LEGAL / NUTRI02

Privacy policy

Last updated: 18 August 2025

1. Controller and contacts

Controller: Jourloy LLC, Russia. Personal data inquiries: hello@nutri02.com. Data is hosted on Russian servers

2. Data we process

We minimise data collection. Currently we process:

  • Account data: nickname; password in hashed form only
  • Contact data: e-mail address (for subscription payments and service notices)
  • Food diary data: meal logs, calories, macros, product names and amounts; AI meal photos and text requests may be transferred to S3 storage and AI providers to process the request. This data is linked to the account but is not treated as a separate sensitive category by itself
  • Technical data: IP address, request timestamps, session identifiers/tokens, error logs, user-agent, language, time zone and selected locale
  • Analytics after consent: cookie/pixel IDs, view and click events, screen paths, session duration (Yandex.Metrica, Microsoft Clarity)
  • Advertising and attribution with consent: campaign code, hit time, IP/user-agent/referrer in landing_hits; ad_code by itself is not used to identify a person
  • Payment data: processed by the provider; we receive transaction statuses only

3. Legal bases

  • Contract performance — providing Service functionality
  • Separate user consent for body, cycle, symptoms and related notes, analytics cookies and marketing
  • Legitimate interest — security, abuse prevention, error logging, contextual advertising
  • Legal obligations — advertising labelling, accounting, official requests

Revoking analytics or marketing does not block the basic service. Revoking body, cycle and symptom consent limits only features that need that data

4. Purposes of processing

  • Service operation: nutrition tracking, storage, visualisation and support
  • Security: fraud prevention and protection of rights
  • Marketing and ads after consent: campaign attribution, effectiveness measurement, frequency capping
  • Product development after consent: analytics (Yandex.Metrica, Microsoft Clarity)

5. Marketing and advertising

  1. Ad personalisation and advertising pixels are enabled only after separate consent
  2. We do not use food diary, body, cycle or AI-photo data for marketing without a separate legal basis and consent
  3. We may share data with advertising/tech partners only within selected consent categories and required contracts
  4. Ads are labelled as “Advertisement” and may include ERID; placements are reported to ERIR

6. Anonymised and aggregated data

We may collect and analyse anonymised or aggregated statistics provided they cannot reasonably identify you. The product catalogue, public recipes/blog and aggregates are not personal data by themselves. We do not sell personal data

7. Retention period

Data is stored while your account exists and/or processing purposes remain. Afterwards it is deleted or anonymised (usually within 30 days; backups may last longer)

8. Security

We apply organisational and technical safeguards (encryption, access controls, hashed passwords). Absolute security is not guaranteed

9. User rights and control

You may request details on processing, correction, blocking or deletion of data, and withdraw consent. Contact hello@nutri02.com

Privacy settings let you revoke analytics, marketing and body/cycle consent. Ordinary account processing stops through account deletion or a support request

10. Minors

We do not knowingly process data of users under 18. Accounts detected as underage are removed. Guardians may contact hello@nutri02.com

11. Cookies, local storage and pixels

Necessary session/auth cookies and locale settings are used to operate the Service. Analytics, ad attribution, campaign localStorage/sessionStorage and third-party pixels are enabled only after active consent; ad_code alone is not personal data without a link to IP/user-agent/referrer or an account

  1. Strictly necessary — authentication, session, security, locale and interface settings; NEXT_LOCALE/theme are technical settings
  2. Analytics — Yandex.Metrica and Microsoft Clarity; not loaded before consent
  3. Advertising/attribution — Top.Mail.Ru/VK, campaign code in cookies/localStorage; not loaded before consent

12. Communications

We send service e-mails (receipts, important subscription notices). Marketing e-mails require separate consent

Contact hello@nutri02.com for data or Service questions. Password recovery via e-mail is not supported yet

13. Policy changes

We may update this Policy; the current version is published in the Service. Material changes are highlighted in the interface