NutriLiv is a personalized anticancer nutrition and meal planning app. It generates weekly meal plans, recipes, grocery lists, teas, juice elixirs, and supplement recommendations tailored to your cancer type, treatment, side effects, allergies, and dietary preferences. Every recommendation is grounded in peer-reviewed research.

Who develops NutriLiv?

NutriLiv is developed by Personalized Medicine, an integrative oncology clinic based in Frederick, Maryland. Our team includes licensed medical providers, clinicians certified in functional nutrition, and data scientists who curate the app's research library and personalization logic.

How much does NutriLiv cost?

NutriLiv offers a free 3-day trial. After that, you can choose an annual plan at $79.99/year or a monthly plan at $19.99/month.

How does NutriLiv personalize my meal plan?

You complete a short survey covering your cancer type, sub-type, treatments, medications, side effects, allergies, dietary preferences, and household size. NutriLiv uses all of this information to generate a weekly meal plan that maximizes anticancer ingredients and automatically excludes ingredients known to be problematic for your specific situation.

How long does it take to get my meal plan?

After completing the initial survey, your personalized meal plan generates in under 10 seconds. A new plan generates automatically every week.

Can I swap meals I don't want?

Yes. You can swap any meal from a catalog of over 4,000 recipes. Every replacement recipe follows the same personalization rules, including the same anticancer ingredient prioritization and the same exclusion logic based on your profile.

Does the app generate a grocery list?

Yes. Your grocery list is automatically generated each week and scaled to the number of people in your household.

What if my treatment or side effects change?

You can update your survey responses anytime. NutriLiv will regenerate your entire meal plan, including teas, juice elixirs, and supplement recommendations, to reflect your current situation. Your plan always matches where you are right now in your treatment.

Does NutriLiv include more than just meals?

Yes. Based on your survey responses, NutriLiv also recommends personalized daily teas, anticancer juice elixirs, and nutritional supplements. Every recommendation follows the same rules as your meal plan: anticancer ingredients are maximized and anything problematic for your cancer type, treatment, or side effects is automatically excluded.

How does NutriLiv decide which ingredients to exclude?

During your survey, you provide your cancer type, sub-type, treatments, and medications. NutriLiv cross-references this information against peer-reviewed research to identify ingredients that may interfere with your specific treatment or be contraindicated for your cancer type. These ingredients are automatically removed from every recipe, tea, juice elixir, and supplement recommendation in your plan.

What are NutriLiv Points?

Every recipe in NutriLiv has a NutriLiv Points value calculated from the combined anticancer evidence behind its ingredients. When you log meals, the app tracks your daily and historical NutriLiv Points, plus a breakdown of the specific anticancer capabilities you are consuming, such as immune support, anti-angiogenesis, cancer stem cell targeting, and metabolic pathway disruption. NutriLiv Points help you see how your diet is contributing to your fight over time.

Can I see the research behind each ingredient?

Yes. Every recipe includes an anticancer summary showing which ingredients have documented anticancer capabilities. Tap any ingredient to see its full profile, including anticancer functions, health-optimizing properties, evidence of reducing treatment side effects, evidence of enhancing treatment efficacy, and links to every peer-reviewed study used in the analysis.

Can I use NutriLiv if I follow a specific diet?

Yes. During your survey, you can select your preferred dietary approach, including Mediterranean, pescatarian, balanced keto, vegan, vegetarian, and omnivore. NutriLiv builds your entire meal plan within your chosen dietary framework while still maximizing anticancer ingredients and excluding anything problematic for your situation.

Can someone set up NutriLiv on behalf of a loved one?

Yes. A caregiver or family member can complete the survey with their loved one's cancer type, treatment, side effects, and preferences. The meal plan will be fully personalized to their situation, and you can use it to plan and cook their meals. The grocery list scales to your household size.

Does NutriLiv offer a family plan?

Yes. NutriLiv supports Apple Family Sharing. When one member of your iOS family subscribes, everyone in the family group gets access to NutriLiv at no additional cost. This means a caregiver can subscribe and share access with the loved one they're helping through treatment, and every family member also gets their own personalized plan for prevention and long-term wellness.

Can I use my HSA or FSA to pay for NutriLiv?

NutriLiv may qualify as a reimbursable HSA or FSA expense. Some providers may require a Letter of Medical Necessity signed by your healthcare provider. Reimbursement instructions and a sample letter are available on the website.

Is NutriLiv available on iOS and Android?

Yes. NutriLiv is available worldwide on both Apple and Android devices.

Is NutriLiv a replacement for my oncologist or dietitian?

