Privacy Policy
We built Nutrevia to help you eat better, not to harvest your data. This policy explains, in plain English, what we collect when you take the quiz or order a plan, why we collect it, and what you can do about it. If anything here is unclear, write to [email protected] and a human will reply.
The data controller is Stratoventures LLC, a limited liability company registered in New Mexico, United States. For questions about this policy, data access requests, or anything privacy-related, email our Data Protection Officer at [email protected]. We respond within 30 days.
When you take the quiz we collect the information you type in: your name, email, age range, height, weight, dietary goals, allergies, medical conditions you choose to disclose, eating habits, and any free-text notes you add. When you place an order we also collect billing details handled by our payment processor. We log basic technical information (IP address, browser type, pages viewed) so the site keeps working. We do not collect data you didn't give us.
Under GDPR Article 6, we rely on contract performance (we need your answers to deliver the plan you paid for), legitimate interest (running and securing the site, preventing fraud), and your consent for anything else. Health-related answers — allergies, conditions, medications — are special category data under Article 9. We process them only with your explicit consent, given when you tick the box in the quiz, and only to build your nutrition plan.
We use a small, deliberate set of processors. Hosting and database live with Hetzner inside the EU. Plan generation uses Anthropic's language model API — only the inputs needed to draft the plan are sent, and Anthropic does not train on this data. Plan delivery emails are sent through our transactional email provider. We never sell your data, never share it for advertising, and never give it to data brokers.
Quiz answers, plan content, and order records are retained for 24 months from the date of purchase, after which they are deleted or fully anonymized. Accounting records that we are legally required to keep are stored separately for the period required by applicable tax law. You can ask us to delete your data earlier — see your rights below.
You have the right to access the data we hold about you, rectify anything that's wrong, delete it (the 'right to be forgotten'), receive a portable copy, restrict or object to processing, and withdraw consent at any time. Send any of these requests to [email protected] from the email tied to your order. We confirm receipt immediately and complete the request within 30 days. You also have the right to file a complaint with your local data protection authority.
Data is encrypted in transit (TLS 1.3) and at rest. Access is limited to staff who need it to deliver your plan or respond to support. We run regular security reviews, keep our systems patched, and use isolated environments for production and analytics. No system is perfectly secure, but we take this seriously and will notify you and the relevant authority within 72 hours if a breach affects your data.
We use essential cookies only — the ones needed to remember your quiz progress, keep you logged in, and process payments. We do not use advertising cookies, tracking pixels, or third-party analytics that profile you. If we ever add anything beyond essentials, you will see a clear consent banner first.
If we update this policy in a way that affects your rights, we will email everyone with an active account at least 14 days before the change takes effect. Smaller edits (typo fixes, clarifications) are published here with a new 'last updated' date. The current version is always available at this URL.