Back to Home

Privacy Policy

Effective Date: March 9, 2026

NutriGuide AI ("we," "us," or "the Service") is a pediatric nutritional screening and surveillance platform serving families and healthcare professionals across China and ASEAN member states. We are committed to protecting the privacy and security of personal, child, and health-related information entrusted to us, including sensitive medical data. This Privacy Policy explains what information we collect, how we use and protect it, who we share it with, and what rights you have. It applies to all users of the Service, including Guardians, Pediatricians, and Child Account holders.

By using the Service, you consent to the practices described in this Privacy Policy. This policy is incorporated into and subject to our Terms of Service.

1. Data Controller

NutriGuide AI acts as the data controller for the personal data processed through the Service. For data protection inquiries, contact our Data Protection Officer at privacy@nutriguide.ai.

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Full name and email address
  • Role selection (Parent/Guardian, Pediatrician, RND, or Child)
  • Preferred language and country/region
  • Authentication credentials (managed via BetterAuth, self-hosted)

2.2 Patient Health and Sensitive Medical Data

When Guardians or Pediatricians register and manage patient profiles, we collect and store the following categories of sensitive health and medical data:

  • Patient name, date of birth, and biological sex
  • Anthropometric measurements (weight, height/length, head circumference, MUAC) with recording dates
  • Computed WHO Z-scores (weight-for-age, height-for-age, weight-for-height, BMI-for-age, head circumference-for-age) and derived nutritional status classifications
  • Consultation records, clinical findings, nutritional diagnoses, and management plans
  • Nutrition logs including meal descriptions, food items, and estimated caloric and macronutrient intake
  • Food scan images and AI-generated nutritional analyses
  • Surveillance alert history and notification records

2.3 AI Interaction Data

When you use AI Features (including the Nuri conversational assistant, nutritional assessments, and food scanning), we collect:

  • Your messages, prompts, and uploaded images
  • AI-generated responses, assessments, and recommendations
  • Contextual patient data provided to the AI model to generate personalized outputs

Conversation history is stored within your account and is not shared with other users.

2.4 Automatically Collected Technical Data

  • Browser type and version, operating system, and device type
  • IP address (anonymized for analytics where possible)
  • Pages visited, features used, session duration, and interaction patterns
  • Error logs and performance metrics

3. Lawful Basis for Processing

We process your personal data on the following legal bases:

PurposeLawful Basis
Account creation and authenticationPerformance of contract (Terms of Service)
Nutritional screening, growth tracking, and AI recommendationsPerformance of contract; explicit consent for health data
Surveillance alerts and notificationsPerformance of contract; legitimate interest (child welfare)
Service improvement and analyticsLegitimate interest (using aggregated, de-identified data)
Legal compliance and fraud preventionLegal obligation; legitimate interest
Processing of children's dataGuardian consent (parental/legal guardian authorization)

Where you submit or manage patient or child data, you represent that you are the data subject, a parent or legal guardian, or a healthcare professional or other person otherwise authorized to provide that information and any required notices or obtain any required consents under applicable law. That authorization includes explicit, informed consent where required for the processing of sensitive health and child data, AI-assisted analysis, daily compliance monitoring based on logged information, and necessary cross-border processing described in this Policy. If consent is withdrawn, some Service features that depend on ongoing processing of health data may no longer be available.

4. How We Use Your Information

  • Core Service Delivery: Providing nutritional screening, WHO Z-score computation, growth tracking, consultation management, meal logging, and report generation.
  • AI-Powered Features: Generating personalized nutritional assessments, culturally sensitive meal plans, food image analysis, and compliance monitoring through third-party AI models.
  • Input-Dependent AI Processing: Generating outputs from user-input data, uploaded content, recorded measurements, consultation notes, meal logs, and other records available in the Service at the time of use. If those inputs are incomplete, stale, missing, or inaccurate, outputs may be limited, conservative, delayed, or incorrect.
  • Daily Compliance Monitoring: Where enabled, analyzing daily meal logs and related tracking data to estimate adherence to nutritional targets, detect deviations, and support follow-up. These indicators are supportive and do not independently prove actual adherence, clinical benefit, or absence of risk.
  • Surveillance and Alerts: Monitoring nutritional status changes and sending automated alerts to Guardians and Pediatricians when clinically significant changes are detected.
  • Account Management: Authenticating users, managing roles and permissions, and facilitating patient-provider relationships.
  • Service Improvement: Analyzing aggregated, de-identified usage patterns to improve features, performance, and user experience. Individual health data is never used for this purpose without explicit consent.
  • Safety-Centered Operation: Applying prompts, workflow guardrails, and product controls intended to promote beneficence and non-maleficence, including surfacing uncertainty, limiting risky inferences where data is incomplete, and directing users to qualified care when risk is identified. These safeguards reduce but do not eliminate error.
  • Communication: Sending service-related notifications, security alerts, and policy updates.

5. Data Governance, Storage, and Security

5.1 Infrastructure

Your data is stored in Convex, a real-time cloud database platform, with servers hosted in the United States. Authentication data is managed through our self-hosted BetterAuth instance.

