Ready to try it?

Built in the open

A small team, on purpose

About NutraPlanner

Why we built this

Ready to get started?

Send feedback

Get in touch

Follow along

Contact Us

1. What are cookies?

a secure, HTTP-only session cookie that keeps you signed in. This is a JWT-based token that expires after 24 hours. Without it, you would need to log in on every page.

stores the redirect URL during sign-in so you return to the correct page after authentication. HTTP-only, short-lived.

prevents cross-site request forgery attacks on authentication forms.

stores your chosen language (English or French) so the site loads in the correct language on each visit.

part of the PKCE OAuth security flow used during Google sign-in. HTTP-only, expires after 15 minutes.

we store your sidebar collapse state in browser localStorage (not a cookie), but mention it here for transparency.

when enabled, Sentry stores a per-session identifier in your browser to group errors from the same browser session, and records a short trail of recent user-interface interactions (route changes, button clicks — never form values) that immediately precede an error to help us reproduce and fix bugs. This is strictly necessary for service reliability. Session replay is not enabled. No client health data, passwords, or payment-card details are transmitted to Sentry.

validates the OAuth state parameter to prevent cross-site attacks during Google sign-in. HTTP-only, short-lived.

2. How we use cookies

3. What we do not use

4. Your choices

5. Users in the European Economic Area, United Kingdom, and Switzerland

6. Changes to This Policy

7. Contact Us

Cookies Policy

For the term of the Controller's account, until terminated in accordance with the Terms of Service, plus the deletion and retention periods set out in section 10 of this DPA and section 7 of the Privacy Policy.

Storage, retrieval, modification, deletion, indexing, filtering, scheduling, synchronisation with calendar services (when enabled by the Controller), billing-related processing (through Stripe), transactional email (through Resend), object storage of uploaded content (through Cloudflare R2), error and reliability telemetry (through Sentry), and recipe-image generation (through OpenAI, where enabled).

Provision of the NutraPlanner nutrition-planning service to the Controller, including secure storage, retrieval, and processing of Personal Information entered by the Controller in the course of providing nutritional, dietary, and related professional services to clients.

Annex A — Subject Matter, Duration, and Nature of Processing

Identifying information (name, date of birth, contact details); health information (medical history, allergens, dietary restrictions, nutritional deficiencies, body measurements, goals); appointment and scheduling information; clinical notes (free-text, may contain additional categories at the Controller's discretion); user-uploaded files (recipe images, optionally other documents). NutraPlanner does not collect special categories of data (e.g. biometric, genetic, sexual-orientation data) beyond what the Controller elects to enter into free-text fields.

Clients (including minors) of the Controller who receive nutritional, dietary, or related professional services from the Controller; and where applicable the Controller's own staff or representatives invited into a team workspace.

Annex B — Categories of Data Subjects and Personal Information

Role-based access control; row-level multi-tenant isolation; least-privilege defaults; multi-factor authentication required for production-system administrative access; audit logging on all data-modifying API calls.

Encrypted backups retained on a 30-day rolling window for disaster recovery; backup restore procedure tested at least annually.

Mandatory code review on all production changes; automated dependency-vulnerability scanning; timely patching of identified vulnerabilities; principle-of-least-privilege deployment access.

TLS 1.2+ in transit. AES-256-GCM at rest for database storage; equivalent encryption at rest for object storage. Application-level authenticated encryption for designated PHI fields, with key rotation.

Continuous error and reliability telemetry via Sentry (configured to scrub form fields and sensitive headers); centralised audit logging; security-event alerting.

Passwords hashed with bcrypt; no plaintext credentials stored anywhere; secrets managed in a dedicated secrets store, never committed to source code.

User-account data and client health/nutrition data are stored in separate database instances with no cross-database foreign keys.

Annex C — Security Measures Summary

calendar synchronisation when explicitly enabled by the Controller. Receives appointment titles, times, and OAuth tokens.

authentication of users who sign in with Google. Receives the authentication request only.

where enabled. Receives recipe title and ingredient list only. Contractually prohibited from training on API data.

stores user-uploaded files (recipe images). Receives the file contents and access-control metadata.

verification, password-reset, and billing-receipt emails. Receives recipient email and email body.

application error and reliability telemetry. Receives stack traces, browser type, page URL, anonymous error-grouping identifiers, and interaction breadcrumbs (scrubbed of form fields and headers).

subscription billing. Receives billing contact details and payment-card data entered directly into Stripe's hosted form.

