Vitra
Legal

Privacy Policy

Last updated: January 1, 2026

1. Introduction

Vitra ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and website (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information we collect

Information you provide directly:

  • Account information: name, email address, password (hashed — we never store plaintext passwords)
  • Profile information: height, weight, age, sex, activity level, and health goals
  • Nutrition logs: meals, foods, portions, and associated nutrient data
  • Bloodwork results you choose to enter
  • Meal photos you upload for AI analysis
  • Dietary preferences and habit data

Information collected automatically:

  • Log data: IP address, browser type, pages visited, time spent
  • Device information: device type, operating system
  • Cookies and similar tracking technologies (see Section 7)

3. How we use your information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Generate personalised AI nutrition insights and recommendations
  • Calculate your macro and micronutrient targets
  • Analyse meal photos using AI to estimate nutrient content
  • Send transactional emails (account verification, password reset)
  • Respond to your support requests
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your health data for advertising.

4. Sharing of information

We may share your information with:

  • Service providers: infrastructure and hosting providers (Railway), AI providers (OpenAI — meal photo and insight generation), email providers (Resend). These providers process data solely on our behalf under strict data processing agreements.
  • Legal requirements: if required by law, court order, or governmental authority.
  • Business transfers: in the event of a merger or acquisition, your data may be transferred with appropriate notice.

5. Data retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at [email protected]. We will fulfil deletion requests within 30 days.

6. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, and access controls. No system is perfectly secure; we cannot guarantee absolute security but take commercially reasonable steps to protect your data.

7. Cookies

We use essential session cookies to keep you authenticated. We do not use third-party advertising cookies. You can configure your browser to reject cookies, but some features of the Service may not function correctly.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format (available via CSV export in settings)
  • Object to or restrict certain processing

To exercise these rights, email [email protected].

9. Children

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us data, contact us immediately.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact us

For any questions about this Privacy Policy, contact us at [email protected].

Read our Terms of Service →