NutriLiv is a personalized anticancer nutrition and meal planning app. It generates weekly meal plans, recipes, grocery lists, teas, juice elixirs, and supplement recommendations tailored to your cancer type, treatment, side effects, allergies, and dietary preferences. Every recommendation is grounded in peer-reviewed research.

Who develops NutriLiv?

NutriLiv is developed by Personalized Medicine, an integrative oncology clinic based in Frederick, Maryland. Our team includes licensed medical providers, clinicians certified in functional nutrition, and data scientists who curate the app's research library and personalization logic.

How much does NutriLiv cost?

NutriLiv offers a free 3-day trial. After that, you can choose an annual plan at $79.99/year or a monthly plan at $19.99/month.

How does NutriLiv personalize my meal plan?

You complete a short survey covering your cancer type, sub-type, treatments, medications, side effects, allergies, dietary preferences, and household size. NutriLiv uses all of this information to generate a weekly meal plan that maximizes anticancer ingredients and automatically excludes ingredients known to be problematic for your specific situation.

How long does it take to get my meal plan?

After completing the initial survey, your personalized meal plan generates in under 10 seconds. A new plan generates automatically every week.

Can I swap meals I don't want?

Yes. You can swap any meal from a catalog of over 4,000 recipes. Every replacement recipe follows the same personalization rules, including the same anticancer ingredient prioritization and the same exclusion logic based on your profile.

Does the app generate a grocery list?

Yes. Your grocery list is automatically generated each week and scaled to the number of people in your household.

What if my treatment or side effects change?

You can update your survey responses anytime. NutriLiv will regenerate your entire meal plan, including teas, juice elixirs, and supplement recommendations, to reflect your current situation. Your plan always matches where you are right now in your treatment.

Does NutriLiv include more than just meals?

Yes. Based on your survey responses, NutriLiv also recommends personalized daily teas, anticancer juice elixirs, and nutritional supplements. Every recommendation follows the same rules as your meal plan: anticancer ingredients are maximized and anything problematic for your cancer type, treatment, or side effects is automatically excluded.

How does NutriLiv decide which ingredients to exclude?

During your survey, you provide your cancer type, sub-type, treatments, and medications. NutriLiv cross-references this information against peer-reviewed research to identify ingredients that may interfere with your specific treatment or be contraindicated for your cancer type. These ingredients are automatically removed from every recipe, tea, juice elixir, and supplement recommendation in your plan.

What are NutriLiv Points?

Every recipe in NutriLiv has a NutriLiv Points value calculated from the combined anticancer evidence behind its ingredients. When you log meals, the app tracks your daily and historical NutriLiv Points, plus a breakdown of the specific anticancer capabilities you are consuming, such as immune support, anti-angiogenesis, cancer stem cell targeting, and metabolic pathway disruption. NutriLiv Points help you see how your diet is contributing to your fight over time.

Can I see the research behind each ingredient?

Yes. Every recipe includes an anticancer summary showing which ingredients have documented anticancer capabilities. Tap any ingredient to see its full profile, including anticancer functions, health-optimizing properties, evidence of reducing treatment side effects, evidence of enhancing treatment efficacy, and links to every peer-reviewed study used in the analysis.

Can I use NutriLiv if I follow a specific diet?

Yes. During your survey, you can select your preferred dietary approach, including Mediterranean, pescatarian, balanced keto, vegan, vegetarian, and omnivore. NutriLiv builds your entire meal plan within your chosen dietary framework while still maximizing anticancer ingredients and excluding anything problematic for your situation.

Can someone set up NutriLiv on behalf of a loved one?

Yes. A caregiver or family member can complete the survey with their loved one's cancer type, treatment, side effects, and preferences. The meal plan will be fully personalized to their situation, and you can use it to plan and cook their meals. The grocery list scales to your household size.

Does NutriLiv offer a family plan?

Yes. NutriLiv supports Apple Family Sharing. When one member of your iOS family subscribes, everyone in the family group gets access to NutriLiv at no additional cost. This means a caregiver can subscribe and share access with the loved one they're helping through treatment, and every family member also gets their own personalized plan for prevention and long-term wellness.

Can I use my HSA or FSA to pay for NutriLiv?

