Privacy Policy

NutriLogic AI, Inc. ("NutriLogic", "we", "our", or "us") provides software that helps fitness coaches and gym owners deliver personalized nutrition coaching, AI-assisted check-ins, and client management to their clients. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform at nutrilogic.ai and app.nutrilogic.ai (together, the "Service").

By using the Service, you agree to the practices described below. If you do not agree, please do not use the Service.

We collect the following categories of information:

• ◆Account information — name, email, company name, role, and password hash you provide during signup.
• ◆Billing information — payment method details processed by our PCI-compliant payment processor (Stripe). We do not store full card numbers on our servers.
• ◆Client data — client profiles, check-in text, meal logs, macro targets, workout history, progress photos, body measurements, and any coaching notes you enter or sync from connected platforms.
• ◆Integration data — data synced from Trainerize, GoHighLevel (GHL), Shopify, and other platforms you explicitly connect, using credentials you supply.
• ◆Usage data — pages viewed, features used, browser type, IP address, device identifiers, and timestamps, collected via standard logs and privacy-respecting analytics.
• ◆Communications — messages you send our support team, survey responses, and onboarding call notes.

We use information to operate and improve the Service. Specifically:

• ◆To provide the coaching platform features you sign up for — including AI-drafted check-ins, meal analysis, progress dashboards, automations, and integrations.
• ◆To process payments and manage your subscription.
• ◆To send you transactional notices (billing receipts, security alerts, service announcements) and, where you have opted in, product updates.
• ◆To provide customer support and respond to your requests.
• ◆To investigate abuse, enforce our Terms, and comply with legal obligations.
• ◆To analyze aggregate usage trends in order to improve the platform. We do not sell personal data, ever.

If you connect your Google Calendar to NutriLogic, we request OAuth permission to read and write events on the calendar(s) you authorize. We use this access solely to display your coaching schedule inside NutriLogic and to create events for client sessions.

NutriLogic's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google Calendar data to train machine-learning models, do not share it with third parties, and do not use it for advertising.

You can revoke access at any time from your Google Account settings or from NutriLogic Settings → Integrations → Google Calendar.

NutriLogic uses third-party large-language-model providers (such as Anthropic) to generate AI-drafted check-ins, meal analyses, and coaching suggestions. When you use an AI feature, the relevant client context (macros, recent check-ins, goals) is sent to the provider via an encrypted API call.

Our AI providers are contractually prohibited from using your data to train their models. Prompts and responses are retained only as long as needed to provide the feature and troubleshoot issues, in accordance with each provider's data-use agreement.

A coach must review and approve every AI-generated check-in before it is sent to a client. NutriLogic does not autonomously deliver AI-generated coaching content to clients without explicit coach action.

We share personal information only in the limited circumstances described here:

• ◆With sub-processors we rely on to run the Service — including hosting (DigitalOcean), database (Supabase), payments (Stripe), email (Resend), AI (Anthropic), and CRM/messaging (GoHighLevel). Each sub-processor is bound by a data-processing agreement.
• ◆With platforms you explicitly connect (Trainerize, Shopify, GHL) in order to carry out the integration you have configured.
• ◆In response to legally valid requests by public authorities, including to meet national-security or law-enforcement requirements.
• ◆In connection with a merger, acquisition, or asset sale, where the acquiring entity will honor the commitments of this Privacy Policy.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

We implement industry-standard safeguards designed to protect your information, including TLS 1.3 encryption in transit, AES-256 encryption at rest, isolated tenant databases, least-privilege access controls, multi-factor authentication for administrative access, and regular vulnerability scanning.

For the optional CRM add-on that handles Protected Health Information (PHI), we operate under a HIPAA-compliant Business Associate Agreement with GoHighLevel. No coaching security program eliminates all risk; please notify us immediately if you suspect any unauthorized access.

We retain personal information for as long as you maintain an active subscription. Upon cancellation, we retain your data for 90 days to facilitate reactivation, then delete or anonymize it, except where a longer retention period is required by law (for example, financial records kept for seven years for tax compliance).

You may request immediate deletion at any time by emailing info@nutrilogic.ai.

Depending on where you reside, you may have rights under the GDPR, CCPA, or similar laws, including:

• ◆Access — request a copy of the personal data we hold about you.
• ◆Correction — request correction of inaccurate data.
• ◆Deletion — request we erase your personal data, subject to legal retention obligations.
• ◆Portability — request a machine-readable copy of data you have provided.
• ◆Opt-out — unsubscribe from non-transactional email at any time.

To exercise any of these rights, email info@nutrilogic.ai. We will respond within 30 days.

NutriLogic is built for fitness professionals and their adult clients. The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or in-app notice at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our privacy practices, please contact us at info@nutrilogic.ai. You may also write to us at NutriLogic AI, Inc., Attn: Privacy, [mailing address].