Legal

NutriStack Privacy Policy

Effective date: May 21, 2026

Last updated: May 21, 2026

1. Introduction and Scope

This Privacy Policy explains how Ben Williams and Drew Gassen ("NutriStack," "we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the NutriStack mobile application for iOS (the "App").

NutriStack is a personal supplement and wellness organizer. It helps you build and schedule a supplement "stack," track when you take supplements, log how you feel, scan product barcodes and labels, review bundled educational research, and, for subscribers, ask an AI supplement advisor questions about your routine.

This policy applies to your use of the App. It does not apply to third-party services that you may reach from the App, or to products or websites operated by anyone other than us. By using the App, you acknowledge the practices described here.

NutriStack is not a medical service. NutriStack is an informational and organizational tool. It does not provide medical advice, diagnosis, treatment, or care, and it is not a substitute for a qualified healthcare professional. The information in the App, including AI-generated responses and bundled research summaries, is for general educational purposes only. Always consult a licensed clinician before starting, stopping, or changing any supplement, vitamin, medication, or health routine. See Section 11 for the full disclaimer.

2. Who We Are and How to Contact Us

The data controllers responsible for your information are Ben Williams and Drew Gassen.

Privacy contact email: privacy@nutristackapp.com
Mailing address: 325 Turtle Creek Dr, McKinney, TX 75072, USA

If you have questions about this policy, want to exercise a privacy right, or want to make a complaint, please contact us using the details above.

3. Information We Collect

NutriStack is designed to keep data collection to a minimum. The App can be used in a local-only mode without an account. In that mode, the data described below is stored only on your device. If you choose to create an account, your data is also backed up to the cloud so you can restore it and sync across devices (see Section 5).

3.1 Health-related and wellness information you provide

NutriStack is built around health-related information that you enter yourself. We treat this information as sensitive. It may include:

Your supplement stack: the supplements, vitamins, minerals, and herbal products you take; dosage amounts and units; frequency and scheduled times; whether each is taken with food; brand names; personal notes; remaining-count and reorder reminders; and a flag indicating whether an item is a prescription and, if you choose to enter it, who prescribed it.
Intake logs: records of when you took, skipped, or missed a scheduled supplement dose, and any skip reason you enter.
Wellness logs: daily self-reported scores and notes for mood, energy, sleep quality, focus, stress, digestion, and overall wellness; logged sleep hours; and whether you exercised and for how long.
Health profile and onboarding answers: optional details such as your name, age or age range, sex, life stage, dietary restrictions, allergies, diet type, stress level, exercise frequency, experience level, your primary health concern, and the health goals you select.
Routine and schedule: the meal and sleep/wake times you provide so the App can schedule reminders.

Biomarker reference information. The App includes a bundled, read-only library that explains which lab biomarkers are associated with certain supplements (for example, typical reference ranges and expected response timelines). This is general educational reference content shipped inside the App. NutriStack does not ask you to upload, and does not collect, your personal laboratory or blood-test results.

3.2 Account and authentication information

If you create an account, we collect the information needed to authenticate you and operate the account, which may include your email address, a display name, the sign-in providers you use (Sign in with Apple, Google Sign-In, or email/password), and a unique account identifier assigned by our authentication provider. We do not store your password; password-based sign-in is handled by Firebase Authentication.

3.3 Subscription information

If you purchase the NutriStack Pro subscription, the purchase is processed by Apple through the App Store. We do not receive or store your full payment card details. The App and our servers do receive and use Apple-provided subscription information, such as a signed transaction confirming whether your subscription is active, to unlock Pro features and verify Pro access for the AI advisor. If you have an account, your subscription status (whether Pro is active) is stored with your account so it can be restored across devices.

3.4 Purchase and cost tracking you enter

NutriStack includes optional features that let you record how much you spend on supplements (for example, price per container, servings per container, purchase dates, vendor names, and purchase notes). This information is entered by you and is separate from your App Store subscription billing.

3.5 AI advisor conversations

If you use the AI advisor, we process the questions you type and the App context that is sent with them. See Section 6 for a detailed description of the AI feature and the data shared with our AI provider.

3.6 Information we do not collect

NutriStack does not include third-party advertising, third-party analytics or marketing SDKs, or cross-app/cross-site tracking. The App does not collect the Advertising Identifier (IDFA), does not ask for App Tracking Transparency permission, and does not track you across other companies' apps or websites. We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising.

3.7 Device permissions

Permission	Why it is used
Camera	Used only when you choose to scan a supplement barcode or product label to identify a product quickly. The camera is not used for any other purpose. Camera images are processed on your device for scanning and are not collected by us as a feature of this functionality.
Notifications	Used, with your permission, to remind you to take scheduled supplements and to log wellness entries. You can disable notifications at any time in iOS Settings.