Annex D — Subprocessors

Preamble

10. Return and Deletion at Termination

11. Term and Effect

12. Changes to This DPA

13. Liability

14. Governing Law

15. Contact

1. Definitions

2. Scope and Roles

3. Personnel and Confidentiality

4. Security Safeguards

5. Subprocessors

6. Data Subject Rights

7. Breach Notification

8. International Transfers

9. Audit and Information Rights

Data Processing Agreement

For individuals

For practitioners

Ready to start planning?

The full picture for every client

Everything at a glance

Plans built around each client

See every client's trajectory

Precision dietary filtering no other tool offers

One platform for nutrition and client care.

meal planning.

client management.

dietary filtering.

progress tracking.

your practice.

One platform for

Manage your full client roster in one place.

Your schedule, clients, and activity — all on one screen.

Build day-by-day meal plans from filtered recipes.

Log and chart each client's weight trends over time.

Filter 25,000+ recipes by nutrients, food groups, and more.

10. Privacy Officer

11. Data Breach Notification

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we have collected, to delete it, to correct it, to opt out of any sale or sharing of personal information (we do not sell or share — see section 5), and to limit the use of sensitive personal information. We do not discriminate against you for exercising these rights. The categories we collect are listed in section 2; the purposes are listed in section 3; the third parties are listed in section 5. To exercise these rights, contact our Privacy Officer.

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws apply. The lawful bases for our processing are: (a) performance of a contract with you (sections 2-3 above); (b) compliance with legal obligations (section 7 — tax retention); (c) our legitimate interests in operating, securing, and improving the service (section 5 — error monitoring); and (d) your consent for optional features (Google Calendar sync, billing). You have the right to access, rectify, erase, restrict, port, and object to processing of your data, and to lodge a complaint with your local supervisory authority. To exercise these rights, contact our Privacy Officer.

If your jurisdiction grants you specific privacy rights not enumerated above, we will honour those rights to the extent required by the law of your jurisdiction. Contact our Privacy Officer.

12. International Users

13. Children's Data

14. Practitioner Data Processing Agreement

1. Introduction

email address, first and last name, and a password (stored as a one-way hash — we never store or have access to your plain-text password). If you sign in with Google, we receive your name and email from Google; we do not access your Google password.

if you connect Google Calendar, we store OAuth tokens and sync appointment data between NutraPlanner and your calendar. We only access calendar events created by NutraPlanner.

medical history, dietary preferences, allergens, aversions, nutritional deficiencies, body measurements, goals, clinical notes, and appointment records that you enter on behalf of your clients.

dietary preferences, meal plans, and recipe interactions.

credentials, specialisations, and licensing details you choose to add to your profile.

2. Information We Collect

we collect basic usage information such as pages visited and actions taken to maintain and improve the service. We use session cookies for authentication.

3. How We Use Your Information

4. Data Storage and Security

for appointment synchronisation, only when you explicitly connect your account. NutraPlanner stores OAuth tokens to sync events it creates. You can disconnect at any time from your profile settings.

for account sign-in. Google receives the authentication request only; we do not share any NutraPlanner content with Google as part of sign-in.

if recipe-image generation is enabled, we send the recipe title and ingredient list to OpenAI to produce an illustrative image. We do not send client health data, personal information, or identifiers. OpenAI is contractually prohibited from training its models on data sent via its API.

object storage for user-uploaded files (recipe images). R2 receives the file contents and access-control metadata.

delivers transactional emails (account verification, password resets, billing receipts). Resend receives the recipient email address and the email body. It is used only for service-related communications, not marketing.

captures application errors and reliability telemetry. Sentry receives stack traces, browser type, page URL, anonymous error grouping identifiers, and breadcrumbs of user interaction (e.g. button clicked, route changed) that immediately precede an error — required to reproduce and fix bugs. We configure Sentry to scrub form fields and headers; client health data and credentials are never transmitted. Session replay is not enabled.

processes subscription payments. Stripe receives your name, email, billing address, and payment-card details (entered directly into Stripe's secure form — we never see or store full card numbers). Stripe acts as an independent controller for fraud prevention and tax-reporting purposes under its own privacy policy at stripe.com/privacy.