No. NutriLiv is a nutrition planning tool based on peer-reviewed research. It is designed to complement your medical treatment and any dietary guidance from your care team, not replace it. Always consult your physician or qualified healthcare provider before making changes to your diet, especially during cancer treatment.

NutriLiv and MealGrove Privacy Policy

Last Updated: May 20, 2026 | Effective Date: May 20, 2026

This Privacy Policy describes how Personalized Medicine LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use the NutriLiv mobile application and the MealGrove mobile application (each, an “App” and together, the “Apps”), and all related services (collectively with the Apps, the “Service” or “Services”). “NutriLiv” and “MealGrove” are consumer-facing brands and product names of Personalized Medicine LLC.

Both Apps collect sensitive health information to personalize your experience. We do NOT sell your health data. We do NOT share your health data for advertising purposes.

By using either App or any other part of the Services, you acknowledge that you have read and understood this Privacy Policy. For information about your choices and rights regarding your data, see Sections 8 through 19.

About This Unified Privacy Policy

In plain language: NutriLiv and MealGrove are two companion apps from the same company. They share the same backend infrastructure and the same account system, but each App collects its own survey data and handles its own personalization context. This Privacy Policy covers both Apps together.

The Apps share a common backend. Both NutriLiv and MealGrove run on the same Firebase / Google Cloud project, use the same user authentication and account system, and rely on the same set of third-party processors described in Section 3. A single subscription grants access to both Apps.

Each App keeps its own survey context. Although the underlying backend is shared, the health information you provide through one App’s onboarding survey is used only to personalize your experience in that App. Survey data does not automatically flow from one App to the other. If you want both Apps personalized to your health information, you complete the onboarding survey in each App separately and provide the separate pre-survey consent in each App.

Where rules apply differently to one App, this Policy says so. Where a provision applies to only one App, that App is named explicitly. Otherwise, the provision applies equally to both Apps.

1. Information We Collect

In plain language: We collect the health information you provide in each App’s survey, your account details, and standard technical data about how you use the Apps.

1.1. Health and Survey Data (Sensitive Personal Information)

Both Apps include an onboarding health survey. MealGrove’s survey is more extensive than NutriLiv’s because MealGrove generates a full personalized weekly meal plan. The information we collect through these surveys may include:

• Cancer information: cancer type

• Treatment information: treatment type (e.g., chemotherapy, radiation, immunotherapy, surgery, hormone therapy)

• Side effects: active treatment side effects you are experiencing

• Dietary information: dietary restrictions and food allergies

• Household information: household size (used by MealGrove for meal plan portioning)

This data is classified as sensitive personal information / special category data under applicable privacy laws worldwide. We collect this data only with your separate, voluntary consent provided before you begin each App’s onboarding survey. This consent is separate from your acceptance of our Terms and Conditions and is collected independently in each App.

Information you provide through NutriLiv’s onboarding survey is used to personalize your experience in NutriLiv. Information you provide through MealGrove’s onboarding survey is used to personalize your experience in MealGrove. Survey data is not automatically copied between the two Apps.

1.2. Account Data

• Email address

• Name (if provided)

• Account credentials (managed by Firebase Authentication)

A single account governs access to both Apps. Account data is shared across the Apps so that signing in to either App grants you the access associated with your account.

1.3. Usage Data

• App interaction data (screens viewed, features used, meal plan actions, atlas search activity)

• Meal plan generation and swap history (MealGrove)

• Search queries within each App

1.4. Device and Technical Data

• Device type and operating system

• App version

• IP address

• Device identifiers

• Crash reports and performance data

1.5. Payment Data

Subscription payments are processed entirely by the Apple App Store or Google Play Store. Personalized Medicine LLC does not collect, process, or store your payment card information. We receive only a confirmation of your subscription status (active, expired, trial) from our subscription management provider (RevenueCat). One subscription entitlement is associated with your account and recognized across both Apps.

2. How We Use Your Information

In plain language: We use the health data you provide in each App to personalize your experience in that App. We use other data to run and improve the Apps, provide support, and (with your consent) send you emails.

Health & survey data (NutriLiv): Personalize your experience in NutriLiv (e.g., the items surfaced in the searchable atlas) — Legal basis: Explicit consent

Health & survey data (MealGrove): Generate your personalized weekly meal plans in MealGrove — Legal basis: Explicit consent

Health & survey data (both Apps): Improve our personalization algorithms using aggregated, anonymized data only — Legal basis: Legitimate interest

Account data: Authenticate your account and provide access to the Services — Legal basis: Contract performance

Account data: Customer support — Legal basis: Contract performance

Account data: Email marketing communications — Legal basis: Consent (you may opt out at any time)

Usage data: App improvement and analytics — Legal basis: Legitimate interest

Device / technical data: Security, fraud prevention, and troubleshooting — Legal basis: Legitimate interest

Subscription status: Manage your access to the Services across both Apps — Legal basis: Contract performance

We do not use your health data for advertising, profiling for third parties, or any purpose other than providing and improving the Services.

