Privacy Policy

1. Introduction

NutraPlanner is a nutrition planning platform for Canadian healthcare practitioners and individuals. We are committed to protecting your personal information and your right to privacy in accordance with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and applicable provincial health-information legislation. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have in relation to it.

2. Information We Collect

We collect information that you provide directly when creating an account or using the service:

• Account information: email address, first and last name, and a password (stored as a one-way hash — we never store or have access to your plain-text password). If you sign in with Google, we receive your name and email from Google; we do not access your Google password.
• Professional information (practitioners): credentials, specialisations, and licensing details you choose to add to your profile.
• Client health data (practitioners): medical history, dietary preferences, allergens, aversions, nutritional deficiencies, body measurements, goals, clinical notes, and appointment records that you enter on behalf of your clients.
• Nutrition data (individuals): dietary preferences, meal plans, and recipe interactions.
• Calendar data: if you connect Google Calendar, we store OAuth tokens and sync appointment data between NutraPlanner and your calendar. We only access calendar events created by NutraPlanner.
• Usage data: we collect basic usage information such as pages visited and actions taken to maintain and improve the service. We use session cookies for authentication.

3. How We Use Your Information

We use the information we collect to:

• Authenticate your identity and maintain your session
• Provide the core service: client management, meal planning, recipe filtering, and appointment scheduling
• Sync appointment data with Google Calendar when you have connected your account
• Enforce subscription limits and role-based access control
• Send service-related communications (e.g. password resets)
• Monitor and improve the reliability and performance of the service

We do not sell your data. We do not use your data for advertising. We do not share client health data with third parties.

4. Data Storage and Security

Your data is stored in separate databases — user account data and client health/nutrition data are isolated by design. All data is encrypted in transit (TLS). Passwords are hashed using bcrypt and are never stored in plain text.

Multi-tenant isolation ensures that practitioners in team workspaces can only access data they are authorised to see, governed by role-based permissions.

No method of electronic storage is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.

NutraPlanner is a Canadian company and handles all personal and client health data in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

5. Third-Party Service Providers (Subprocessors)

We rely on the following third-party subprocessors to operate the service. Each receives only the data necessary for its function and is contractually bound to handle that data in accordance with applicable privacy law. Several of these providers are located in the United States, which constitutes a cross-border transfer of personal information; by using the service you consent to such transfers, and we apply contractual and technical safeguards (encrypted transport, scoped access) to protect the data in transit and at rest.

• Google OAuth (United States): for account sign-in. Google receives the authentication request only; we do not share any NutraPlanner content with Google as part of sign-in.
• Google Calendar (United States): for appointment synchronisation, only when you explicitly connect your account. NutraPlanner stores OAuth tokens to sync events it creates. You can disconnect at any time from your profile settings.
• Stripe (United States): processes subscription payments. Stripe receives your name, email, billing address, and payment-card details (entered directly into Stripe's secure form — we never see or store full card numbers). Stripe acts as an independent controller for fraud prevention and tax-reporting purposes under its own privacy policy at stripe.com/privacy.
• Resend (United States): delivers transactional emails (account verification, password resets, billing receipts). Resend receives the recipient email address and the email body. It is used only for service-related communications, not marketing.
• Cloudflare R2 (global, Canadian region preferred): object storage for user-uploaded files (recipe images). R2 receives the file contents and access-control metadata.
• OpenAI (United States): if recipe-image generation is enabled, we send the recipe title and ingredient list to OpenAI to produce an illustrative image. We do not send client health data, personal information, or identifiers. OpenAI is contractually prohibited from training its models on data sent via its API.
• Sentry (United States or EU, depending on your region): captures application errors and reliability telemetry. Sentry receives stack traces, browser type, page URL, anonymous error grouping identifiers, and breadcrumbs of user interaction (e.g. button clicked, route changed) that immediately precede an error — required to reproduce and fix bugs. We configure Sentry to scrub form fields and headers; client health data and credentials are never transmitted. Session replay is not enabled.

We do not use third-party analytics, advertising, or behavioural-tracking services. We do not sell or rent personal information. Apart from the subprocessors above (each of which acts on our instructions or as a regulated payment processor), we do not share client health data with anyone.

We will update the list above before engaging any new subprocessor that receives personal information. Material changes are communicated via the effective-date update on this page; substantial changes affecting practitioner-held client data are additionally communicated by email to the account holder.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing of your data
• Export your data in a portable format
• Withdraw consent for optional features (e.g. Google Calendar sync) at any time

To exercise any of these rights, contact us at hello@nutraplanner.com.