NutriLiv may qualify as a reimbursable HSA or FSA expense. Some providers may require a Letter of Medical Necessity signed by your healthcare provider. Reimbursement instructions and a sample letter are available on the website.

Is NutriLiv available on iOS and Android?

Yes. NutriLiv is available worldwide on both Apple and Android devices.

Is NutriLiv a replacement for my oncologist or dietitian?

No. NutriLiv is a nutrition planning tool based on peer-reviewed research. It is designed to complement your medical treatment and any dietary guidance from your care team, not replace it. Always consult your physician or qualified healthcare provider before making changes to your diet, especially during cancer treatment.

NutriLiv Privacy Policy

Last Updated: April 9th, 2026 Effective Date: April 9th, 2026
This Privacy Policy describes how Personalized Medicine LLC ("Company," "we," "us," or "our"), doing business as NutriLiv, collects, uses, discloses, and protects your personal information when you use the NutriLiv mobile application ("App") and related services (collectively, the "Service"). NutriLiv is the consumer-facing brand and product of Personalized Medicine LLC.
NutriLiv collects sensitive health information to generate personalized meal plans. We do NOT sell your health data. We do NOT share your health data for advertising purposes.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. For information about your choices and rights regarding your data, see Sections 8 through 19.

1. Information We Collect

In plain language: We collect the health information you provide in our survey, your account details, and standard technical data about how you use the App.

1.1. Health and Survey Data (Sensitive Personal Information)

When you complete our onboarding health survey, we collect:
Cancer information: cancer typeTreatment information: treatment type (e.g., chemotherapy, radiation, immunotherapy, surgery, hormone therapy)Side effects: active treatment side effects you are experiencingDietary information: dietary restrictions and food allergiesHousehold information: household size (for meal plan portioning)
This data is classified as sensitive personal information / special category data under applicable privacy laws worldwide. We collect this data only with your separate, voluntary consent provided before you begin the health survey. This consent is separate from your acceptance of our Terms and Conditions.

1.2. Account Data

-Email address

-Name (if provided)

-Account credentials (managed by Firebase Authentication)

1.3. Usage Data

-App interaction data (screens viewed, features used, meal plan actions)

-Meal plan generation and swap history

-Search queries within the App

1.4. Device and Technical Data

-Device type and operating system

-App version

-IP address

-Device identifiers

-Crash reports and performance data

1.5. Payment Data

Subscription payments are processed entirely by the Apple App Store or Google Play Store. Personalized Medicine LLC does not collect, process, or store your payment card information. We receive only a confirmation of your subscription status (active, expired, trial) from our subscription management provider (RevenueCat).

2. How We Use Your Information

In plain language: We use your health data to generate your personalized meal plans. We use other data to run and improve the App, provide support, and (with your consent) send you emails.

Health & survey data

Purpose: Generate personalized weekly meal plans

Legal basis: Explicit consent

Health & survey data

Purpose: Improve meal plan algorithm (using aggregated, anonymized data only)

Legal basis: Legitimate interest

Account data

Purpose: Authenticate your account and provide the Service

Legal basis: Contract performance

Account data

Purpose: Customer support

Legal basis: Contract performance

Account data

Purpose: Email marketing communications

Legal basis: Consent — you may opt out at any time

Usage data

Purpose: App improvement and analytics

Legal basis: Legitimate interest

Device / technical data

Purpose: Security, fraud prevention, and troubleshooting

Legal basis: Legitimate interest

Subscription status

Purpose: Manage your access to the Service

Legal basis: Contract performance

We do not use your health data for advertising, profiling for third parties, or any purpose other than providing and improving the Service.

