1. This Privacy Policy (“Policy”) describes how M/s Nutryze Lifestyle Technologies LLP (“We”, “Our”, or “Us”, as defined in the Terms of Use) collects, uses, processes, stores, shares, and protects Your Personal Data (as defined under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) when You access or use our website (“Website”), mobile application (“Application”) (collectively, the “Platform”), or avail the Platform Services and Wellness Services (as defined in the Terms of Use). This Policy is issued in accordance with the DPDP Act and Digital Personal Data Protection Rules 2025 (“DPDP Rules”) (DPDP Act and DPDP Rules are collectively referred to as “Data Protection Laws”), and other applicable laws of India. This Policy forms an integral part of, and shall be read together with, the Terms of Use available at www.nutryze.in/terms. Capitalised terms not defined herein shall have the meanings ascribed to them in the Terms of Use.
2. If You do not agree with this Policy, please do not access or use the Platform.
3. We act as a Data Fiduciary under the Data Protection Laws and are committed to complying with Data Protection Laws and other applicable laws, including without limitation the Information Technology Act, 2000.
4. By using the Platform, creating an Account, or availing Services, you (as a Data Principal under the Data Protection Laws, whether as a Customer or Wellness Professional), You acknowledge having read this Policy.
5. The Platform integrates third-party service providers, including video and audio communication service providers (such as SDK‑based video conferencing providers) used to enable live classes and real‑time interactions between Customers and Wellness Professionals; service providers for login and authentication; artificial intelligence and machine learning service providers used for automated assistance, system optimisation, nutritional assessment of images of food; cloud infrastructure and hosting service providers for storage, processing, and delivery of Platform data; push notification and messaging service providers for transactional communications; and analytics and performance monitoring service providers for service reliability and security (“Third Party Services”). These integrations involve sharing limited Personal Data with these service providers, as detailed below, however we do not permit third‑party service providers to use Personal Data for their own independent purposes without appropriate disclosures and lawful basis.
6. Please also keep in observance that our Platform may contain links to other sites not owned or controlled by us and We are not responsible for the privacy practices of those sites. We encourage you to be aware when You leave the Platform and to read the privacy policies of other sites that may collect Your Personal Information.
We process Personal Data strictly on the following lawful basis:
7.1. Legitimate uses, permitted under Section 7 of the DPDP Act, including processing necessary for the performance of the Terms of Use, usage of Platform and it features, Platform security, fraud prevention, and compliance with law.
7.2. Where processing of Personal Data is based on consent under the Data Protection Laws, such consent is obtained from Users (including Customers and Wellness Professionals) through clear affirmative action (in accordance with Section 6 of the DPDP Act), after providing a notice containing the information required under applicable law.
7.3. Consent is obtained at relevant points of interaction on the Platform, including at the time of account creation, feature activation, service usage, or submission of Personal Data. Consent is provided through clear affirmative actions, such as clicking a “Continue” or similar action button accompanied by a notice stating that continued use constitutes agreement to the Terms of Service and Privacy Policy, with accessible links to both documents.
7.4. Consent is purpose-specific, limited to the purposes expressly communicated at the time such consent is sought, and applies separately to Customers and Wellness Professionals. For clarity, the categories of Personal Data collected, the manner of collection, purposes of processing and sharing and disclosure are described in Sections 8, 9, 10, 11 of this Policy, respectively.
7.5. You have the right to withdraw Your consent at any time by emailing support@nutryze.in, via Contact Us section on the Platform, without affecting prior lawful processing for any processing of Personal Data that is based on consent, including for specific purposes such as marketing communications or non-essential Cookies. Withdrawal may limit Platform Services (e.g., inability to book sessions, track metrics, or use non-essential features) for the Customers and may lead to de-boarding from the Platform for Wellness Professionals.
7.6. Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal or of such processing as permitted under the Data Protection Laws.
7.7. Upon withdrawal, we shall immediately cease, and cause our Data Processors (as defined under the DPDP Act) to cease, the relevant processing. We shall erase or anonymize, and cause our Data Processors to erase or anonymize, the corresponding Personal Data in accordance with Data Protection Laws, unless retention is necessary for compliance with any law for the time being in force.
