questionnaires.This may include:Full name;Email address;Password (encrypted);Country of residence;Payment information (handled by third-party processors);Preferences and settings (e.g., language, reminders).
‍2.2. Health and Lifestyle Information (Optional)When using the NutriCal application, you may choose to provide personal data related to your dietary and lifestyle goals, such as:Food logs and meal photos;Calorie intake;Macronutrient data (protein, fats, carbs);Weight, height, age, gender;Activity levels and goals.This information is only collected with your explicit consent, in accordance with Article 9(2)(a) GDPR, and is used to personalize your experience within the app.
‍2.3. Device and Usage InformationWhen you access NutriCal, we automatically collect certain information through cookies and analytics tools, including:IP address;Browser type and version;Device model and operating system;App version;Language settings;Timestamps and usage patterns;Clickstream and navigation data.
‍2.4. Transaction InformationIf you purchase a subscription or other service through the NutriCal app or website, we collect limited billing data (such as date of purchase and status), while all sensitive payment details are securely processed by trusted third-party providers (e.g., Stripe, Apple Pay, Google Pay).
‍2.5. Communication DataIf you correspond with us via email, web forms, or in-app chat, we may retain records of your communication, including support inquiries, feedback, and complaint logs.

3. Why We Collect and Process Your Data

We collect and process your personal data to provide, improve, and personalize the NutriCal Services, and to comply with our legal obligations. The lawful basis for each processing purpose is clearly outlined below, in accordance with Articles 6 and 9 of the GDPR.
‍3.1. To Provide and Maintain the NutriCal ServicesWe process your data to:Create and manage your account;Enable app functionality and personalize your dashboard;Store food logs, goals, and nutrition data;Process subscription payments and manage your billing;Deliver reminders, notifications, and relevant app content.Legal basis:Performance of a contract (Article 6(1)(b) GDPR);Explicit consent for health data (Article 9(2)(a) GDPR).
‍3.2. To Improve and Optimize Our ServicesWe analyze aggregated user data to:Monitor usage trends and performance;Improve app functionality and user experience;Develop new features and tools;Troubleshoot bugs and fix technical issues.Legal basis:Legitimate interest (Article 6(1)(f) GDPR) – to improve and maintain our digital services.
‍3.3. To Communicate with YouWe use your contact information to:Respond to customer support requests;Send administrative notifications about your account or subscription;Notify you about changes to terms, policies, or services;Request user feedback or satisfaction surveys.Legal basis:Performance of a contract (Article 6(1)(b) GDPR);Legal obligation (Article 6(1)(c) GDPR) – for essential communications.
‍3.4. For Marketing and Promotional PurposesWith your consent, we may:Send you marketing emails about product updates, offers, or health tips;Use anonymized data for promotional purposes or case studies.Legal basis:Consent (Article 6(1)(a) GDPR).
You can withdraw your consent at any time by using the unsubscribe link in our emails or contacting us directly.
‍3.5. To Comply with Legal and Regulatory ObligationsWe may process or retain certain data if required to:Meet tax, accounting, or consumer protection laws;Respond to lawful requests by public authorities or courts.Legal basis:Legal obligation (Article 6(1)(c) GDPR).

4. Legal Basis for Processing Personal Data

We process your personal data in strict accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable European data protection laws. The lawful basis for processing depends on the context and type of data involved.
‍4.1. Performance of a Contract (Article 6(1)(b) GDPR)We rely on this legal basis to process your personal data when it is necessary to:Create and manage your NutriCal account;Provide access to the NutriCal mobile app and its features;Process your subscription payments;Deliver technical support and user services.If you do not provide this data, we may not be able to provide the Services to you.
‍4.2. Consent (Article 6(1)(a) and 9(2)(a) GDPR)We obtain your explicit consent before:Collecting and processing any health-related data (e.g., food logs, calorie data, or fitness goals);Sending you marketing emails or promotional content;Using cookies and similar technologies (where legally required).You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
‍4.3. Legal Obligation (Article 6(1)(c) GDPR)We may process your personal data if required to:Fulfill accounting, tax, and consumer protection obligations;Comply with applicable laws, court orders, or regulatory requests;Ensure legal record-keeping for transactions and user interactions.
‍4.4. Legitimate Interests (Article 6(1)(f) GDPR)We may process your data for purposes that are necessary for the legitimate interests of NutriCal or third parties, provided these are not overridden by your fundamental rights and freedoms. These interests may include:Improving our services and user experience;Conducting analytics and performance reporting;Preventing fraud or misuse of the platform;Securing and maintaining the integrity of our digital infrastructure.We always balance our legitimate interests with your data protection rights and apply safeguards where appropriate.