3. Who We Share Your Data With

In plain language: We share data only with the service providers we need to run NutriLiv and MealGrove. We do NOT sell your data to anyone. The same set of processors supports both Apps.

We share personal information only with the following categories of service providers (“processors”), and only to the extent necessary for them to perform services on our behalf. The same processor stack supports both Apps:

Firebase / Google Cloud: Account data, health survey data, and usage data from both Apps — Purpose: Authentication, database (Firestore), cloud functions, and storage

RevenueCat: Account identifiers and subscription status — Purpose: Subscription management across both Apps

Typesense: Recipe and food data (no personal health data) — Purpose: Search indexing for food and recipe search

Google Analytics / Firebase Analytics: Usage data and device data (anonymized / pseudonymized) — Purpose: App analytics and performance monitoring

Brevo: Email address and name (with your consent) — Purpose: Email marketing communications

Apple App Store / Google Play: As required by their platforms — Purpose: App distribution and in-app purchases

We may also disclose your information: (a) to comply with applicable law, regulation, or legal process; (b) to enforce our Terms and Conditions; (c) to protect the rights, property, or safety of Personalized Medicine LLC, our users, or the public; or (d) in connection with a merger, acquisition, or sale of assets affecting either or both Apps (in which case we will notify you).

We do NOT sell or share your personal information for cross-context behavioral advertising.

4. Data Retention

In plain language: We keep your data while your account is active and delete it within 30 days after you delete your account. Because one account governs both Apps, deleting your account removes data associated with both.

Health and survey data (each App): Retained while your account is active, plus up to 30 days after account deletion

Account data: Retained while your account is active, plus up to 30 days after account deletion

Meal plan history (MealGrove): Retained while your account is active, plus up to 30 days after account deletion

Usage and analytics data: Anonymized after 26 months

Payment / subscription records: Per Apple, Google, and RevenueCat retention policies

Customer support records: Up to 24 months after resolution, or as required by law

Upon account deletion, we initiate deletion of your personal data from our active systems within 30 days. Deletion applies to data associated with your account across both Apps. Some data may persist in encrypted backups for a limited period but will not be actively processed.

5. Data Security

In plain language: We use industry-standard security measures to protect your data, including encryption at rest and in transit. The same protections apply across both Apps.

We implement appropriate technical and organizational measures to protect your personal information across both Apps, including:

Encryption at rest: All data stored in Firestore is encrypted using AES-256 encryption.

Encryption in transit: All data transmitted between either App and our servers is encrypted using TLS (Transport Layer Security).

Authentication: User accounts are secured through Firebase Authentication.

Access controls: Access to personal data is restricted to authorized personnel and systems on a need-to-know basis.

Infrastructure security: Our infrastructure provider (Google Cloud) maintains SOC 1/2/3, ISO 27001, and other industry certifications.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Cookies and Tracking Technologies

In plain language: We use only essential cookies for authentication and analytics cookies for app improvement. We do not use advertising cookies.

6.1. In the Apps

Both Apps use Firebase Analytics (GA4) for usage analytics. This collects pseudonymized usage data and device identifiers to help us understand how each App is used and to improve them. On iOS, your tracking preference is governed by Apple’s App Tracking Transparency (ATT) prompt presented in-App; you may also opt out through your device settings. On Android, you may opt out through your device’s ad and analytics settings.

6.2. On Our Websites

Our websites (including www.nutriliv.app and any future MealGrove-branded website) use:

Essential cookies: Required for basic website functionality (e.g., authentication).

Analytics cookies: Google Analytics (GA4) to understand website traffic and usage.

We do not use advertising, retargeting, or third-party tracking cookies.

7. Children’s Privacy

In plain language: Both Apps are for adults only. We do not knowingly collect data from anyone under 18.

The Services are intended for users who are at least eighteen (18) years old. We do not knowingly collect personal information from children under 18 (or a higher minimum age where required by local law). If we become aware that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at privacy@nutriliv.app.

8. Your Rights — All Users

In plain language: Regardless of where you live, you can access, correct, or delete your data by contacting us. Requests apply to your data across both Apps.

All users of the Services have the following rights:

Access: Request a copy of the personal information we hold about you across both Apps.

Correction: Request that we correct inaccurate personal information.

Deletion: Request that we delete your personal information. You may also delete your account directly through either App; account deletion applies across both Apps.