3. Who We Share Your Data With

In plain language: We share data only with the service providers we need to run NutriLiv. We do NOT sell your data to anyone.
We share personal information only with the following categories of service providers ("processors"), and only to the extent necessary for them to perform services on our behalf:

Firebase / Google Cloud

Data shared: Account data, health survey data, usage data

Purpose: Authentication, database (Firestore), cloud functions, and storage

RevenueCat

Data shared: Account identifiers, subscription status

Purpose: Subscription management

Typesense

Data shared: Recipe and food data (no personal health data)

Purpose: Search indexing for food and recipe search

Google Analytics / Firebase Analytics

Data shared: Usage data and device data (anonymized / pseudonymized)

Purpose: App analytics and performance monitoring

Brevo

Data shared: Email address and name (with your consent)

Purpose: Email marketing communications

Apple App Store / Google Play

Data shared: As required by their platforms

Purpose: App distribution and in-app purchases

We may also disclose your information: (a) to comply with applicable law, regulation, or legal process; (b) to enforce our Terms and Conditions; (c) to protect the rights, property, or safety of Personalized Medicine LLC, our users, or the public; or (d) in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

We do NOT sell or share your personal information for cross-context behavioral advertising.

4. Data Retention

In plain language: We keep your health data while your account is active and delete it within 30 days after you delete your account.

Health and survey data

Retained while your account is active, plus up to 30 days after account deletion

Account data

Retained while your account is active, plus up to 30 days after account deletion

Meal plan history

Retained while your account is active, plus up to 30 days after account deletion

Usage and analytics data

Anonymized after 26 months

Payment / subscription records

Per Apple, Google, and RevenueCat retention policies

Customer support records

Up to 24 months after resolution, or as required by law

Upon account deletion, we initiate deletion of your personal data from our active systems within 30 days. Some data may persist in encrypted backups for a limited period but will not be actively processed.

5. Data Security

In plain language: We use industry-standard security measures to protect your data, including encryption at rest and in transit.
We implement appropriate technical and organizational measures to protect your personal information, including:
Encryption at rest: All data stored in Firestore is encrypted using AES-256 encryption.Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security).Authentication: User accounts are secured through Firebase Authentication.Access controls: Access to personal data is restricted to authorized personnel and systems on a need-to-know basis.Infrastructure security: Our infrastructure provider (Google Cloud) maintains SOC 1/2/3, ISO 27001, and other industry certifications.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Cookies and Tracking Technologies

In plain language: We use only essential cookies for authentication and analytics cookies for app improvement. We do not use advertising cookies.

6.1. In the App

The App uses Firebase Analytics (GA4) for usage analytics. This collects pseudonymized usage data and device identifiers to help us understand how the App is used and to improve it. You may opt out of analytics collection through your device settings.

6.2. On Our Website

Our website (www.nutriliv.app) uses:
Essential cookies: Required for basic website functionality (e.g., authentication).Analytics cookies: Google Analytics (GA4) to understand website traffic and usage.
We do not use advertising, retargeting, or third-party tracking cookies.

7. Children's Privacy

In plain language: NutriLiv is for adults only. We do not knowingly collect data from anyone under 18.
The Service is intended for users who are at least eighteen (18) years old. We do not knowingly collect personal information from children under 18 (or a higher minimum age where required by local law). If we become aware that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at privacy@nutriliv.app.

8. Your Rights — All Users

In plain language: Regardless of where you live, you can access, correct, or delete your data by contacting us.
All users of the Service have the following rights:
Access: Request a copy of the personal information we hold about you.Correction: Request that we correct inaccurate personal information.Deletion: Request that we delete your personal information. You may also delete your account directly through the App.Data portability: Request your data in a structured, commonly used format.Withdraw consent: Withdraw your consent for health data processing at any time. Note that withdrawing consent will limit your ability to use the Service's core meal plan features.
To exercise any of these rights, contact us at privacy@nutriliv.app. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

9. California Residents — CCPA/CPRA

In plain language: If you live in California, you have additional privacy rights under state law, including the right to know what data we collect, to delete it, and to limit how we use sensitive personal information.
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with the following rights:
9.1. Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the purposes for which it was collected, and the categories of third parties with whom we share it.
9.2. Right to Delete. You have the right to request that we delete your personal information, subject to certain legal exceptions.
9.3. Right to Correct. You have the right to request that we correct inaccurate personal information.
9.4. Right to Opt Out of Sale or Sharing. Personalized Medicine LLC does not sell your personal information and does not share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out. If our practices change, we will update this policy and provide an opt-out mechanism.
9.5. Right to Limit Use of Sensitive Personal Information. Your health data (cancer type, treatment, side effects, dietary restrictions) constitutes sensitive personal information under the CCPA/CPRA. We use this data only for the purpose of providing the Service (meal plan generation), which is a permissible use under CCPA/CPRA. You may request that we limit our use of your sensitive personal information by contacting us at privacy@nutriliv.app.
9.6. Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.
9.7. Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information:

Identifiers

Examples: Email address, name, device IDs

Sold: No | Shared for advertising: No

Health information (Sensitive Personal Information)

Examples: Cancer type, treatment type, side effects, dietary restrictions

Sold: No | Shared for advertising: No

Internet / electronic activity

Examples: App usage data, in-app search queries

Sold: No | Shared for advertising: No

Inferences

Examples: Meal plan preferences derived from your survey responses; NutriLiv Points displayed per recipe

Sold: No | Shared for advertising: No

To submit a CCPA/CPRA request, contact us at privacy@nutriliv.app. We will verify your identity using the email address associated with your account and respond within 45 days.

10. Washington State Residents — My Health My Data Act

In plain language: If you live in Washington state, you have specific rights over your health data, including the right to separate consent and deletion within 30 days.
If you are a Washington state resident, the Washington My Health My Data Act provides you with the following additional protections:
10.1. Consumer Health Data. The health information you provide through our survey — including cancer type, treatment type, side effects, and dietary restrictions — constitutes "consumer health data" under the Act.
10.2. Separate Consent. We obtain your separate, affirmative consent before collecting your consumer health data through the pre-survey consent flow. This consent is distinct from your acceptance of our Terms and Conditions.
10.3. Right to Delete. You have the right to request deletion of your consumer health data. We will complete deletion within thirty (30) days of your request.
10.4. Right to Know. You have the right to confirm whether we are collecting or sharing your consumer health data and to request a list of all third parties and affiliates with whom we have shared your consumer health data during the prior 12 months.
10.5. Third-Party Sharing. We share consumer health data with Firebase/Google Cloud solely for the purpose of storing and processing your data to provide the Service. We do not sell consumer health data.
10.6. How to Exercise Your Rights. Contact us at privacy@nutriliv.app.

11. European Economic Area and United Kingdom — GDPR

In plain language: If you are in the EU or UK, you have robust rights under the GDPR, including the right to access, delete, port, and restrict processing of your data. Your health data is processed based on your explicit consent.
If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), the following provisions apply:
11.1. Legal Bases for Processing. We process your personal data on the following legal bases:
Explicit consent (Art. 9(2)(a)): For processing your health data (cancer type, treatment, side effects, dietary restrictions). You provide this consent through the pre-survey consent flow.Contract performance (Art. 6(1)(b)): For processing account data and generating meal plans as part of the Service you subscribed to.Legitimate interest (Art. 6(1)(f)): For analytics, security, and Service improvement. Our legitimate interests do not override your rights and freedoms.Consent (Art. 6(1)(a)): For email marketing communications. You may withdraw consent at any time.
11.2. Your Rights. Under the GDPR, you have the right to:
Access your personal data (Art. 15)Rectify inaccurate data (Art. 16)Erase your data ("right to be forgotten") (Art. 17)Restrict processing (Art. 18)Data portability — receive your data in a structured, machine-readable format (Art. 20)Object to processing based on legitimate interest (Art. 21)Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal (Art. 7(3))
11.3. Automated Decision-Making (Art. 22). Your meal plans are generated by an automated algorithm based on the health survey data you provide. No individual human review occurs before meal plans are presented to you. You have the right to:
Request human review of an algorithmically generated meal planExpress your point of view regarding the meal planContest a meal plan recommendationRegenerate or swap meal plans at any time through the App
11.4. International Data Transfers. Your data is stored on Firebase/Google Cloud servers located in the United States. These transfers are protected by the Standard Contractual Clauses adopted by the European Commission, as implemented by Google Cloud. You may request a copy of the applicable transfer safeguards by contacting us.
11.5. UK-Specific Notes. For UK residents, references to the GDPR in this section include the UK GDPR as supplemented by the Data Protection Act 2018. International data transfers from the UK are protected by the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as applicable.
11.6. Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence or place of work. For UK residents, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.
11.7. Contact for EU/UK Data Matters. For questions or requests related to your GDPR rights, contact us at privacy@nutriliv.app.