5. How We Share Your Personal Data

We treat your personal data with the utmost care and do not sell or rent your information to third parties. However, we may share your data with trusted service providers and partners for the purposes described below, in full compliance with the GDPR.
‍5.1. Service Providers and Data ProcessorsWe engage third-party companies and individuals (“Processors”) to facilitate, operate, and improve the NutriCal Services. These providers only access your personal data to perform specific tasks on our behalf and are contractually bound to:Maintain the confidentiality of your information;Process data only according to our documented instructions;Comply with applicable data protection laws, including GDPR.Examples of such services include:Payment processing (e.g., Stripe, Apple Pay, Google Pay);Cloud hosting and data storage;Customer support and helpdesk systems;Analytics and performance monitoring tools;Email delivery and communications.
‍5.2. Legal and Regulatory AuthoritiesWe may disclose your personal data if required to:Comply with legal obligations, subpoenas, or court orders;Respond to lawful requests from regulatory or law enforcement authorities;Protect the rights, property, or safety of NutriCal, our users, or the public.
‍5.3. Business TransfersIn the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred as part of the transaction. In such cases, we will ensure that your rights under this Policy are upheld and that you are notified before your data is transferred or becomes subject to a different privacy policy.
‍5.4. With Your ConsentWe may share your personal data with third parties for other purposes, but only with your explicit, informed consent (e.g., participation in marketing collaborations, surveys, or testimonials). You may withdraw such consent at any time.
‍5.5. International TransfersIf we transfer your personal data to a country outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:A European Commission adequacy decision;Standard Contractual Clauses (SCCs) approved by the European Commission;Other legally approved transfer mechanisms.You may request further details about international transfers by contacting us at this form

6. How Long We Retain Your Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to:Provide and maintain the NutriCal Services;Comply with legal and regulatory obligations;Resolve disputes;Enforce our agreements and protect our legal rights.
‍6.1. Retention Periods by Data Category
Account and profile data - Retained for as long as the user has an active account. Deleted upon account closure.
Subscription and billing records - Retained for up to 7 years to comply with tax and financial reporting regulations.
Health and nutrition entries - Retained for as long as your account remains active, or until you request deletion.
Communication records - Retained for up to 3 years from the date of last contact, unless required longer.
Analytics and usage data - Retained in anonymized or aggregated form, unless otherwise stated.
‍6.2. Account DeletionYou can request full deletion of your account and associated data at any time by contacting us at support@nutrical.ai. Upon verification of your request, we will:Permanently delete all personal and health data associated with your account;Anonymize or erase non-essential data within 30 days;Retain only data that we are legally obligated to preserve (e.g., billing records).
‍6.3. Data MinimizationWe will not retain personal data longer than is necessary for the purposes for which it was collected or processed. If we determine that certain data is no longer needed, we will securely delete or anonymize it.
‍6.4. Backup StorageDue to technical and operational constraints, some deleted data may remain in encrypted backup archives for a limited period (no longer than 90 days) but will not be used for any active processing unless required by law.

7. Your Rights Under the GDPR

If you are a resident of the European Economic Area (EEA), you have specific rights regarding your personal data under the General Data Protection Regulation (EU) 2016/679 (GDPR). At NutriCal, we are committed to ensuring that you can easily exercise these rights.7
.1. Right to Access (Article 15)You have the right to request confirmation as to whether we process your personal data and, if so, receive a copy of your data, along with information about:The purposes of processing;The categories of data processed;The recipients (or categories of recipients) of the data;The storage period or criteria used to determine it;Your rights under the GDPR;Any available information about data sources, if not collected from you.
‍7.2. Right to Rectification (Article 16)If your personal data is inaccurate or incomplete, you have the right to request correction or completion without undue delay.
‍7.3. Right to Erasure (“Right to be Forgotten”) (Article 17)You may request the deletion of your personal data where:The data is no longer needed for its original purpose;You withdraw your consent (where processing is based on consent);You object to the processing and there are no overriding legitimate grounds;The data has been unlawfully processed;Deletion is required to comply with legal obligations.This right is subject to certain exceptions, including our need to retain some data for compliance or legal defense.
‍7.4. Right to Restriction of Processing (Article 18)You may request that we restrict the processing of your personal data in certain situations, such as:If you contest the accuracy of the data;If the processing is unlawful and you oppose deletion;If you need the data for legal claims but we no longer require it.
‍7.5. Right to Data Portability (Article 20)You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.
‍7.6. Right to Object (Article 21)You may object to processing based on legitimate interests, including profiling, at any time. We will cease processing unless we demonstrate compelling legitimate grounds or the processing is needed for legal claims.You also have the absolute right to object to direct marketing at any time, including profiling related to such marketing.
‍7.7. Right to Withdraw Consent (Article 7(3))If we process your personal data based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing that occurred before withdrawal.
‍7.8. Right to Lodge a Complaint (Article 77)If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority or the supervisory authority in the Netherlands:Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
https://autoriteitpersoonsgegevens.nl
‍How to Exercise Your RightsTo exercise any of the rights listed above, please contact us at this form.
We may request verification of your identity before processing your request. We will respond to all valid requests within one month, unless an extension is justified under GDPR.