Data portability: Request your data in a structured, commonly used format.

Withdraw consent: Withdraw your consent for health data processing at any time. You may withdraw consent independently in each App. Note that withdrawing consent in an App will limit your ability to use that App’s personalized features.

To exercise any of these rights, contact us at privacy@nutriliv.app. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

9. California Residents — CCPA/CPRA

In plain language: If you live in California, you have additional privacy rights, including the right to know what data we collect across both Apps, to delete it, and to limit how we use sensitive personal information.

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with the following rights, which apply to data we hold about you in connection with either or both Apps:

9.1. Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the purposes for which it was collected, and the categories of third parties with whom we share it.

9.2. Right to Delete. You have the right to request that we delete your personal information, subject to certain legal exceptions.

9.3. Right to Correct. You have the right to request that we correct inaccurate personal information.

9.4. Right to Opt Out of Sale or Sharing. Personalized Medicine LLC does not sell your personal information and does not share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out. If our practices change, we will update this policy and provide an opt-out mechanism.

9.5. Right to Limit Use of Sensitive Personal Information. Your health data (cancer type, treatment, side effects, dietary restrictions) constitutes sensitive personal information under the CCPA/CPRA. We use this data only for the purpose of providing the Services (personalization within each App), which is a permissible use under CCPA/CPRA. You may request that we limit our use of your sensitive personal information by contacting us at privacy@nutriliv.app.

9.6. Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

9.7. Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information in connection with the Apps:

Identifiers: Email address, name, device IDs — Sold: No | Shared for advertising: No

Health information (Sensitive Personal Information): Cancer type, treatment type, side effects, dietary restrictions — Sold: No | Shared for advertising: No

Internet / electronic activity: App usage data, in-app search queries — Sold: No | Shared for advertising: No

Inferences: Personalization derived from your survey responses; NutriLiv Points displayed per ingredient and recipe — Sold: No | Shared for advertising: No

To submit a CCPA/CPRA request, contact us at privacy@nutriliv.app. We will verify your identity using the email address associated with your account and respond within 45 days.

10. Washington State Residents — My Health My Data Act

In plain language: If you live in Washington state, you have specific rights over your health data, including the right to separate consent and deletion within 30 days. These rights apply to health data collected through either App.

If you are a Washington state resident, the Washington My Health My Data Act provides you with the following additional protections:

10.1. Consumer Health Data. The health information you provide through either App’s onboarding survey — including cancer type, treatment type, side effects, and dietary restrictions — constitutes “consumer health data” under the Act.

10.2. Separate Consent. We obtain your separate, affirmative consent before collecting your consumer health data through the pre-survey consent flow in each App. This consent is distinct from your acceptance of our Terms and Conditions and is obtained independently in each App.

10.3. Right to Delete. You have the right to request deletion of your consumer health data. We will complete deletion within thirty (30) days of your request.

10.4. Right to Know. You have the right to confirm whether we are collecting or sharing your consumer health data and to request a list of all third parties and affiliates with whom we have shared your consumer health data during the prior 12 months.

10.5. Third-Party Sharing. We share consumer health data with Firebase/Google Cloud solely for the purpose of storing and processing your data to provide the Services. We do not sell consumer health data.

10.6. How to Exercise Your Rights. Contact us at privacy@nutriliv.app.

11. European Economic Area and United Kingdom — GDPR

In plain language: If you are in the EU or UK, you have robust rights under the GDPR, including the right to access, delete, port, and restrict processing of your data. Your health data is processed based on your explicit consent, given independently in each App.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the following provisions apply:

11.1. Legal Bases for Processing. We process your personal data on the following legal bases:

Explicit consent (Art. 9(2)(a)): For processing your health data (cancer type, treatment, side effects, dietary restrictions). You provide this consent through the pre-survey consent flow in each App in which you complete a survey.

Contract performance (Art. 6(1)(b)): For processing account data and providing the personalized features of each App as part of the Services you subscribed to.

Legitimate interest (Art. 6(1)(f)): For analytics, security, and Service improvement. Our legitimate interests do not override your rights and freedoms.

Consent (Art. 6(1)(a)): For email marketing communications. You may withdraw consent at any time.