12. Canada — PIPEDA

In plain language: If you are in Canada, you have rights under PIPEDA, including the right to access and correct your personal information and to withdraw consent.
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act ("PIPEDA") applies to our collection, use, and disclosure of your personal information:
12.1. Consent. We obtain your meaningful consent before collecting, using, or disclosing your personal information. For health data, we obtain your express consent through the pre-survey consent flow. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at privacy@nutriliv.app. Withdrawing consent may affect your ability to use the Service.
12.2. Access and Correction. You have the right to access the personal information we hold about you and to request correction of any inaccurate information.
12.3. Accountability. Personalized Medicine LLC is responsible for personal information in our possession or custody, including information transferred to third-party service providers for processing.
12.4. Complaints. If you have a complaint about our privacy practices, contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

13. Australia — Privacy Act 1988

In plain language: If you are in Australia, we comply with the Australian Privacy Principles. You can access your data, request corrections, and file complaints with the OAIC.
If you are an Australian resident, we comply with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth):
13.1. Collection. We collect personal information (including health information) only when it is reasonably necessary for providing the Service and with your consent.
13.2. Use and Disclosure. We use and disclose your personal information only for the purposes described in this Privacy Policy, or as otherwise permitted under the APPs.
13.3. Access and Correction. You have the right to access and request correction of the personal information we hold about you. Contact us at privacy@nutriliv.app.
13.4. Cross-Border Disclosure. Your personal information is transferred to and stored in the United States (via Firebase/Google Cloud). By using the Service, you consent to this transfer. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the APPs.
13.5. Complaints. If you believe we have breached the APPs, contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14. Brazil — LGPD

In plain language: If you are in Brazil, you have comprehensive data protection rights under the LGPD, including the right to access, correct, and delete your data, and to receive clear information about how your data is used.
If you are a resident of Brazil, the Lei Geral de Proteção de Dados Pessoais ("LGPD," Law No. 13,709/2018) applies:
14.1. Legal Basis for Processing. We process your personal data based on:
Explicit consent: For processing your sensitive health data (cancer type, treatment, side effects, dietary restrictions). You provide this consent through the pre-survey consent flow. Health data is classified as "sensitive personal data" under the LGPD and requires separate, specific, and informed consent.Contract performance: For processing account data necessary to provide the Service.Legitimate interest: For analytics and Service improvement, using anonymized or aggregated data.
14.2. Your Rights Under the LGPD. You have the right to:
Confirmation of the existence of processing of your dataAccess to your personal dataCorrection of incomplete, inaccurate, or outdated dataAnonymization, blocking, or deletion of unnecessary, excessive, or non-compliant dataData portability to another service providerDeletion of personal data processed with your consentInformation about public and private entities with which your data has been sharedInformation about the possibility and consequences of not providing consentRevocation of consent at any time
14.3. International Data Transfer. Your data is transferred to and stored in the United States. This transfer is carried out with your consent and is protected by Google Cloud's contractual safeguards, which provide a level of protection consistent with the LGPD.
14.4. Supervisory Authority. You have the right to file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.
14.5. Contact. For questions or requests related to your LGPD rights, contact us at privacy@nutriliv.app.

15. Asia-Pacific — Japan, South Korea, India, Singapore, and Thailand

In plain language: If you are in Japan, South Korea, India, Singapore, or Thailand, your country has specific data protection laws that give you rights over your personal data. This section explains those rights.

15.1. Japan — Act on the Protection of Personal Information (APPI)

If you are a resident of Japan:
Sensitive personal information: Your health data (cancer type, treatment, side effects) is classified as "special care-required personal information" under the APPI. We obtain your explicit consent before collecting this data.Purpose of use: We use your personal information only within the scope described in Section 2 of this Privacy Policy and will notify you of any changes to the purpose of use.Your rights: You have the right to request disclosure, correction, cessation of use, and deletion of your personal data, as well as the right to request that we cease providing your data to third parties.Cross-border transfer: Your data is transferred to the United States. Japan's Personal Information Protection Commission (PPC) has recognized the EU as providing an adequate level of protection, and Google Cloud maintains contractual safeguards consistent with APPI requirements.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Personal Information Protection Commission (PPC) at ppc.go.jp.