7.8. Any consent granted/withdrawn on the Platform is recorded and logged for audit purposes.
We collect only the Personal Data necessary for the specified purposes outlined in this Policy, in line with data minimization principles under the Data Protection Laws. The types of Personal Data We collect depend on Your role (Customer or Wellness Professional) and interactions with the Platform.
8.1.1. Account and Profile Information: Name, email address, phone number, date of birth, gender, general location information voluntarily provided by you (such as city or postal/pin code), and profile details (e.g., health-related metrics like weight, height, BMI, diet habits, lifestyle details, and medical fitness declarations). We do not collect precise geolocation data such as GPS coordinates unless explicitly stated otherwise.
8.1.2. Transaction and Payment Information: Billing/shipping details, order history, subscription details, payment references. We do not store payment credentials such as credit/debit card details, UPI IDs, or banking information).
8.1.3. Usage and Device Information: IP address, device type, browser type, operating system, access times, pages viewed, links clicked, and interactions with the Platform (e.g., session attendance, tracking of diet/workout plans, reports generated) (Refer to Section 10 to know the purpose of collection). This also includes device tokens for push notification (if you have enabled push notifications) and Your interactions with our emails, communications, messages, advertisements on third party platforms and other channels.
8.1.4. Your interactions with our customer support such as the date, time and reason for contacting us, transcripts of any chat conversations, and if you call us, your phone number;
8.1.5. Health and Wellness Data: Self-reported health conditions, eating habits, workout/diet logs, progress metrics (e.g., weight tracking), and images uploaded for AI-based nutritional assessment of food images.
8.1.6. Communications and User Content: Messages, reviews, feedback, suggestions, or other content You submit (e.g., User Content as defined in the Terms of Use), including audio/video recordings of sessions (for quality and dispute resolution purposes, as noted in the Services section of the Terms of Use).
8.1.7. Third-Party Data: Information from Social Logins (e.g., Google, Facebook, Apple) for account creation/authentication (we do not store third-party passwords) and data from Third-Party Services (e.g., video and audio service providers, such as SDK‑based video conferencing providers, artificial intelligence and machine learning service providers etc.).
8.2.1. Account and Profile Information: Name, email address, phone number, date of birth, gender, location (if provided), qualifications, experience, working hours, available slots, session descriptions, and professional details (e.g., certifications).
8.2.2. Transaction and Payment Information: Payment settlement details, earnings history, and references; We do not store sensitive credentials).
8.2.3. Usage and Device Information: IP address, device type, browser type, operating system, access times, pages viewed, links clicked, and interactions (e.g., sessions conducted, communications with Customers). This also includes device tokens for push notification (if you have enabled push notifications) and Your interactions with our emails, communications, messages, advertisements on third party platforms and other channels.
8.2.4. Professional Data: Details of sessions/consultations provided, communications with Customers, reviews/feedback received, and any reports generated.
8.2.5. Communications and User Content: Messages, reviews, feedback, or other content submitted, including audio/video recordings of sessions.
8.2.6. Third-Party Data: Information from Social Logins or verification services; data from Third-Party Services (e.g., video and audio service providers, such as SDK‑based video conferencing providers, artificial intelligence and machine learning service providers etc.).
8.3.1. We do not knowingly collect, process, or store Personal Data of children (individuals below eighteen (18) years of age) or persons with disability who have a lawful guardian, except upon obtaining verifiable consent from the parent or lawful guardian, in the manner prescribed under the Data Protection Laws.
8.3.2. Verifiable consent shall be obtained through appropriate technical and organisational measures, which may include reasonable verification that the consenting individual is a lawful guardian, based on reliable information available to or voluntarily provided to Us, or through permitted digital verification mechanisms, where applicable. In the case of persons with disability, we may rely on reasonable verification of lawful guardianship as recognised under applicable law. If You are person with disability who has a lawful guardian, you must not access, register on, or use the Platform, or provide any Personal Data, unless such verifiable consent has been duly provided by Your parent or lawful guardian.
8.3.3. Where We become aware that Personal Data of a child or a person with disability has been collected without verifiable consent, we shall take reasonable and prompt steps to delete such Personal Data and cease further processing in accordance with applicable law. Parents, lawful guardians, or authorised representatives who believe that such Personal Data has been collected may contact the Grievance Officer using the details provided in this Policy.
