Privacy policy
Last updated: June 2026
Data controller
Techbyte OÜ, a company registered in Tallinn (Estonia), is the controller for personal data processed by Nutria (nutriaplans.com). Contact: info@nutriaplans.com.
What we process
Account data: email, name and password (stored hashed with bcrypt, never in plain text).
Profile data you or your nutritionist enter to compute targets: sex, birth date, height, weight and activity level.
Content you create: plans, menus, custom foods, meal photos, guides, notes and preferences.
Minimal technical data: IP addresses in server logs and rate limiting (abuse protection).
Why we process it
To provide the service: composing plans, computing nutrients and energy targets, sharing content between nutritionist and client where an accepted connection exists.
Security: authentication, brute-force and abuse prevention.
We never sell data or use it for advertising. There are no third-party trackers.
Legal basis
Contract performance (art. 6.1.b GDPR) for the service; legitimate interest (art. 6.1.f) for security; and consent (art. 6.1.a) for the health-related data you choose to enter, processed by you or your nutritionist within the service (art. 9.2.a).
Who it is shared with
Infrastructure providers under contract: DigitalOcean (servers and file storage in the EU) and, when you use AI features, the corresponding model provider.
Your nutritionist or clients only see what the accepted connection allows. Recipes and foods you mark as public are visible to other users with your name.
Retention
For as long as the account is active. When you delete your account, access is blocked immediately and data is kept internally only to preserve the integrity of plans other users built with you; you can request full erasure by writing to us.
Your rights
Access, rectification, erasure, objection, restriction and portability: write to info@nutriaplans.com. You can also complain to your supervisory authority (AEPD in Spain, AKI in Estonia).