11.2. Your Rights. Under the GDPR, you have the right to:

• Access your personal data (Art. 15)

• Rectify inaccurate data (Art. 16)

• Erase your data (“right to be forgotten”) (Art. 17)

• Restrict processing (Art. 18)

• Data portability — receive your data in a structured, machine-readable format (Art. 20)

• Object to processing based on legitimate interest (Art. 21)

• Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal (Art. 7(3))

11.3. Automated Decision-Making (Art. 22). Both Apps use automated algorithms to personalize what you see, based on the health survey data you provide in that App. In MealGrove, the algorithm generates personalized weekly meal plans. In NutriLiv, the algorithm personalizes the items surfaced from the searchable atlas. No individual human review occurs before these outputs are presented to you. You have the right to:

• Request human review of an algorithmically generated meal plan (MealGrove) or personalized item list (NutriLiv)

• Express your point of view regarding the output

• Contest a recommendation

• Regenerate or swap meal plans at any time through MealGrove

11.4. International Data Transfers. Your data is stored on Firebase/Google Cloud servers located in the United States. These transfers are protected by the Standard Contractual Clauses adopted by the European Commission, as implemented by Google Cloud. You may request a copy of the applicable transfer safeguards by contacting us.

11.5. UK-Specific Notes. For UK residents, references to the GDPR in this section include the UK GDPR as supplemented by the Data Protection Act 2018. International data transfers from the UK are protected by the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

11.6. Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence or place of work. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO) at ico.org.uk.

11.7. Contact for EU/UK Data Matters. For questions or requests related to your GDPR rights, contact us at privacy@nutriliv.app.

12. Canada — PIPEDA

In plain language: If you are in Canada, you have rights under PIPEDA, including the right to access and correct your personal information and to withdraw consent. These rights apply across both Apps.

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to our collection, use, and disclosure of your personal information:

12.1. Consent. We obtain your meaningful consent before collecting, using, or disclosing your personal information. For health data, we obtain your express consent through the pre-survey consent flow in each App. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at privacy@nutriliv.app. Withdrawing consent may affect your ability to use the personalized features of either or both Apps.

12.2. Access and Correction. You have the right to access the personal information we hold about you and to request correction of any inaccurate information.

12.3. Accountability. Personalized Medicine LLC is responsible for personal information in our possession or custody, including information transferred to third-party service providers for processing, across both Apps.

12.4. Complaints. If you have a complaint about our privacy practices, contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

13. Australia — Privacy Act 1988

In plain language: If you are in Australia, we comply with the Australian Privacy Principles across both Apps. You can access your data, request corrections, and file complaints with the OAIC.

If you are an Australian resident, we comply with the Australian Privacy Principles (“APPs”) under the Privacy Act 1988 (Cth):

13.1. Collection. We collect personal information (including health information) only when it is reasonably necessary for providing the Services and with your consent.

13.2. Use and Disclosure. We use and disclose your personal information only for the purposes described in this Privacy Policy, or as otherwise permitted under the APPs.

13.3. Access and Correction. You have the right to access and request correction of the personal information we hold about you. Contact us at privacy@nutriliv.app.

13.4. Cross-Border Disclosure. Your personal information is transferred to and stored in the United States (via Firebase/Google Cloud). By using the Services, you consent to this transfer. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the APPs.

13.5. Complaints. If you believe we have breached the APPs, contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14. Brazil — LGPD

In plain language: If you are in Brazil, you have comprehensive data protection rights under the LGPD, including the right to access, correct, and delete your data, and to receive clear information about how your data is used across both Apps.

If you are a resident of Brazil, the Lei Geral de Proteção de Dados Pessoais (“LGPD,” Law No. 13,709/2018) applies:

14.1. Legal Basis for Processing. We process your personal data based on:

Explicit consent: For processing your sensitive health data (cancer type, treatment, side effects, dietary restrictions). You provide this consent through the pre-survey consent flow in each App. Health data is classified as “sensitive personal data” under the LGPD and requires separate, specific, and informed consent.

Contract performance: For processing account data necessary to provide the Services.

Legitimate interest: For analytics and Service improvement, using anonymized or aggregated data.

14.2. Your Rights Under the LGPD. You have the right to:

• Confirmation of the existence of processing of your data

• Access to your personal data

• Correction of incomplete, inaccurate, or outdated data

• Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data

• Data portability to another service provider

• Deletion of personal data processed with your consent

• Information about public and private entities with which your data has been shared

• Information about the possibility and consequences of not providing consent

• Revocation of consent at any time

14.3. International Data Transfer. Your data is transferred to and stored in the United States. This transfer is carried out with your consent and is protected by Google Cloud’s contractual safeguards, which provide a level of protection consistent with the LGPD.

14.4. Supervisory Authority. You have the right to file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.

14.5. Contact. For questions or requests related to your LGPD rights, contact us at privacy@nutriliv.app.

15. Asia-Pacific — Japan, South Korea, India, Singapore, and Thailand

In plain language: If you are in Japan, South Korea, India, Singapore, or Thailand, your country has specific data protection laws that give you rights over your personal data. These rights apply across both Apps.