15.2. South Korea — Personal Information Protection Act (PIPA)

If you are a resident of South Korea:
Sensitive information: Your health data is classified as "sensitive information" under PIPA. We obtain your separate, explicit consent for the collection and processing of this data, distinct from consent for other personal information.Your rights: You have the right to access, correct, delete, and suspend processing of your personal information. You also have the right to data portability.Third-party disclosure: We disclose the identities of all third-party recipients of your data in this Privacy Policy (see Section 3). We will obtain your consent before sharing your data with any new third party.Cross-border transfer: Your data is transferred to and stored in the United States via Firebase/Google Cloud. We notify you of the recipient (Google LLC, United States), the items of data transferred, and the purpose of transfer. You may withdraw consent for cross-border transfer at any time.Destruction of data: Upon account deletion, we will destroy your personal information within the retention periods specified in Section 4, in accordance with PIPA requirements.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Personal Information Protection Commission (PIPC) at pipc.go.kr.

15.3. India — Digital Personal Data Protection Act (DPDP Act, 2023)

If you are a resident of India:
Consent. We process your personal data based on your informed, specific, and unambiguous consent. For health data, we obtain your consent through the pre-survey consent flow. You have the right to withdraw consent at any time through the App or by contacting us.Data Fiduciary obligations. As a Data Fiduciary under the DPDP Act, Personalized Medicine LLC is responsible for ensuring the accuracy, completeness, and protection of your personal data and for processing it only for lawful purposes.Your rights: You have the right to: (a) access a summary of your personal data being processed; (b) correction and erasure of your personal data; (c) nominate another individual to exercise your rights in the event of your death or incapacity; and (d) grievance redressal.Data processing of children: The Service is restricted to users aged 18 and above. We do not knowingly process data of children under 18.Cross-border transfer: Your data is transferred to the United States. We comply with cross-border transfer provisions under the DPDP Act and any restrictions notified by the Government of India.Grievance redressal: Contact us at privacy@nutriliv.app. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once it is constituted.

15.4. Singapore — Personal Data Protection Act (PDPA)

If you are a resident of Singapore:
Consent. We obtain your consent before collecting, using, or disclosing your personal data. You may withdraw consent at any time by contacting us at privacy@nutriliv.app, subject to legal or contractual restrictions. We will inform you of the consequences of withdrawal.Purpose limitation. We collect, use, and disclose your personal data only for the purposes stated in this Privacy Policy.Your rights: You have the right to access your personal data held by us and to request correction of any inaccurate data. You also have the right to request information about how your data has been used or disclosed in the past year.Data portability: You have the right to request your data in a machine-readable format for transfer to another organization, where applicable.Cross-border transfer: Your data is transferred to the United States. We ensure that recipients provide a comparable level of protection as under the PDPA.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

15.5. Thailand — Personal Data Protection Act (PDPA)

If you are a resident of Thailand:
Sensitive data. Your health data is classified as "sensitive data" under the Thailand PDPA. We obtain your explicit consent before collecting this data.Your rights: You have the right to: access your data; request correction; request deletion or destruction; restrict processing; data portability; object to processing; and withdraw consent at any time.Cross-border transfer: Your data is transferred to the United States. We ensure that the destination country has adequate data protection standards or that appropriate safeguards are in place.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Personal Data Protection Committee (PDPC) at pdpc.or.th.

16. Latin America and the Caribbean — Mexico, Colombia, and Argentina

In plain language: If you are in Mexico, Colombia, or Argentina, you have specific data protection rights under your country's laws.

16.1. Mexico — Federal Law on Protection of Personal Data (LFPDPPP)

If you are a resident of Mexico:
Sensitive personal data. Your health data is classified as "sensitive personal data" under the LFPDPPP. We obtain your express, written consent (through the pre-survey consent flow) before collecting this data.Privacy Notice (Aviso de Privacidad). This Privacy Policy serves as our Privacy Notice. It describes who we are, the personal data we collect, the purposes of processing, how to exercise your rights, and how we protect your data.ARCO Rights. You have the right to: (A) Access your personal data; (R) Rectify inaccurate data; (C) Cancel (delete) your data; and (O) Oppose the processing of your data. You may exercise these rights by contacting us at privacy@nutriliv.app. We will respond within 20 business days.Cross-border transfer. Your data is transferred to the United States. By providing your consent to this Privacy Policy, you consent to this international transfer.Complaints. You may contact us at privacy@nutriliv.app or file a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) at home.inai.org.mx.

