Privacy Policy

Version: privacy-2026-05-07 · Effective: 7 May 2026

This Privacy Policy explains how NutriMama("we", "us") collects, uses, stores, and protects your personal data when you use our website and mobile app (the "Service"). We comply with India's Digital Personal Data Protection Act 2023 (DPDP Act).

1. The data we collect

We collect the minimum needed to run the Service. We never sell data, never share it with advertisers, and never use your identity for AI training or analytics (see section 3a).

  • Login data (account record only): your email and a display name. Email is required so you can sign in and recover your account. The display name is shown only to you in your own dashboard. These two fields live in a separate, access-controlled account record and are never attached to your chats, logs, reports, AI training data, or analytics. If you sign in with Google or Truecaller, we receive only your email — no contact list, photos, profile pictures, or anything else from your account.
  • Phone number (encrypted at rest): when you sign in with a mobile number, we store it in AES-256 encrypted form using a key kept separate from the database. An attacker with database access alone cannot read your number. The last 4 digits are stored in plaintext for display ("Signed in as ...4321") and a one-way hash is stored for sign-in lookup, but the full number is never readable without our server-side key. Every internal decryption (e.g. for our support team when you ask for help) is logged with timestamp, user, and reason.
  • Health data you provide (stored under a random account ID, not your name): menstrual cycle, symptoms, pregnancy details, medical reports you upload, vitals, dietary preferences, mood, sleep, and other inputs you log. None of this is keyed to your real-world identity — see section 3a for how this isolation works.
  • Date of birth & language preference: kept on the account record so we can confirm you are 18+ and show the app in your language. Not used for marketing, profiling, or training.
  • Device data: IP address, user-agent, app version, and basic usage telemetry needed to keep the Service working and secure. Retained for 30 days and then purged.
  • Payment data: processed by Razorpay (and optionally Stripe). We never see your full card or UPI credentials — only a masked reference and the payment status.

What we don't collect:we don't ask for Aadhaar, PAN, ABHA/Health ID, voter ID, bank account numbers, contacts, location, biometrics, or social-media profiles. If you accidentally type any of these into chat, our PHI scrubber strips them before they ever reach an AI provider.

2. How we use it

  • To provide cycle tracking, AI chat, report analysis, meal plans, and other features you request.
  • To personalize content and recommendations to your life stage.
  • To detect emergencies (e.g., self-harm or obstetric danger keywords) and surface helpline numbers.
  • To process subscriptions and prevent fraud.
  • Optionally, to improve our AI models — only if you opt in. Data used for training is anonymized and aggregated. You can withdraw this consent anytime in Settings → Privacy.

3. AI and our medical position

Our AI features use Google Gemini and other third-party large language models. We do not allow these providers to train on your data (Gemini API default for paid tiers, Anthropic API). Your conversations and reports are sent to Google's servers in encrypted form to produce a response and are not retained beyond Google's standard operational windows.

3a. Pseudonymisation — how your identity is kept separate

We treat your name and email as account-only data. They live in a single, access-controlled account record and are never attached to anything used for AI features, analytics, or model training.

  • Everything you log — chats, symptoms, cycle entries, reports, meals, daily logs — is keyed to a random account ID(a UUID). That ID is meaningless on its own and cannot be reversed back to your name or email without our access-controlled join.
  • Before any message is sent to a third-party AI provider, our PHI scrubber strips Aadhaar, PAN, Indian mobile numbers, email addresses, ABHA / Health ID, voter ID, and bank account numbers. The provider sees redacted text plus the random account ID, never your real-world identity.
  • If you opt in to anonymised model training (Settings → Privacy), only the pseudonymous, PHI-scrubbed records are eligible. Names, emails, raw uploaded reports, and payment details are categorically excluded from any training pipeline.
  • Cryptographic hashes are used where reversible mapping isn't needed (e.g. abuse-prevention dedupes), so even our internal team sees an opaque value rather than a recognisable identity.

In short: your identity and your health data live in separate places. The only way to join them is through an authenticated, audited query by you or by us answering a DPDP request from you.

Important: NutriMama is a wellness companion. It is not a medical device, is not registered with the CDSCO, and does not provide medical advice, diagnosis, or treatment. Always consult a qualified doctor for medical concerns.

4. Children (under 18)

Standalone NutriMama accounts are restricted to users aged 18 and over. Children may use the Service only as a Dependent Profile created by a verified parent or legal guardian. Verifiable parental consent is captured via a Razorpay ₹1 authenticated payment (refunded immediately) and recorded as required by DPDP Act §9.

For Dependent Profiles we never run open-ended AI generation. Children only see human-curated educational content. We do not perform behavioural monitoring, do not show advertisements, and do not share any data with third parties except as strictly required to operate the Service (e.g., hosting, payment processing).

5. Data security & storage

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Hosted on infrastructure within India where available, otherwise standard cloud regions.
  • Access controlled, audited, and limited to staff with a need-to-know.

6. Your rights under the DPDP Act

  • Access & correction: view and update your data anytime.
  • Erasure: request full deletion in Settings → Privacy → Delete my data. Hard purge runs within 7 days.
  • Withdrawal of consent: withdraw any optional consent (e.g., model training) anytime, with no impact on the core service.
  • Grievance: contact our Data Protection Officer at founder@nutri-mama.in. We aim to respond within 7 business days.

7. Sharing

We do not sell your data. We share data only with sub-processors strictly necessary to run NutriMama: Neon (database), Vercel (hosting), Google (Gemini AI), UploadThing/Cloudflare (file storage), Razorpay (payments), and email/notification providers. Each sub-processor is contractually bound to confidentiality and security obligations.

8. Retention

We retain your data while your account is active. After deletion we retain only the minimum required for legal, financial, or security reasons (typically up to 3 years for invoicing).

9. Changes

We'll notify you in-app before any material change. The version identifier above will increment so historical consents remain traceable.

10. Contact

Data Protection Officer · founder@nutri-mama.in

NutriMama · Made for India · DPDP Act 2023 compliant