15.1. Japan — Act on the Protection of Personal Information (APPI)

If you are a resident of Japan:

Sensitive personal information. Your health data (cancer type, treatment, side effects) is classified as “special care-required personal information” under the APPI. We obtain your explicit consent before collecting this data in each App.

Purpose of use. We use your personal information only within the scope described in Section 2 of this Privacy Policy and will notify you of any changes to the purpose of use.

Your rights. You have the right to request disclosure, correction, cessation of use, and deletion of your personal data, as well as the right to request that we cease providing your data to third parties.

Cross-border transfer. Your data is transferred to the United States. Google Cloud maintains contractual safeguards consistent with APPI requirements.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Personal Information Protection Commission (PPC) at ppc.go.jp.

15.2. South Korea — Personal Information Protection Act (PIPA)

If you are a resident of South Korea:

Sensitive information. Your health data is classified as “sensitive information” under PIPA. We obtain your separate, explicit consent for the collection and processing of this data in each App, distinct from consent for other personal information.

Your rights. You have the right to access, correct, delete, and suspend processing of your personal information. You also have the right to data portability.

Third-party disclosure. We disclose the identities of all third-party recipients of your data in this Privacy Policy (see Section 3). We will obtain your consent before sharing your data with any new third party.

Cross-border transfer. Your data is transferred to and stored in the United States via Firebase/Google Cloud. We notify you of the recipient (Google LLC, United States), the items of data transferred, and the purpose of transfer. You may withdraw consent for cross-border transfer at any time.

Destruction of data. Upon account deletion, we will destroy your personal information within the retention periods specified in Section 4, in accordance with PIPA requirements.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Personal Information Protection Commission (PIPC) at pipc.go.kr.

15.3. India — Digital Personal Data Protection Act (DPDP Act, 2023)

If you are a resident of India:

Consent. We process your personal data based on your informed, specific, and unambiguous consent. For health data, we obtain your consent through the pre-survey consent flow in each App. You have the right to withdraw consent at any time through the App or by contacting us.

Data Fiduciary obligations. As a Data Fiduciary under the DPDP Act, Personalized Medicine LLC is responsible for ensuring the accuracy, completeness, and protection of your personal data and for processing it only for lawful purposes.

Your rights. You have the right to: (a) access a summary of your personal data being processed; (b) correction and erasure of your personal data; (c) nominate another individual to exercise your rights in the event of your death or incapacity; and (d) grievance redressal.

Data processing of children. The Services are restricted to users aged 18 and above. We do not knowingly process data of children under 18.

Cross-border transfer. Your data is transferred to the United States. We comply with cross-border transfer provisions under the DPDP Act and any restrictions notified by the Government of India.

Grievance redressal. Contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once it is constituted.

15.4. Singapore — Personal Data Protection Act (PDPA)

If you are a resident of Singapore:

Consent. We obtain your consent before collecting, using, or disclosing your personal data. You may withdraw consent at any time by contacting us at privacy@nutriliv.app, subject to legal or contractual restrictions. We will inform you of the consequences of withdrawal.

Purpose limitation. We collect, use, and disclose your personal data only for the purposes stated in this Privacy Policy.

Your rights. You have the right to access your personal data held by us and to request correction of any inaccurate data. You also have the right to request information about how your data has been used or disclosed in the past year.

Data portability. You have the right to request your data in a machine-readable format for transfer to another organization, where applicable.

Cross-border transfer. Your data is transferred to the United States. We ensure that recipients provide a comparable level of protection as under the PDPA.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

15.5. Thailand — Personal Data Protection Act (PDPA)

If you are a resident of Thailand:

Sensitive data. Your health data is classified as “sensitive data” under the Thailand PDPA. We obtain your explicit consent before collecting this data in each App.

Your rights. You have the right to: access your data; request correction; request deletion or destruction; restrict processing; data portability; object to processing; and withdraw consent at any time.

Cross-border transfer. Your data is transferred to the United States. We ensure that the destination country has adequate data protection standards or that appropriate safeguards are in place.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Personal Data Protection Committee (PDPC) at pdpc.or.th.

16. Latin America and the Caribbean — Mexico, Colombia, and Argentina

In plain language: If you are in Mexico, Colombia, or Argentina, you have specific data protection rights under your country’s laws. These rights apply across both Apps.

16.1. Mexico — Federal Law on Protection of Personal Data (LFPDPPP)

If you are a resident of Mexico:

Sensitive personal data. Your health data is classified as “sensitive personal data” under the LFPDPPP. We obtain your express, written consent (through the pre-survey consent flow in each App) before collecting this data.