9.1. Directly from You: When You create an Account, register, provide profile details, book sessions, upload images, log metrics, or communicate with us/others on the Platform (applicable to both Customers and Wellness Professionals).
9.2. Automatically: Through cookies (as described below), device ID, device model, browser details, web beacons, or similar technologies for usage analytics. Device information / IP is collected when You access the Platform, including during video calls via video and audio calling service providers, such as SDK‑based video conferencing providers.
9.3. From Third Parties: Social Login providers; authentication services providers; other Users (e.g., Customers sharing data with Wellness Professionals via the Platform, or vice versa); or integrated services for video and voice calling (e.g., IP and device data during calls), artificial intelligence and machine learning service providers (e.g., processed image data for AI based food assessment, wellness report etc.).
9.4. Inferred Data: Generated reports or metrics based on Your inputs (e.g., BMI calculations for Customers, session reports for Wellness Professionals) and for AI wellness reports.
We process Personal Data only for specified, legitimate purposes under the Data Protection Laws (e.g., based on consent or for performance of contract). These map directly to the Platform Services and Wellness Services described in the Terms of Use.
10.1.1. To provide and facilitate Platform Services: Account creation/management, connecting with Wellness Professionals, booking appointments, conducting sessions (including video and audio calls), tracking metrics, generating reports, and enabling AI based nutritional assessments. No data will be used for profiling of Customers or for training any AI models.
10.1.2. To process payments and invoicing: Issuing invoices/receipts, and handling refunds (as per the Payments and Invoicing section of the Terms of Use).
10.1.3. To improve and personalize Services: Analytics essential Cookies, feedback incorporation, and enhancing user experience.
10.1.4. For communications: Sending transaction updates, support responses, notifications about subscriptions, sessions, grievance redressal or Platform changes.
10.1.5. For security and compliance: Fraud prevention, dispute resolution, session recordings for quality/safety (as noted in the Services section of the Terms of Use), legal obligations, and responding to authorities.
10.1.6. For reviews and quality control: Collecting/using User Content like reviews to assess suitability of Users (as per the User Content section of the Terms of Use).
10.1.7. For marketing and promotions: Sending promotional offers, newsletters, or marketing communications (with Your explicit consent; opt-out available as described in this Policy).
10.1.8. Platform performance monitoring: To monitor performance of the Application, including detecting errors, improving reliability and for performance optimization.
10.2.1. To provide and facilitate Platform Services: Account creation/management, on boarding, enabling communication with Customers for providing Wellness Services, scheduling sessions (including video calls via video calling service providers, such as SDK‑based video conferencing providers), and settling payments. No data is used for profiling of Wellness Professionals or to train any AI models.
10.2.2. To process payments and invoicing: Facilitating settlements and issuing receipts.
10.2.3. To improve and personalize Services: Analytics via essential Cookies, professional performance, feedback incorporation, and enhancing Platform features (e.g., slot availability optimization).
10.2.4. For communications: Sending updates on earnings, session bookings, support responses, or Platform changes.
10.2.5. For security and compliance: Verification of qualifications, fraud prevention, dispute resolution, legal obligations, and responding to authorities.
10.2.6. For reviews and quality control: Collecting/using reviews to assess suitability and maintain Platform standards.
10.2.7. For marketing and promotions: Sending promotional offers or marketing communications related to Platform features (with Your explicit consent; opt-out available as described in this Policy).
10.3. We do not process Personal Data for purposes beyond those notified, except as permitted under the DPDP Laws, including for any racial/medical profiling or for training any AI models.
All Platform data is stored and processed on secure cloud infrastructure provided by the cloud service provider.
11.1. We share and disclose Personal Data only as necessary and with appropriate safeguards:
11.1.1. With Wellness Professionals (for Customers' Data): Limited Customer data (e.g., profiles, health metrics) shared within the Platform to enable Wellness Services, as described in the Services section of the Terms of Use.
11.1.2. With Customers (for Wellness Professionals' Data): Limited Professional data (e.g., profiles, availability) shared for booking and reviews.