5.2 Medical Data Governance

We treat patient records, consultation notes, nutrition logs, food scan images, and AI interaction content linked to a patient as sensitive health data. We govern that data using controls proportionate to its medical sensitivity, including:

  • Minimum necessary access: Access is limited to the guardian, assigned pediatrician, linked child account, and authorized personnel necessary to operate the Service.
  • Purpose limitation: We process health data only for screening, surveillance, consultation support, reporting, safety alerts, and related support functions described in this Policy.
  • Data provenance and integrity: We seek to preserve the relationship between user-entered source data and the outputs derived from it so records can be reviewed, corrected, and audited where feasible.
  • Incomplete-data handling: Where information is missing, inconsistent, or outdated, we may restrict a feature, display a warning, or produce more conservative output rather than infer missing clinical facts with certainty.
  • Traceability: Access to and changes in health data may be logged to support security, integrity, and compliance review.
  • Restricted disclosures: Only the minimum relevant context needed to perform a requested feature is shared with sub-processors or AI providers.
  • Controlled secondary use: We do not sell identifiable health data or use it for advertising. Where we analyze data to improve the Service, we use aggregated or de-identified information unless another lawful basis or additional consent applies.

5.3 Security Measures

We implement the following safeguards:

  • Encryption in transit: All data is transmitted over HTTPS/TLS 1.2 or higher.
  • Role-based access control (RBAC): Parents/Guardians can only access their own children's data; Pediatricians can only access assigned patients; Registered Nutritionist-Dietitians access only approved nutrition-care views; Child Accounts have read-only access to their own data.
  • Authentication security: Secure session management with CSRF protection, rate limiting on authentication endpoints, and secure credential storage using bcrypt hashing.
  • API-level authorization: Every backend query and mutation verifies the authenticated user's identity and role before returning or modifying data.
  • Input validation: All user inputs are validated and sanitized on both client and server to prevent injection attacks.

5.4 Limitations

No security system is impenetrable. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security against all threats. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law (see Section 11).

6. Third-Party Services and Sub-Processors

We use the following third-party services to operate the platform:

ProviderPurposeData Shared
BetterAuth (self-hosted)Authentication, session managementEmail, name, hashed credentials
ConvexReal-time database, backend functions, file storageAll Service data (encrypted in transit and at rest)
OpenAIAI-powered assessments, meal plans, food analysis, conversational assistantLimited patient context necessary for generating outputs (name, age, measurements, dietary data)
VercelApplication hosting and CDNTechnical request data (IP, headers, access logs)

Each provider is bound by their own privacy policies and, where applicable, data processing agreements. We select providers that maintain appropriate security certifications and practices.

7. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise commercially distribute your personal or health data. We disclose data only in the following circumstances:

  • Service operation: With third-party sub-processors listed above, strictly as necessary to deliver features you use.
  • Legal obligation: When required by law, regulation, subpoena, court order, or governmental request.
  • Safety: When we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or address security vulnerabilities.
  • Business transfer: In connection with a merger, acquisition, or sale of assets, provided the acquiring entity agrees to honor this Privacy Policy.
  • With your consent: In any other circumstance where you have given explicit, informed consent.

8. Cross-Border Data Transfers

Because our infrastructure providers are located in the United States and other jurisdictions, your data may be transferred to and processed in countries other than your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with sub-processors that include adequate protection commitments
  • Compliance with cross-border transfer requirements under applicable national data protection laws (including China's PIPL, where applicable)

9. Data Retention

Data TypeRetention Period
Account informationDuration of account activity + 90 days after deletion request
Patient health recordsDuration of account activity, or as required by applicable healthcare record retention laws (typically 5-10 years after last entry, depending on jurisdiction)
AI conversation historyDuration of account activity; deleted upon account termination
Technical/analytics dataUp to 24 months (aggregated and anonymized)
Security and audit logsUp to 36 months for fraud prevention and compliance

Upon account deletion, we will remove or de-identify your personal data within 90 days, except where retention is required by law or necessary for legitimate purposes (e.g., resolving disputes, enforcing agreements, or complying with healthcare record retention requirements).

10. Children's Privacy

10.1 Parental Consent

NutriGuide AI processes health data of minors only under the documented authorization and supervision of a parent or legal guardian, or under the lawful authority of a healthcare provider acting within their professional duties. We do not knowingly solicit or collect a child's health data for independent use by the child outside that supervised context.

10.2 Child Accounts

Child Accounts are created by Guardians and provide limited, supervised access to the child's own data. Child Account users cannot register new patients, modify clinical records, or access other users' data. Guardians may revoke Child Account access at any time.