Privacy Notice (Aviso de Privacidad). This Privacy Policy serves as our Privacy Notice. It describes who we are, the personal data we collect, the purposes of processing, how to exercise your rights, and how we protect your data.

ARCO Rights. You have the right to: (A) Access your personal data; (R) Rectify inaccurate data; (C) Cancel (delete) your data; and (O) Oppose the processing of your data. You may exercise these rights by contacting us at privacy@nutriliv.app. We will respond within 20 business days.

Cross-border transfer. Your data is transferred to the United States. By providing your consent to this Privacy Policy, you consent to this international transfer.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) at home.inai.org.mx.

16.2. Colombia — Law 1581 of 2012

If you are a resident of Colombia:

Sensitive data. Your health data is classified as “sensitive data” under Law 1581. We collect it only with your informed, explicit, and prior consent. You are not obligated to provide sensitive data, and providing it is entirely voluntary.

Your rights (Habeas Data). You have the right to: access your personal data; update and correct your data; request deletion when processing lacks legal basis; request proof of consent; file complaints with the Superintendencia de Industria y Comercio (SIC); and revoke consent.

Authorization. Your pre-survey consent in each App constitutes your authorization for the processing of sensitive data as required under Colombian law.

Complaints. Contact us at privacy@nutriliv.app or file a complaint with the Superintendencia de Industria y Comercio (SIC) at sic.gov.co.

16.3. Argentina — Personal Data Protection Law (Law 25,326)

If you are a resident of Argentina:

Sensitive data. Your health data is classified as “sensitive data” under Law 25,326. We collect it only with your express consent in each App.

Your rights. You have the right to access, correct, update, and delete your personal data. You may exercise these rights free of charge at intervals of no less than six months.

Cross-border transfer. Argentina has been recognized by the European Commission as providing an adequate level of data protection. Your data is transferred to the United States with your consent and under contractual safeguards.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Agencia de Acceso a la Información Pública (AAIP) at argentina.gob.ar/aaip.

17. Africa — South Africa, Nigeria, and Kenya

In plain language: If you are in South Africa, Nigeria, or Kenya, you have data protection rights under your country’s laws. These rights apply across both Apps.

17.1. South Africa — Protection of Personal Information Act (POPIA)

If you are a resident of South Africa:

Special personal information. Your health data is classified as “special personal information” under POPIA. We process it only with your explicit consent, which you provide through the pre-survey consent flow in each App.

Your rights. You have the right to: be notified of the collection of your data; access your personal information; request correction or deletion; object to the processing of your data; and not be subject to automated decision-making (you may request human review of meal plans or personalized item lists).

Cross-border transfer. Your data is transferred to the United States. We ensure that the recipient (Google Cloud) is subject to binding rules or agreements that provide an adequate level of protection.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Information Regulator at inforegulator.org.za.

17.2. Nigeria — Nigeria Data Protection Act (NDPA, 2023)

If you are a resident of Nigeria:

Sensitive personal data. Your health data is classified as “sensitive personal data” under the NDPA. We process it only with your explicit consent in each App.

Your rights. You have the right to: be informed about the processing of your data; access your data; rectify inaccurate data; erasure of your data; restrict processing; data portability; object to processing; and not be subject to solely automated decisions.

Cross-border transfer. Your data is transferred to the United States. We ensure that adequate safeguards are in place as required by the Nigeria Data Protection Commission (NDPC).

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

17.3. Kenya — Data Protection Act, 2019

If you are a resident of Kenya:

Sensitive personal data. Your health data is classified as “sensitive personal data” under the Kenya Data Protection Act. We process it only with your explicit consent in each App.

Your rights. You have the right to: be informed of the use of your data; access your data; object to processing; correction of inaccurate data; and deletion of false or misleading data.

Cross-border transfer. Your data is transferred to the United States. We ensure that adequate data protection safeguards are in place as required by the Office of the Data Protection Commissioner.

Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

18. Other International Jurisdictions

In plain language: Both Apps are available in most countries worldwide. If your country is not specifically listed above, this section describes how we protect your data.

The Services are available in most countries and territories worldwide (excluding jurisdictions where access is restricted). If you reside in a country not specifically addressed in Sections 9 through 17, the following applies:

18.1. Your Core Rights. Regardless of your location, you have the rights described in Section 8 (access, correction, deletion, data portability, and withdrawal of consent). We will honor these rights for all users of either App.

18.2. Consent for Health Data. Health data is treated as sensitive personal information in virtually all data protection frameworks worldwide. We obtain your explicit, informed, and voluntary consent before collecting any health data, through the separate pre-survey consent flow in each App. This consent standard meets or exceeds the requirements of all major data protection laws.

