NutriMama LogoNutriMamaHome
Privacy & Data Protection

Privacy Policy

Last updated: 19 May 2026

1. Who we are

NutriMama ("we", "us", "our") is an AI-assisted women's health companion focused on pre-pregnancy, pregnancy, postpartum, and menstrual wellness. This policy explains what personal data we collect, why we collect it, and the rights you have under India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

2. What we collect

  • Account data: name, email, phone number, hashed password.
  • Health data you provide: pregnancy stage, last menstrual period, cycle logs, symptoms, mood, sleep, nutrition preferences, condition flags such as PCOS.
  • Conversations: messages you send to the AI assistant, stored to maintain context and improve safety.
  • Device & usage data: browser type, locale, anonymised analytics events.

3. Why we use your data

  • Personalising nutrition, cycle, and wellness guidance.
  • Running medical triage (RED / YELLOW / GREEN) and emergency escalations.
  • Sending check-in reminders and weekly summaries.
  • Processing subscription payments via Razorpay.
  • Detecting abuse and keeping the service secure.

4. Legal basis (DPDP Act, 2023)

We process your personal data on the basis of your explicit consent, which you give during sign-up and onboarding. You may withdraw consent at any time from Settings → Privacy. Withdrawal does not affect lawful processing already carried out.

5. AI processing & PII redaction

Before any message is sent to an AI provider (Groq, Gemini, Claude), we automatically scrub Indian PII — Aadhaar, PAN, phone numbers, email, ABHA, voter ID, and bank account numbers — so the model only receives the clinical content it needs.

6. Sharing and third parties

We do not sell your data. We share limited data only with:

  • AI providers strictly for generating responses.
  • Razorpay for payment processing.
  • Hosting and email infrastructure (Vercel, Resend).

7. Retention

Account and health data are retained while your account is active and for up to 90 days after deletion to satisfy audit and legal obligations, after which they are permanently erased.

8. Your rights

  • Access and download a copy of your data.
  • Correct inaccurate information.
  • Erase your account and associated data.
  • Withdraw consent for specific processing.
  • Nominate a person to act on your behalf (DPDP § 14).

9. Children & minors

For users under 18, we require verifiable parental consent before processing any personal data, evidenced by a ₹1 Razorpay transaction from a verified parent, as per DPDP § 9.

10. Contact

For privacy questions or grievances, contact our Data Protection Officer at founder@nutri-mama.in.