10.3 COPPA and Equivalent Protections

While NutriGuide AI primarily operates outside the United States, we extend protections consistent with the Children's Online Privacy Protection Act (COPPA) to all child users regardless of jurisdiction. This includes requiring verifiable parental consent before processing a child's personal information and providing parents with the ability to review and delete their child's data.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

  • Notify affected users via email and in-app notification without undue delay, and in any event within 72 hours of becoming aware of the breach where feasible.
  • Notify the relevant data protection authority as required by applicable law.
  • Provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

12. Automated Decision-Making

The Service uses automated processing, including AI models, to generate nutritional classifications (e.g., "normal," "stunted," "wasted"), risk assessments, and dietary recommendations. These automated outputs are:

  • Based on established WHO standards and evidence-based nutritional guidelines.
  • Generated from user-input data and records available at the time of processing; incomplete measurements, missing logs, or stale records can materially affect the output.
  • Daily compliance scores, reminders, and alerts are supportive indicators derived from logged behavior and targets; they are not, by themselves, proof of adherence, therapeutic success, beneficence, or absence of harm.
  • Intended as decision-support tools only, not as final clinical determinations.
  • Subject to review and override by qualified healthcare professionals.

You have the right to request human review of any automated assessment that significantly affects you or your child. Contact us at privacy@nutriguide.ai to exercise this right.

13. Regional Data Protection Compliance

NutriGuide AI operates across multiple jurisdictions and is committed to complying with applicable data protection laws in each region where our users reside:

  • China — Personal Information Protection Law (PIPL): We process personal information with explicit consent, implement data localization where required, provide data deletion and portability mechanisms, and conduct protection impact assessments for sensitive personal information (including health data and minors' data).
  • Philippines — Data Privacy Act of 2012 (RA 10173): We register with the National Privacy Commission as required, appoint a Data Protection Officer, implement proportionate organizational and technical security measures for sensitive personal information, and maintain breach notification procedures.
  • Singapore — Personal Data Protection Act (PDPA): We obtain consent before collecting personal data, limit collection to stated purposes, provide access and correction rights, and implement reasonable security arrangements.
  • Thailand — Personal Data Protection Act (PDPA, B.E. 2562): We process data lawfully with appropriate legal bases, maintain records of processing activities, respect data subject rights including the right to be forgotten, and implement data protection measures proportionate to risk.
  • Indonesia — Personal Data Protection Law (PDP Law, No. 27/2022): We ensure transparency in data processing, implement data breach notification procedures within the statutory timeframe, respect data subject rights, and designate a responsible person for data protection.
  • Malaysia — Personal Data Protection Act 2010 (PDPA): We adhere to all seven data protection principles: general, notice and choice, disclosure, security, retention, data integrity, and access.
  • Vietnam — Law on Cybersecurity and Decree 13/2023/ND-CP: We comply with personal data protection requirements, implement appropriate technical and organizational measures, and fulfill data localization obligations where applicable.
  • Cambodia, Laos, Myanmar, Brunei: We apply internationally recognized data protection standards consistent with the ASEAN Framework on Digital Data Governance and emerging national legislation in each country.

14. Your Rights

Depending on your jurisdiction, you may exercise the following rights by contacting us at privacy@nutriguide.ai:

  • Access: Request a copy of the personal data we hold about you or your child.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Request a machine-readable copy of your data for transfer to another service.
  • Withdrawal of Consent: Withdraw consent for data processing at any time (this does not affect the lawfulness of prior processing).
  • Objection: Object to processing based on legitimate interests.
  • Complaint: Lodge a complaint with your local data protection authority if you believe your rights have been violated.

We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law. We may request additional information to verify your identity before processing a request.

15. Cookies and Tracking Technologies

The Service uses essential cookies and local storage for authentication, session management, and user preferences (such as selected patient and theme settings). These are strictly necessary for the Service to function.

We do not use third-party advertising cookies or cross-site tracking technologies. If we introduce analytics cookies in the future, we will update this policy and obtain your consent where required.

16. Medical Disclaimer

NutriGuide AI is a decision-support, screening, and educational tooland does not provide medical diagnoses, prescriptions, treatment orders, or emergency triage. AI-generated assessments, classifications, meal plans, alerts, chats, and simulations may be incomplete, delayed, or inaccurate and must be independently reviewed by a qualified healthcare professional before being used for diagnosis, treatment, medication, supplementation, feeding restrictions, or other care decisions. Outputs depend on the user-input data and records available at the time; if information is incomplete, daily logs are missing, or the record is outdated, results may change materially. We aim to apply safety principles consistent with beneficence and non-maleficence, but we cannot guarantee that every output will be complete, safe, or appropriate in every circumstance. The Service supports — but never replaces — the clinical judgment of the attending healthcare provider, and it does not create a clinician-patient relationship with NutriGuide AI. For full details, see Section 5 of our Terms of Service.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated at least thirty (30) days in advance through the Service and, where possible, via email. The "Effective Date" at the top of this page indicates when the latest revision took effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

18. Contact Us

For questions, concerns, data subject requests, or complaints regarding this Privacy Policy or our data practices, please contact:

NutriGuide AI — Data Protection Officer
Email: privacy@nutriguide.ai
General inquiries: support@nutriguide.ai

We aim to respond to all inquiries within five (5) business days.