18.3. Cross-Border Transfer. Your data is stored in the United States on Google Cloud infrastructure. Where your local law requires specific safeguards for international data transfers, we rely on: (a) your explicit consent to the transfer; (b) Google Cloud’s contractual commitments and certifications (including SOC 2, ISO 27001); and (c) the data protection measures described in Section 5 of this Privacy Policy.

18.4. Local Law Compliance. Where the data protection laws of your jurisdiction provide greater protection than what is described in this Privacy Policy, those local laws shall apply. We are committed to complying with the applicable data protection requirements of each jurisdiction in which the Services are available.

18.5. Regional Frameworks. We also recognize and comply with regional data protection frameworks where applicable, including but not limited to:

• ASEAN Framework on Personal Data Protection (for Southeast Asian jurisdictions including Indonesia, the Philippines, Malaysia, Vietnam, and Myanmar)

• African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) (for participating African Union member states)

• Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules System (for participating APEC economies)

18.6. Regulatory Contact. If your local data protection authority is not listed elsewhere in this Privacy Policy and you wish to file a complaint, please contact us at privacy@nutriliv.app and we will provide you with the relevant contact information for your jurisdiction’s data protection authority.

19. International Data Transfers

In plain language: Your data is stored in the United States on Google Cloud servers. We use appropriate legal mechanisms to protect data transferred from other countries. The same transfer safeguards apply to data collected through either App.

Your personal information is stored and processed in the United States on Firebase/Google Cloud infrastructure. If you are located outside the United States, your data will be transferred to the US for processing.

We rely on the following mechanisms for lawful international data transfers:

EU/EEA: Standard Contractual Clauses adopted by the European Commission (as implemented by Google Cloud)

UK: UK International Data Transfer Agreement or UK Addendum to EU SCCs

Brazil: Consent and contractual safeguards consistent with LGPD requirements

Japan: Contractual safeguards consistent with APPI; Japan-EU mutual adequacy recognition

South Korea: Consent and notification of transfer details as required by PIPA

India: Consent and compliance with cross-border provisions under the DPDP Act

Canada: Consent and contractual protections under PIPEDA

Australia: Consent and reasonable steps to ensure APP compliance by recipients

Singapore: Contractual safeguards ensuring comparable protection under the PDPA

Thailand: Consent and adequate safeguards as required by the Thailand PDPA

Mexico: Consent as part of the Privacy Notice (Aviso de Privacidad)

Colombia: Consent and authorization for international transfer of sensitive data

Argentina: Consent and EU adequacy recognition

South Africa: Binding agreements providing adequate protection as required by POPIA

Nigeria: Adequate safeguards as required by the NDPC

Kenya: Safeguards as required by the ODPC

All other jurisdictions: Explicit user consent and contractual protections with our infrastructure providers

20. Data Breach Notification

In plain language: If a data breach occurs that affects your personal information, we will notify the relevant authorities and affected users as required by law. This applies regardless of which App the affected data was collected through.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

EU/UK (GDPR): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

United States: We will comply with all applicable state breach notification laws (including the FTC Health Breach Notification Rule) and notify affected individuals within the timeframes required by applicable law.

Brazil (LGPD): We will notify the ANPD and affected data subjects within a reasonable timeframe as determined by the ANPD.

India (DPDP Act): We will notify the Data Protection Board of India and affected individuals as required.

South Korea (PIPA): We will notify the PIPC and affected individuals without delay.

South Africa (POPIA): We will notify the Information Regulator and affected data subjects as soon as reasonably possible.

Australia: We will notify the OAIC and affected individuals as required under the Notifiable Data Breaches scheme.

All other jurisdictions: We will comply with local breach notification requirements and notify affected users within a reasonable timeframe, describing the nature of the breach, the data affected, and the steps we are taking in response.

21. Changes to This Privacy Policy

In plain language: If we make material changes to this policy, we will notify you in advance through one or both Apps or by email.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by: (a) posting the updated policy in the Apps; (b) updating the “Last Updated” date at the top; and (c) where practicable, sending you a notification via either App or by email at least 30 days before the changes take effect.

This version of the Privacy Policy, effective May 20, 2026, supersedes the prior NutriLiv-only Privacy Policy dated April 9, 2026, and expands coverage to include MealGrove.

Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you should stop using the Services and delete your account.

22. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at:

Personalized Medicine LLC, d/b/a NutriLiv and MealGrove

Privacy inquiries: privacy@nutriliv.app

General support: support@nutriliv.app

Legal inquiries: legal@nutriliv.app

Website: www.nutriliv.app