These permissions are optional. The App remains usable if you decline them, though the related features will be limited.

4. How We Use Your Information

We use the information described above only to operate and improve the App for you, specifically to:

Provide core functionality: building your stack, scheduling doses, tracking intake, logging wellness, and showing your progress, streaks, and achievements.
Generate personalized, in-app organizational insights, such as timing suggestions, interaction flags, and correlations between your supplements and your wellness logs.
Send the supplement and wellness reminders you have enabled.
Authenticate you and operate your account.
Back up your data and sync it across your devices when you are signed in.
Provide AI advisor responses when you use that feature (see Section 6).
Verify your NutriStack Pro subscription status and unlock Pro features.
Maintain the security, integrity, and reliability of the App, including preventing abuse and enforcing rate limits on the AI feature.
Respond to your support requests and comply with our legal obligations.

We do not use your health-related or wellness information for advertising, and we do not use it to build profiles of you for any purpose other than delivering the App's features to you.

5. Data Storage, Cloud Sync, and Service Providers

5.1 On-device storage

Your supplement stack, logs, wellness entries, profile, and other app data are stored locally on your device. If you use NutriStack without an account, your data stays on your device and is not transmitted to our cloud (other than AI requests you choose to send, see Section 6).

5.2 Cloud backup and sync

If you sign in, NutriStack backs up your data so it can be restored and synced across your devices. This backup is stored in Google Firebase Cloud Firestore, in a per-account area keyed to your account identifier. Synced data includes your profile, supplement stack, supplement intake logs, wellness logs, purchase records, achievements, and weekly challenges, along with basic account metadata (email, display name, sign-in providers, and subscription status).

5.3 Third-party service providers (data processors)

We rely on a small number of trusted service providers that process data on our behalf so the App can function. We do not sell your data to any of them.

Provider	Role	What it processes
Google Firebase (Google LLC): Authentication, Cloud Firestore, Cloud Functions, App Check	Account sign-in, encrypted cloud backup and sync, the secure server that powers the AI advisor, and app-integrity verification.	Account identifiers and metadata; your synced app data; AI requests routed through our Cloud Function.
Google Sign-In (Google LLC)	Optional sign-in method.	Authentication tokens and basic profile information (name, email) that you authorize Google to share when you choose to sign in with Google.
Apple (Apple Inc.): Sign in with Apple, App Store, In-App Purchase	Optional sign-in method; subscription purchase, billing, and renewal.	Authentication tokens for Sign in with Apple; subscription transaction and status information for NutriStack Pro. Apple processes all payments.
OpenAI (OpenAI, L.L.C.)	Generates AI advisor responses.	Your AI questions and the App context sent with them, only when you use the AI feature (see Section 6).

Each provider processes data under its own privacy terms. We encourage you to review the privacy policies of Google/Firebase, Apple, and OpenAI.

5.4 Security

We take reasonable and appropriate measures to protect your information. Data transmitted between the App and our service providers is encrypted in transit using industry-standard TLS. Cloud data in Firestore is access-controlled so that each account can only read and write its own data, enforced by server-side security rules. The AI feature is protected by Firebase Authentication, Firebase App Check (app-integrity verification), and per-account rate limiting. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

6. The AI Advisor and Data Shared with OpenAI

NutriStack Pro includes an in-app AI supplement advisor. When you send a message to the AI advisor, here is exactly what happens:

Your typed message, recent conversation history, and relevant App context are sent from the App to our own secure server (a Firebase Cloud Function). Depending on the AI mode you choose, the App context can include a summary of your active supplement stack (names, dosages, timing, brand, prescription flags, and notes), recent wellness log scores, and recent adherence statistics.
Our Cloud Function verifies that you are signed in, verifies app integrity, confirms your NutriStack Pro subscription, and applies rate limits. It then forwards your message and context to the OpenAI API to generate a response.
The OpenAI API key is held only on our server. It is never stored in the App, and the App never contacts OpenAI directly.
OpenAI processes the request and returns a response, which our server streams back to your App.

In short, when you use the AI advisor, your prompts and the supplement and wellness context described above are shared with OpenAI for the sole purpose of generating your response. If you do not use the AI advisor, none of this data is sent to OpenAI. To learn how OpenAI handles API data, see OpenAI's Privacy Policy and applicable API data-usage terms.

Please avoid entering information in AI messages that you do not want processed by a third-party AI provider, and remember that AI responses are general educational information, not medical advice.

7. Data Retention

On-device data is retained until you delete it in the App, sign out with the option to clear local data, switch accounts, or delete the App from your device.
Cloud backup data is retained for as long as your account exists, so it can be restored and synced. It is overwritten as you make changes and is deleted when you delete your account (see Section 8).
AI feature operational data, such as short-lived rate-limit counters, is retained only as long as needed to operate and protect the feature.
We may retain limited information longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.

