Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last Updated: December 15, 2024

Table of Contents

1. Overview

NutriGrove ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

🔒 Your Privacy Rights

We are HIPAA compliant and follow strict data protection standards to ensure your health information remains private and secure. You have full control over your data at all times.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Name, email address, and contact information
  • UMass student ID (for campus integration)
  • Date of birth and demographic information
  • Profile preferences and settings
  • Account credentials and authentication data

2.2 Health and Nutrition Data

To provide our nutrition tracking services, we collect:

  • Dietary preferences and restrictions
  • Meal logging and food consumption data
  • Nutritional goals and health objectives
  • Weight, height, and fitness metrics (if provided)
  • Dining hall visit patterns and preferences

2.3 Technical Information

We automatically collect certain technical information:

  • Device information (model, operating system, version)
  • App usage analytics and performance data
  • Location data (for campus dining hall features)
  • Log files and error reports
  • Network and connection information

2.4 Campus Integration Data

Through our UMass partnership, we may collect:

  • Dining hall menu and availability information
  • Meal plan and payment data (anonymized)
  • Campus facility usage patterns
  • Academic calendar integration data

3. How We Use Your Information

3.1 Service Provision

  • Provide personalized nutrition tracking and recommendations
  • Enable campus dining hall integration and features
  • Process and fulfill your requests and transactions
  • Maintain and improve app functionality
  • Provide customer support and technical assistance

3.2 Communication

  • Send important service updates and notifications
  • Respond to your inquiries and support requests
  • Share relevant health and nutrition information
  • Notify you about new features and improvements

3.3 Analytics and Improvement

  • Analyze usage patterns to improve our services
  • Conduct research on nutrition and dining habits
  • Develop new features and functionality
  • Monitor app performance and fix issues

3.4 Legal and Safety

  • Comply with legal obligations and regulations
  • Protect against fraud and unauthorized access
  • Enforce our Terms of Service
  • Respond to legal requests and court orders

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our services, such as:

  • Cloud hosting and data storage providers
  • Analytics and performance monitoring services
  • Customer support platforms
  • Payment processing services

All service providers are bound by strict confidentiality agreements and are only permitted to use your information as necessary to provide services to us.

4.2 UMass Partnership

We may share aggregated, anonymized data with UMass Dining Services to:

  • Improve campus dining options and services
  • Provide real-time menu and availability information
  • Support campus wellness initiatives
  • Conduct research on student nutrition and health

4.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Investigate potential violations of our Terms of Service
  • Respond to emergency situations involving health or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and your options regarding your information.

5. Data Security

🛡️ Enterprise-Grade Security

We implement industry-leading security measures including end-to-end encryption, SOC 2 Type II compliance, and regular security audits to protect your data.

5.1 Technical Safeguards

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Secure API endpoints with OAuth 2.0 authentication

5.2 Operational Safeguards

  • Limited access to personal data on a need-to-know basis
  • Employee background checks and security training
  • Regular monitoring and logging of data access
  • Incident response procedures and breach notification protocols
  • Data backup and disaster recovery systems

5.3 HIPAA Compliance

As a health-related service, we maintain HIPAA compliance standards, including:

  • Business Associate Agreements with all vendors
  • Administrative, physical, and technical safeguards
  • Employee training on health information privacy
  • Regular risk assessments and compliance audits

6. Your Rights

You have several rights regarding your personal information. These rights may vary depending on your location and applicable laws.

6.1 Access and Portability

  • Request access to your personal information
  • Download a copy of your data in a portable format
  • View and update your account information
  • Access your nutrition and health data history

6.2 Correction and Updates

  • Correct inaccurate or incomplete information
  • Update your preferences and settings
  • Modify your health goals and dietary restrictions
  • Change your communication preferences

6.3 Deletion and Restriction

  • Delete your account and associated data
  • Request deletion of specific information
  • Restrict processing of your data
  • Opt-out of certain data collection practices

6.4 Objection and Withdrawal

  • Object to processing based on legitimate interests
  • Withdraw consent for optional data processing
  • Opt-out of marketing communications
  • Disable location tracking and analytics

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@nutrigrove.com or use the privacy controls in your account settings. We will respond to your request within 30 days.

7. Cookies and Tracking

7.1 Types of Cookies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for basic app functionality
  • Performance Cookies: Help us analyze app usage and performance
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Provide insights into user behavior

7.2 Third-Party Tracking

We may use third-party analytics services, including:

  • Google Analytics for web and app analytics
  • Firebase for app performance monitoring
  • Mixpanel for user behavior analysis
  • Crashlytics for error reporting

7.3 Managing Cookies

You can control cookies through your browser or device settings. Note that disabling certain cookies may limit app functionality.

8. Third-Party Services

Our app may integrate with third-party services to enhance functionality. These services have their own privacy policies:

8.1 UMass Systems

  • UMass Dining Services APIs
  • Campus authentication systems
  • Student information systems

8.2 Health Platforms

  • Apple HealthKit (iOS)
  • Google Fit (Android)
  • Fitbit (optional integration)

8.3 Social Features

  • Social login providers (Google, Apple)
  • Social sharing platforms
  • Community forums and messaging

9. Children's Privacy

Our service is designed for college students and is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9.1 Age Verification

  • Users must verify they are at least 13 years old
  • College affiliation is required for full access
  • Parental consent may be required for users under 18

9.2 Parental Rights

If you are a parent and believe your child has provided personal information to us, please contact us immediately to request deletion of such information.

10. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

  • Standard Contractual Clauses for EU transfers
  • Adequacy decisions and certification programs
  • Binding corporate rules for intra-group transfers
  • Explicit consent for specific transfers

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes through:

  • In-app notifications
  • Email notifications (if you've provided an email address)
  • Website banners and announcements
  • Push notifications for significant changes

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

12. Contact Information

Data Protection Office

Email: privacy@nutrigrove.com

Phone: +1 (413) 555-0123

Address:
NutriGrove Inc.
Innovation Hub
UMass Amherst
Amherst, MA 01003

EU Representative

Email: eu-privacy@nutrigrove.com

Data Protection Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal information in accordance with applicable laws.

This Privacy Policy was last updated on December 15, 2024.
Return to Home