16.2. Colombia — Law 1581 of 2012

If you are a resident of Colombia:
Sensitive data. Your health data is classified as "sensitive data" under Law 1581. We collect it only with your informed, explicit, and prior consent. You are not obligated to provide sensitive data, and providing it is entirely voluntary.Your rights (Habeas Data). You have the right to: access your personal data; update and correct your data; request deletion when processing lacks legal basis; request proof of consent; file complaints with the Superintendencia de Industria y Comercio (SIC); and revoke consent.Authorization. Your pre-survey consent constitutes your authorization for the processing of sensitive data as required under Colombian law.Complaints. Contact us at privacy@nutriliv.app or file a complaint with the Superintendencia de Industria y Comercio (SIC) at sic.gov.co.

16.3. Argentina — Personal Data Protection Law (Law 25,326)

If you are a resident of Argentina:
Sensitive data. Your health data is classified as "sensitive data" under Law 25,326. We collect it only with your express consent.Your rights: You have the right to access, correct, update, and delete your personal data. You may exercise these rights free of charge at intervals of no less than six months.Cross-border transfer. Argentina has been recognized by the European Commission as providing an adequate level of data protection. Your data is transferred to the United States with your consent and under contractual safeguards.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Agencia de Acceso a la Información Pública (AAIP) at argentina.gob.ar/aaip.

17. Africa — South Africa, Nigeria, and Kenya

In plain language: If you are in South Africa, Nigeria, or Kenya, you have data protection rights under your country's laws.

17.1. South Africa — Protection of Personal Information Act (POPIA)

If you are a resident of South Africa:
Special personal information. Your health data is classified as "special personal information" under POPIA. We process it only with your explicit consent, which you provide through the pre-survey consent flow.Your rights: You have the right to: be notified of the collection of your data; access your personal information; request correction or deletion; object to the processing of your data; and not be subject to automated decision-making (you may request human review of meal plans).Cross-border transfer. Your data is transferred to the United States. We ensure that the recipient (Google Cloud) is subject to binding rules or agreements that provide an adequate level of protection.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Information Regulator at inforegulator.org.za.

17.2. Nigeria — Nigeria Data Protection Act (NDPA, 2023)

If you are a resident of Nigeria:
Sensitive personal data. Your health data is classified as "sensitive personal data" under the NDPA. We process it only with your explicit consent.Your rights: You have the right to: be informed about the processing of your data; access your data; rectify inaccurate data; erasure of your data; restrict processing; data portability; object to processing; and not be subject to solely automated decisions.Cross-border transfer. Your data is transferred to the United States. We ensure that adequate safeguards are in place as required by the Nigeria Data Protection Commission (NDPC).Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

17.3. Kenya — Data Protection Act, 2019

If you are a resident of Kenya:
Sensitive personal data. Your health data is classified as "sensitive personal data" under the Kenya Data Protection Act. We process it only with your explicit consent.Your rights: You have the right to: be informed of the use of your data; access your data; object to processing; correction of inaccurate data; and deletion of false or misleading data.Cross-border transfer. Your data is transferred to the United States. We ensure that adequate data protection safeguards are in place as required by the Office of the Data Protection Commissioner.Complaints: You may contact us at privacy@nutriliv.app or file a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

