Nutrivo — Privacy Policy
Last updated: 8 June 2026
This Privacy Policy describes how Fivehy Ltd ("we", "us" or "our") collects, uses, shares and protects information when you use the Nutrivo mobile application (the "App"). We are committed to handling your data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller for personal data processed by the App is Fivehy Ltd, with its registered office at A L 182-184 High Street North, Area 1/1, East Ham, London, United Kingdom, E6 2JA. You can reach us at moc.yhevif@olleh .
2. What We Collect
We process the following categories of personal data:
- Account data: email address and an authentication secret (stored as a salted hash by our auth provider).
- Profile data: details you choose to enter such as name, date of birth, sex, height, activity level and goals.
- Diary data: meals you log (food names, portions and nutrition values), water intake and fasting periods.
- Body metrics: weight history and body measurements you choose to record.
- Meal photos: photos you submit for AI scanning. The photo is sent to our AI provider (Google) for analysis and may be retained in our storage so it remains visible in your diary history.
- Subscription data (Premium users only): if you purchase Nutrivo Premium, Apple or Google sends us an opaque purchase token, the status of your subscription (active, lapsed, refunded), and its expiry date. We do not see your card or bank details — payment is handled entirely by Apple or Google. See our Terms of Service for the full subscription terms.
- Technical data: device type, operating system and app version, and standard server logs (including IP address, used for security and abuse prevention).
Health, fitness and body data may constitute special-category data under UK GDPR. We process it only on the basis of your explicit consent (given by signing up and using the relevant features) and only to provide the App's functionality to you.
3. How We Use Your Data
- To create and manage your account.
- To store and display your diary, metrics and history.
- To run AI meal-photo scanning when you submit a photo (the results are returned to your device and saved in your diary).
- To improve reliability, performance and security of the App.
- To respond to your support requests.
- To comply with legal obligations.
We do not sell your personal data, we do not use it to serve advertising, and we do not allow our AI provider to use your submitted photos or data to train their models.
4. Legal Bases (UK GDPR)
- Contract: to provide the App and the features you sign up for.
- Explicit consent: for processing of health and body-related data, and for AI meal-photo scanning.
- Legitimate interests: security, fraud prevention, diagnostics and improving the service.
- Legal obligation: where the law requires us to process data.
5. Sub-processors
To operate the App we rely on the following sub-processors. Each is bound by appropriate data-protection terms.
- Supabase Inc. (USA) — database, authentication, storage and serverless functions hosting. Your account, diary, body metrics and uploaded photos live here.
- Google LLC (USA) — Gemini API, used to analyse meal photos you submit. Per Google's API terms, paid Gemini API requests are not used to train their models.
- Open Food Facts — public food database. We send queries such as food names or barcodes; we do not send personal information.
- Apple Inc. and Google LLC (App Store / Google Play) — distribute the App, process Nutrivo Premium subscription payments on our behalf, and may provide aggregate store analytics and crash data to us.
6. International Transfers
Some of our sub-processors are based outside the United Kingdom and the European Economic Area. Where personal data is transferred outside the UK / EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or equivalent adequacy mechanisms.
7. Retention
We keep your personal data for as long as your account is active or as needed to provide the App. When you request deletion of your account, we begin a 30-day grace period during which your account is frozen and your data is held pending deletion. If you sign back into the App within those 30 days, the deletion is automatically cancelled. After 30 days, your account and all data linked to it are permanently and irreversibly deleted — including from our backups — except where we are required by law to retain certain records (for example, financial records) for a longer period.
8. Your Rights
Subject to UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased ("right to be forgotten").
- Restrict or object to certain processing.
- Request data portability.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, email moc.yhevif@olleh . Account and data deletion are also available directly from inside the App, and step-by-step instructions live on a dedicated Delete your Nutrivo account page.
9. Children
The App is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.
10. Security
We use reasonable technical and organisational measures to protect your data, including HTTPS for all network traffic, row-level security on our database so that you can only access your own data, hashed authentication secrets, and the principle of least privilege for our systems. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at this URL with the updated date at the top. Material changes will be communicated in the App where reasonable.
12. Contact
For privacy-related questions, write to moc.yhevif@olleh .