8. Deleting Your Account and Data

You are in control of your data and can delete it at any time.

8.1 Delete your account in the App

Open Settings in the App, go to the Account section, and tap Delete Account. Confirming this action will:

Permanently delete your cloud backup in Firestore, your profile, supplement stack, supplement intake logs, wellness logs, purchase records, achievements, weekly challenges, and account record.
Permanently delete your authentication account.
Remove your app data stored locally on the device you used to delete the account.

Deleting your account does not cancel an active App Store subscription. A subscription is managed by Apple. To cancel NutriStack Pro and stop future charges, go to your device's Settings → [your name] → Subscriptions.

8.2 Delete local data without an account

If you use NutriStack in local-only mode, you can remove your data by deleting individual entries in the App or by deleting the App from your device.

8.3 Request deletion by email

If you cannot use the in-app deletion option, contact us at privacy@nutristackapp.com and we will assist you. We may need to verify your identity before acting on the request.

9. Your Privacy Rights

Depending on where you live, you may have specific rights over your personal information. You can exercise these rights using the in-app tools described in Section 8 or by contacting us at privacy@nutristackapp.com. We will not discriminate against you for exercising your rights.

9.1 General rights

Access: Most of your data is directly visible to you within the App.
Correction: You can edit your profile, stack, and log entries directly in the App.
Deletion: You can delete your account and data as described in Section 8.
Export / portability: You may request a copy of your account data in a portable format by emailing us.

9.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, the UK, or Switzerland, you have the rights to access, rectify, erase, and restrict the processing of your personal data; to data portability; to object to certain processing; and to withdraw consent where processing is based on consent. Our legal bases for processing are:

Performance of a contract: to provide the App, account, and features you request.
Consent: for optional features such as camera access, notifications, and the processing of health-related data you choose to enter and (where applicable) sync or send to the AI advisor. You may withdraw consent at any time.
Legitimate interests: to keep the App secure, prevent abuse, and operate the service, balanced against your rights.
Legal obligation: where we must process data to comply with the law.

Health data is a "special category" of personal data under the GDPR; we process it based on your explicit consent in choosing to enter it and use the related features. You have the right to lodge a complaint with your local data protection authority. If we do not have an EU/UK establishment, you may contact us at the email above regarding any representative requirements.

9.3 California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it; the right to request access to and deletion of your personal information; the right to correct inaccurate personal information; and the right not to be discriminated against for exercising your rights. The categories of personal information we collect are described in Section 3 (identifiers, account information, health and wellness information, commercial/purchase information you enter, and user-generated content).

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. The health and wellness information in the App is sensitive personal information; we use it only to provide the App's features to you and not for purposes that would trigger a right to limit its use under the CPRA. You may exercise your California rights using the in-app tools or by emailing privacy@nutristackapp.com. You may use an authorized agent to submit a request, subject to verification.

10. Children's Privacy

NutriStack is not directed to children. The App is intended for users who are at least 13 years old, and at least 16 years old in regions where 16 is the minimum age of digital consent. We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact privacy@nutristackapp.com and we will delete it. Decisions about supplement use for minors should always involve a parent or guardian and a qualified healthcare professional.

11. NutriStack Is Not a Medical Service

NutriStack is an informational and organizational tool. It is not a medical device, a healthcare provider, or a telehealth service, and it does not provide medical advice, diagnosis, treatment, or care.

All content in the App, including supplement information, interaction and timing flags, bundled research summaries, biomarker reference ranges, and AI advisor responses, is for general educational and informational purposes only. The AI advisor is an automated tool, not a licensed clinician, and its responses may be incomplete or inaccurate. Statements about supplements have not been evaluated by the U.S. Food and Drug Administration or any equivalent regulator, and the App is not intended to diagnose, treat, cure, or prevent any disease.

Always seek the advice of a physician, pharmacist, or other qualified healthcare provider before starting, stopping, or changing any supplement, vitamin, or medication, especially if you have a medical condition, take prescription medications, or are pregnant or nursing. Never disregard professional medical advice or delay seeking it because of something you read or generated in NutriStack. In a medical emergency, call your local emergency number immediately.

12. International Data Transfers

We use service providers, including Google and OpenAI, that may store and process information on servers located in the United States and other countries. If you access the App from outside the United States, your information may be transferred to, stored in, and processed in the United States and other jurisdictions whose data-protection laws may differ from those of your country. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for international transfers of personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, provide a more prominent notice within the App or by other appropriate means. Your continued use of the App after an updated policy takes effect means you accept the changes.

14. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or your information, contact us at:

Email: privacy@nutristackapp.com
Entity: Ben Williams and Drew Gassen
Address: 325 Turtle Creek Dr, McKinney, TX 75072, USA