18. Other International Jurisdictions

In plain language: NutriLiv is available in most countries worldwide. If your country is not specifically listed above, this section describes how we protect your data.
The Service is available in most countries and territories worldwide (excluding jurisdictions where access is restricted). If you reside in a country not specifically addressed in Sections 9 through 17, the following applies:
18.1. Your Core Rights. Regardless of your location, you have the rights described in Section 8 (access, correction, deletion, data portability, and withdrawal of consent). We will honor these rights for all users.
18.2. Consent for Health Data. Health data is treated as sensitive personal information in virtually all data protection frameworks worldwide. We obtain your explicit, informed, and voluntary consent before collecting any health data, through the separate pre-survey consent flow. This consent standard meets or exceeds the requirements of all major data protection laws.
18.3. Cross-Border Transfer. Your data is stored in the United States on Google Cloud infrastructure. Where your local law requires specific safeguards for international data transfers, we rely on: (a) your explicit consent to the transfer; (b) Google Cloud's contractual commitments and certifications (including SOC 2, ISO 27001); and (c) the data protection measures described in Section 5 of this Privacy Policy.
18.4. Local Law Compliance. Where the data protection laws of your jurisdiction provide greater protection than what is described in this Privacy Policy, those local laws shall apply. We are committed to complying with the applicable data protection requirements of each jurisdiction in which the Service is available.
18.5. Regional Frameworks. We also recognize and comply with regional data protection frameworks where applicable, including but not limited to:
ASEAN Framework on Personal Data Protection (for Southeast Asian jurisdictions including Indonesia, the Philippines, Malaysia, Vietnam, and Myanmar)African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) (for participating African Union member states)Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules System (for participating APEC economies)
18.6. Regulatory Contact. If your local data protection authority is not listed elsewhere in this Privacy Policy and you wish to file a complaint, please contact us at privacy@nutriliv.app and we will provide you with the relevant contact information for your jurisdiction's data protection authority.

19. International Data Transfers

In plain language: Your data is stored in the United States on Google Cloud servers. We use appropriate legal mechanisms to protect data transferred from other countries.
Your personal information is stored and processed in the United States on Firebase/Google Cloud infrastructure. If you are located outside the United States, your data will be transferred to the US for processing.
We rely on the following mechanisms for lawful international data transfers:
EU/EEA: Standard Contractual Clauses adopted by the European Commission (as implemented by Google Cloud)UK: UK International Data Transfer Agreement or UK Addendum to EU SCCsBrazil: Consent and contractual safeguards consistent with LGPD requirementsJapan: Contractual safeguards consistent with APPI; Japan-EU mutual adequacy recognitionSouth Korea: Consent and notification of transfer details as required by PIPAIndia: Consent and compliance with cross-border provisions under the DPDP ActCanada: Consent and contractual protections under PIPEDAAustralia: Consent and reasonable steps to ensure APP compliance by recipientsSingapore: Contractual safeguards ensuring comparable protection under the PDPAThailand: Consent and adequate safeguards as required by the Thailand PDPAMexico: Consent as part of the Privacy Notice (Aviso de Privacidad)Colombia: Consent and authorization for international transfer of sensitive dataArgentina: Consent and EU adequacy recognitionSouth Africa: Binding agreements providing adequate protection as required by POPIANigeria: Adequate safeguards as required by the NDPCKenya: Safeguards as required by the ODPCAll other jurisdictions: Explicit user consent and contractual protections with our infrastructure providers

20. Data Breach Notification

In plain language: If a data breach occurs that affects your personal information, we will notify the relevant authorities and affected users as required by law.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
EU/UK (GDPR): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.United States: We will comply with all applicable state breach notification laws (including the FTC Health Breach Notification Rule) and notify affected individuals within the timeframes required by applicable law.Brazil (LGPD): We will notify the ANPD and affected data subjects within a reasonable timeframe as determined by the ANPD.India (DPDP Act): We will notify the Data Protection Board of India and affected individuals as required.South Korea (PIPA): We will notify the PIPC and affected individuals without delay.South Africa (POPIA): We will notify the Information Regulator and affected data subjects as soon as reasonably possible.Australia: We will notify the OAIC and affected individuals as required under the Notifiable Data Breaches scheme.All other jurisdictions: We will comply with local breach notification requirements and notify affected users within a reasonable timeframe, describing the nature of the breach, the data affected, and the steps we are taking in response.

21. Changes to This Privacy Policy

In plain language: If we make material changes to this policy, we will notify you in advance through the App or by email.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by: (a) posting the updated policy in the App; (b) updating the "Last Updated" date at the top; and (c) where practicable, sending you a notification via the App or email at least 30 days before the changes take effect.
Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you should stop using the Service and delete your account.

22. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at:
Personalized Medicine LLC d/b/a NutriLiv Email: privacy@nutriliv.app Website: www.nutriliv.app
For general support: support@nutriliv.app For legal inquiries: legal@nutriliv.app