Legal

NutriRoot Privacy Policy

Effective date: July 17, 2026 ยท Operator: Jordan Schaefer d/b/a Aevum Dynamics

1. Who We Are

NutriRoot (the "App") is operated by Jordan Schaefer d/b/a Aevum Dynamics. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights over it. Because NutriRoot is a nutrition and wellness app, some of the data we process is health-related ("consumer health data" under certain state laws); we treat it with heightened care as described below.

2. Data We Collect

Data we do NOT collect: we do not collect allergy information, medical conditions, diagnoses, or medication data, and the App does not provide allergen information. Nutrition values shown in the App come from published sources listed in the App's Sources section at the bottom of the Daily page.

We collect data directly from you, from your device (with permission), and from the service providers listed in Section 4. We do not collect data from data brokers and we do not track you across other companies' apps or websites.

3. How We Use Your Data (and Our Legal Bases)

We do not use your data for third-party advertising, and we do not use data obtained through HealthKit or Health Connect for advertising, marketing, or data mining, consistent with Apple and Google platform policies.

4. Data Sharing and Third Parties

We do not sell or rent your personal data, and we do not share it for cross-context behavioral advertising. We share data only with these service providers, only as needed to operate the App:

We may disclose data if required by law, court order, or to protect the safety of users or third parties. If the App's operation is transferred to a successor entity (e.g., an LLC we form, or an acquirer), your data may be transferred to that entity under this same Policy; we will notify you of any material change in ownership or use.

5. How We Protect Your Data

Sensitive fields โ€” email address, name, date of birth, body weight, and body fat percentage โ€” are encrypted at rest using AES-256. Email addresses are additionally HMAC-hashed for secure lookup. All data in transit uses TLS. Access tokens expire after 1 hour; refresh tokens after 30 days. We apply least-privilege access. No system is perfectly secure; if a breach affects your personal data we will notify you as required by applicable law.

6. Data Retention

We retain your data while your account is active. Free accounts inactive for 90 days, and expired subscriber accounts 90 days past subscription end, are automatically purged. You can delete your account at any time via Settings โ†’ Delete Account โ€” this permanently removes your profile, food logs, weight history, and all other personal data. We do not retain data after deletion except where required by law.

7. HealthKit and Health Connect

If you grant permission, NutriRoot reads weight and body-fat readings from Apple HealthKit (iOS) or Google Health Connect (Android) and may write weight entries back. This integration is entirely opt-in and revocable at any time in your device's health settings. Imported readings are stored on our servers, encrypted at rest like manually entered weight, and used the same way as manual entries. We never use HealthKit or Health Connect data for advertising or disclose it to third parties for their own purposes.

8. Children's Privacy

NutriRoot is not directed at children under 13, and we do not knowingly collect their personal data. If we learn a user is under 13, we will delete their data promptly. Users 13โ€“17 must have a parent or guardian review and agree to this Policy on their behalf.

9. Your Rights

Depending on your location, you may have the right to:

To exercise any right, email aevumdynamics@gmail.com. We will verify your identity and respond within 30 days (or the period required by your local law). We will not discriminate against you for exercising your rights. If we deny a request, you may appeal by replying to our decision; where applicable law provides, you may also complain to your local data-protection or consumer-protection authority.

10. United States State Privacy Rights

California (CCPA/CPRA): you have the rights to know, delete, correct, and port your personal information, and to opt out of sale or sharing. We do not sell or share personal information as defined by the CCPA, and we do not use or disclose sensitive personal information for purposes requiring a right to limit. Submit requests to aevumdynamics@gmail.com.

Washington (My Health My Data Act) and similar state laws: food logs, weight, body-fat, and related data are "consumer health data." We collect and share such data only with your consent and only as described in this Policy; we do not sell consumer health data and would never do so without your separate, explicit authorization. You may withdraw consent and request deletion at any time as described in Section 9.

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have comparable rights, exercisable the same way.

11. Users in the EEA, UK, and Switzerland (GDPR)

Health-related data we process is "special category" data under the GDPR. We process it only with your explicit consent, given when you create an account and enter health information, and revocable at any time by deleting the data or your account. Our legal bases are set out in Section 3. Our servers are in the United States; transfers from the EEA/UK rely on your explicit consent and, where applicable, standard contractual clauses with our processors. You may lodge a complaint with your local supervisory authority.

12. International Transfers

Our servers are located in the United States. If you access the App from elsewhere, your data will be transferred to and processed in the US. We take steps to ensure your data receives an adequate level of protection wherever it is processed.

13. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes via in-app notice or email before they take effect. The effective date above reflects the latest revision. Continued use after the revised effective date constitutes acceptance; where a change requires fresh consent (e.g., a new use of health data), we will ask for it.

14. Contact Us

Questions, concerns, or requests regarding this Policy or your data: aevumdynamics@gmail.com