11.1.3. With Service Providers: Affiliates, contractors, or third parties bound by contractual obligations including:
11.1.3.1. Video and voice calling service providers for enabling live sessions, video calls etc.
11.1.3.2. Artificial intelligence and machine learning service providers for food image assessments (images uploaded by Users will be shared) and wellness reports.
11.1.3.3. Cloud infrastructure and hosting providers for storage and processing (as processors under our agreements, with security measures like encryption).
11.1.3.4. Push notification and messaging services providers to enable push notifications and Customer communications.
11.1.4. For Legal Reasons: With regulatory authorities, law enforcement, or courts if required, as noted in the Consent to Use Personal Data section of the Terms of Use.
11.1.5. In Business Transfers: In case of merger, acquisition, or asset sale, with notice to You.
11.2. We do not sell Personal Data. Sharing with Third-Party Services is governed by their terms (as per the Third-Party Services section of the Terms of Use).
12.1. A cookie is a small text file with an identifier sent by us to your computer or mobile device, and stored in your browser.
12.2. We use cookies and local storage essential for the Platform's core functions, such as authenticating Your account, securing Your session, and preventing unauthorized access. These are required for the Platform to function.
12.3. We also use cookies to enable live sessions, our real-time communication partners (SDKs) collect limited technical data (e.g., IP address, device type, and connection quality) for the purposes of ensuring call quality, debugging, service reliability, security monitoring etc.
12.4. Such information collected using cookies are used solely for service delivery and platform integrity and are not used for advertising or cross-platform tracking.
13.1. Wellness Professionals shall only use the Customer Data to the extent required to render the Wellness Services to the Customers within the Platform and as per the Terms of Use and this Policy.
13.2. No Wellness Professional shall, in any manner, attempt to do any act or omission, that would amount to any Customer Data leaving the environment of the Platform or leading to breach of Customer Data, in any manner whatsoever.
13.3. No Wellness Professional shall share use the Customer Data with an intent to solicit independent clients or provide/offer any goods or services outside the scope of Wellness Services on the Platform.
13.4. No Wellness Professional shall not attempt to copy, record, store or share any Customer Data.
13.5. No Wellness Professional shall seek any data from any Customer, save and except those that are processed on the Platform. Customer Data shall not be used by any Wellness Professional for any other purposes.
13.6. The Wellness Professionals hereby agree to indemnify Us for any non-compliance or breaches related to Customer data, as per the Specific Terms Applicable to Wellness Professionals in the Terms of Use or under this Clause.
13.7. We require Wellness Professionals to agree to these obligations during on boarding and may de-board them for violations (as per the Specific Terms Applicable to Wellness Professionals in the Terms of Use).
14.1. We implement reasonable security practices and procedures appropriate to the nature of Personal Data (including health data), in compliance with the Data Protection Laws and industry standards. Data on cloud servers is protected via their measures (e.g., encryption, audits). However, the Users hereby acknowledge that no system is infallible; and we cannot guarantee absolute security.
14.2. In case of a Personal Data breach likely to cause harm, We will notify the Users and the Data Protection Board of India within prescribed timelines under the Data Protection Laws.
15.1. We retain Personal Data only as long as necessary for the purposes collected, or as required by applicable laws. Thereafter, it is deleted or anonymized. Specifically, please note the retention periods for the following categories of data:
15.1.1. Account data: Retained while active; deleted upon Account closure (as per the Term and Termination section of the Terms of Use) including inactivity for a period of 1(one) year. In the event of deletion of Account due to inactivity, Users should be notified at least 48 hours in advance allowing them the opportunity to log in or exercise their rights regarding the data.
15.1.2. Transaction data: Transaction, payment, and invoicing data is retained for such periods as are required under applicable tax laws, accounting regulations, and directions issued by the Reserve Bank of India.
15.1.3. Health logs (Customers): Health and wellness-related data voluntarily provided by Customers is retained for the duration of the active subscription or engagement and is deleted or anonymised thereafter, unless a longer retention period is required under applicable law.
15.1.4. Professional data (Wellness Professionals): Personal Data of Wellness Professionals is retained for the duration of their active engagement on the Platform and deleted or anonymised upon de-boarding, subject to legal or contractual retention requirements.