8. Cookies and Tracking Technologies

NutriCal uses cookies and similar tracking technologies to enhance your experience on our website and mobile application, understand user behavior, and improve service performance. This section explains what cookies are, how we use them, and your rights under the ePrivacy Directive (2002/58/EC) and GDPR.
‍8.1. What Are Cookies?Cookies are small text files stored on your device when you visit a website or use an app. They allow the service to remember your preferences, recognize your device, and provide a more efficient and personalized experience.Cookies may be:Session cookies (deleted when you close your browser), orPersistent cookies (remain until expired or deleted manually).
‍8.2. Types of Cookies We Use
Strictly Necessary - Essential for basic functions (e.g., login, account access, payment flow).
‍Performance/Analytics - Collect anonymized data on usage, navigation patterns, and crash reporting.
‍Functionality - Remember user preferences like language, display settings, and location.
‍Marketing -Track user activity for personalized ads (used only with your consent).
We do not use cookies to collect sensitive personal or health-related data.
‍8.3. Cookie Consent and ControlUpon your first visit to our website, you will see a cookie banner asking for your explicit consent to use non-essential cookies (e.g., analytics or marketing). You can:Accept all cookies;Customize your preferences;Reject non-essential cookies.You may withdraw or change your cookie preferences at any time through the cookie settings panel on our website.
‍8.4. Managing Cookies in Your BrowserYou can also configure your browser settings to refuse or delete cookies. Note that disabling cookies may limit functionality and impact your experience using NutriCal.For guidance, see:Chrome: https://support.google.com/chrome/answer/95647Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computerSafari: https://support.apple.com/en-us/HT201265
‍8.5. Third-Party CookiesSome cookies may be placed by third-party service providers (e.g., Google Analytics) to help us measure traffic and user behavior. These providers may have their own privacy and cookie policies, which we recommend reviewing.We use these tools only with your informed consent and in accordance with applicable EU regulations.

9. Data Security

We are committed to protecting your personal data and maintaining its confidentiality, integrity, and availability. NutriCal implements appropriate technical and organizational measures to safeguard your data against unauthorized access, accidental loss, destruction, or disclosure.
‍9.1. Security MeasuresWe apply a layered approach to data security, including but not limited to:Encryption: All sensitive data is encrypted during transmission (TLS/SSL) and, where applicable, at rest.Access Controls: Access to your personal data is limited to authorized personnel who require it for service delivery and are bound by confidentiality obligations.Anonymization and Pseudonymization: Where appropriate, personal data is anonymized or pseudonymized to enhance user privacy.Firewalls and Intrusion Detection: Our systems are protected with firewalls and monitored for unusual or suspicious activity.Regular Backups: We maintain regular encrypted backups of our systems and data.Vulnerability Assessments: We conduct regular internal security audits and vulnerability testing.
‍9.2. Third-Party SecurityWe ensure that any third-party service providers who process data on our behalf adhere to robust data security standards and are contractually bound to protect your information.
‍9.3. User ResponsibilityWhile we implement strict security protocols, the security of your data also depends on your actions. You are responsible for:Keeping your login credentials confidential;Logging out of your account after each session;Not sharing your password with others;Using strong, unique passwords.If you suspect unauthorized access to your account or a potential data breach, please contact us immediately at this form.
‍9.4. Breach NotificationIn the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 GDPR. We will also notify the relevant supervisory authority within 72 hours as required by Article 33 GDPR.

10. Changes to This Privacy Policy

10.1. We may update or revise this Privacy Policy from time to time in order to reflect changes in:Applicable laws or regulatory guidance;Our data processing practices;The NutriCal Services, technology, or business operations.
‍10.2. When we make material changes, we will:Update the “Effective Date” at the top of this document;Notify you through the app, by email, or via a prominent notice on our website;Provide a clear summary of what has changed, where legally required.
‍10.3. We encourage you to review this Privacy Policy periodically to remain informed about how we protect your personal data and what rights you have under the law.
‍10.4. Continued use of the NutriCal Services after any changes to this Policy will constitute your acknowledgment of the updated terms, unless your explicit consent is required by law (e.g. for new purposes or processing types).