7. Data Retention

We retain your data only as long as we have a legitimate purpose for keeping it. Specifically:

• Account and profile data: retained while your account is active. Upon account deletion, data is removed from production databases within 30 days.
• Client health data (entered by practitioners): retained while the practitioner's account is active. Upon practitioner account deletion, all client records the practitioner entered are removed within 30 days, unless the practitioner has exported them.
• Backups: encrypted backups are retained for 30 days on a rolling window for disaster recovery, after which they are overwritten.
• Billing and tax records: retained for 7 years in compliance with Canada Revenue Agency record-keeping requirements (Income Tax Act s. 230), even after account deletion. These records contain only the data needed for tax compliance (invoice amounts, dates, business identifiers).
• Audit and security logs: retained for 12 months for security monitoring and incident response, then deleted.
• Breach records: retained for 24 months as required by the PIPEDA Breach of Security Safeguards Regulations.
• Data subject to a legal hold (active litigation, regulatory request, or law-enforcement order) is retained until the hold is lifted.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date above. For substantial changes affecting how we use or share personal information, we will additionally notify account holders by email at least 30 days before the change takes effect.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us at hello@nutraplanner.com.

10. Privacy Officer

In accordance with PIPEDA Principle 4.1 and Quebec Law 25 s. 3.1, we have designated an individual accountable for our compliance with this Privacy Policy and applicable privacy law. You may contact our Privacy Officer regarding any privacy-related question, complaint, request to exercise your rights, or report of a suspected breach:

• Privacy Officer: Sam Champagne
• Email: sam@nutraplanner.com

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

11. Data Breach Notification

We maintain administrative, technical, and physical safeguards to protect personal information. In the event of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm, we will:

• Report the breach to the Office of the Privacy Commissioner of Canada (and the Commission d'accès à l'information du Québec for Quebec residents) as soon as feasible;
• Notify affected individuals as soon as feasible, by email to the address on file, with sufficient information to understand the significance of the breach and the steps they can take to mitigate harm;
• Notify practitioners holding client records affected by a breach so they can fulfil their own notification obligations under provincial health-information legislation;
• Maintain a record of every breach involving personal information, regardless of severity, for at least 24 months.

If you become aware of an actual or suspected breach involving your account or data you have entered, please contact our Privacy Officer immediately at sam@nutraplanner.com.

12. International Users

NutraPlanner is operated from and primarily serves Canada. If you access the service from outside Canada, the following additional terms apply:

• European Economic Area, United Kingdom, and Switzerland: If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws apply. The lawful bases for our processing are: (a) performance of a contract with you (sections 2-3 above); (b) compliance with legal obligations (section 7 — tax retention); (c) our legitimate interests in operating, securing, and improving the service (section 5 — error monitoring); and (d) your consent for optional features (Google Calendar sync, billing). You have the right to access, rectify, erase, restrict, port, and object to processing of your data, and to lodge a complaint with your local supervisory authority. To exercise these rights, contact our Privacy Officer.
• California (United States): If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we have collected, to delete it, to correct it, to opt out of any sale or sharing of personal information (we do not sell or share — see section 5), and to limit the use of sensitive personal information. We do not discriminate against you for exercising these rights. The categories we collect are listed in section 2; the purposes are listed in section 3; the third parties are listed in section 5. To exercise these rights, contact our Privacy Officer.
• Other regions: If your jurisdiction grants you specific privacy rights not enumerated above, we will honour those rights to the extent required by the law of your jurisdiction. Contact our Privacy Officer.

13. Children's Data

NutraPlanner is not directed at children. We do not knowingly create direct user accounts for individuals under 16. If we learn that we have collected personal information from a child under 16 in a direct-account context without verifiable parental consent, we will delete that information promptly.

Practitioners may legitimately enter health and dietary information about minor clients in the course of providing nutritional care. In that case the practitioner is responsible for obtaining consent from the minor's parent or legal guardian (or from the minor where they are of an age of consent under applicable health legislation) before entering data. For practitioners serving Quebec residents, Quebec Law 25 imposes heightened consent requirements for personal information of persons under 14. NutraPlanner stores this data on the practitioner's behalf and applies the same safeguards as for adult client data.

14. Practitioner Data Processing Agreement

Practitioners using NutraPlanner to manage client health information act as the custodian or controller of that information under provincial health-information legislation (such as Alberta's Health Information Act, Ontario's Personal Health Information Protection Act, and Quebec's Act respecting health and social services information). NutraPlanner acts as the practitioner's information manager / processor with respect to that data.

A Data Processing Agreement (DPA) describing our respective obligations — including security safeguards, subprocessor management, breach notification, and instructions for processing — is published at /policies/dpa and is incorporated by reference into our Terms of Service. By using NutraPlanner to enter or manage client health information, you agree to the terms of that DPA. To request a countersigned copy or to discuss specific provincial requirements, contact our Privacy Officer at sam@nutraplanner.com.