15.1.5. Video session data (via video and audio communication service providers, such as SDK‑based video conferencing providers): Live session data is not recorded by default. Where session-related data is retained (with consent) for quality assurance, dispute resolution, or safety purposes, such data is retained only for a limited period and in accordance with applicable law and the terms governing the use of the service providers.
15.1.6. Food assessment data (via artificial intelligence and machine learning service providers): Images and related inputs submitted for AI-based food assessment are retained by Us only for so long as necessary to render the relevant assessment or support user access to the results. Thereafter, such data is deleted or anonymised, unless retention is required by law. Processing by third-party AI service providers is governed by our contractual arrangements with them.
15.1.7. Analytics and Usage Data: Analytics and usage data collected is retained in identifiable form only for a limited period necessary to analyse Platform performance, security, and usage trends. Such data is thereafter aggregated or anonymised, or deleted, and is subject to earlier deletion upon withdrawal of consent, where applicable.
16.1. Under the Data Protection Laws, You have the following rights, exercisable free of charge (subject to verification and exceptions, e.g., legal retention requirements or frivolous requests). We provide mechanisms to exercise these rights easily, with responses within 30 days (or any timelines prescribed under Data Protection Laws, if any). To exercise any right, submit a verified request by: (i) logging into Your Account and using the "Contact Us" section in settings (for access, correction, erasure, nomination, or withdrawal); (ii) emailing support@nutryze.in with the right specified in the subject line (e.g., "Request for Access"); or (iii) contacting our Grievance Officer (as described below). We may require identity verification (e.g., via email/phone) to process.
16.1.1. Right to Access: Obtain confirmation of whether Your Personal Data is being processed, a summary of the data, and details of processing (e.g., purposes, recipients). Mechanism: Email request can be sent on support@nutryze.in; We provide a downloadable report.
16.1.2. Right to Correction or Updating: Rectify inaccurate, incomplete, or outdated Personal Data. Mechanism: Update via Account profile/settings for basic info; for other data, email with specifics—We confirm changes within 7 days.
16.1.3. Right to Erasure: Request deletion of Personal Data when no longer necessary, consent is withdrawn, or processing is unlawful (subject to exceptions like legal obligations). Mechanism: Submit via email on support@nutryze.in; We delete/anonymize eligible data within 30 days and confirm.
16.1.4. Right to Nomination: Nominate an individual (via verifiable details like name/email) to exercise Your rights in case of death or incapacity. Mechanism: Set/update nominee via email on support@nutryze.in; We store securely and activate upon valid proof.
16.1.5. Right to Withdraw Consent: Revoke consent for processing (e.g., marketing and promotional messages) without affecting prior lawfulness. Mechanism: As detailed in section 7.5 of this Policy, i.e., via email to support@nutryze.in or through the Contact Us section of the Website; changes shall be effective immediately for ongoing processing.
16.1.6. Right to Grievance Redressal: Lodge complaints about any aspect of data processing or rights handling. Mechanism: Email Grievance Officer as per the details mentioned below; We acknowledge within 24 hours and resolve within 30 days. If unsatisfied, escalate to the Data Protection Board of India by filing a complaint as per the procedures outlined in the Data Protection Law (e.g., through their official portal or prescribed forms), available on the Ministry of Electronics and Information Technology website: https://www.meity.gov.in/.
Email Address: grievance@nutryze.in
17. Personal Data may be transferred outside India (e.g., to US-based servers for Third Party Service Providers) only in compliance with the Data Protection Laws (e.g., to countries with adequacy decisions or with standard contractual clauses). We ensure equivalent protection levels through agreements with providers.
We may update this Policy to reflect changes in laws or practices. We will notify You of all changes via email or Platform notice. For material changes that affect the processing of Your Personal Data (e.g., new purposes or sharing), We will seek Your express consent through an affirmative action (e.g., via in-app prompt or email confirmation) before applying the changes. If You do not provide such consent, we may limit or suspend Your access to the Platform, or You may withdraw consent and cease using the Platform (as per the Consent and Withdrawal section). Non-material changes will take effect upon notification, but You retain the right to withdraw consent or exercise other rights at any time. This aligns with the Changes to Agreement section of the Terms of Use.