This Privacy Policy is issued by the legal entity that operates the iNutrio application. All references to "iNutrio", "we", "us", or "our" in this document refer to BITRY LTD.
π Legal Entity Details
| Company Name | BITRY LTD |
| Company Type | Private Limited Company |
| Incorporated In | England and Wales, United Kingdom |
| Registered Office | London, United Kingdom |
| Role | Data Controller (under UK GDPR) |
| Application | iNutrio β AI Meal Planner |
| Target Market | United States of America |
| Contact | ceo.bitry.io@gmail.com |
π¬π§ Incorporated: England & Wales
πΊπΈ Primary Market: United States
βοΈ Governed by: UK GDPR + Companies Act 2006
π± Platform: Google Play & Apple App Store
Governing Law
BITRY LTD is incorporated in England and Wales and is subject to the laws of the United Kingdom, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a UK-registered company providing services to US users, we also comply with applicable US federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and COPPA.
This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory local consumer protection laws in the user's jurisdiction require otherwise.
Plain English: iNutrio is built and operated by BITRY LTD, a UK company based in London. We built this app for the US market. UK law governs how we handle your data, and we also follow US privacy laws like CCPA and COPPA. If you have any questions, email us at ceo.bitry.io@gmail.com.
2.1 Information You Provide Directly
| Data Type |
Examples |
When Collected |
| Account Information |
First name, avatar selection, email address |
Account creation |
| Physical Measurements |
Age, height, current weight, target weight |
Onboarding |
| Dietary Preferences |
Diet type (vegan, keto, halal, etc.), food allergies, food dislikes |
Onboarding & in-app settings |
| Health Goals |
Lose weight, build muscle, maintain weight, manage a medical condition |
Onboarding |
| Food Logs |
Meals marked as eaten, daily calorie tracking entries |
Daily app usage |
| Weight Entries |
Manual weight check-ins over time |
Progress screen |
| AI Chat Messages |
Messages sent to the AI nutrition coach |
AI Coach feature |
| Subscription Data |
Plan tier, purchase history (card details handled entirely by Apple/Google β we never see them) |
Subscription purchase |
2.2 Information Collected Automatically
| Data Type |
Details |
Purpose |
| Device Information |
Device model, OS version, device identifier |
Compatibility & crash reporting |
| Usage Analytics |
Screens viewed, features tapped, session duration |
Product improvement |
| Crash & Error Logs |
App crash reports, error stack traces |
Bug fixing |
| Push Token |
Firebase Cloud Messaging token |
Delivering meal reminders & AI coach messages |
| Advertising ID |
Android GAID / iOS IDFA β only for free-tier users. PRO subscribers are excluded. |
Ad personalization (opt-out available) |
2.3 What We Do NOT Collect
- We do not collect your precise GPS location
- We do not access your camera or photo library without explicit user action
- We do not collect payment card numbers (handled by Apple Pay / Google Pay)
- We do not sell personal data to data brokers or ad networks
- We do not collect data from users under 13 years of age
- We do not collect social security numbers or government IDs
Important: iNutrio collects health-related information such as body measurements, dietary restrictions, and nutrition goals. Under UK GDPR, health data is classified as "special category data" and is subject to the strictest legal protections.
3.1 Health Data We Process
- Body metrics: Height, weight, age, and weight change over time
- Dietary needs: Allergies, food intolerances, dietary restrictions (e.g., gluten-free, diabetic-friendly)
- Health goals: Weight loss/gain targets, calorie targets derived from TDEE calculation
- Nutrition logs: Daily food intake and calorie consumption records
- Voluntarily disclosed medical context: If you select "Manage a Condition" (e.g., diabetes, high cholesterol) β used solely to personalise meal suggestions
3.2 Legal Basis for Processing Health Data
Under UK GDPR Article 9, we process special category health data on the basis of your explicit consent (Article 9(2)(a)). You provide this consent when you complete the onboarding flow and input your health information. You may withdraw consent at any time by deleting your account.
3.3 How We Protect Health Data
- Stored in Firebase Firestore with strict server-side security rules β only authenticated users can access their own data
- All transmissions use TLS 1.3 encryption
- Data sent to OpenAI for meal plan generation is pseudonymised β we send profile attributes, not your name or email
- Health data is never shared with insurers, employers, lenders, or data brokers
- Health data is never used to train AI models without separate explicit consent
3.4 Medical Disclaimer
iNutrio is a wellness and nutrition planning tool only β it is not medical advice and is not a substitute for consultation with a licensed physician or registered dietitian. Always consult a qualified healthcare professional before making significant dietary changes, particularly if you have a medical condition.
3.5 Apple Health / Google Fit (Optional)
If you choose to connect Apple Health or Google Fit, we may read weight data to keep your plan accurate. This is entirely optional, requires your explicit device-level permission, and can be disconnected at any time from your device's Health settings. We do not write data back to Health platforms without your knowledge.
| Purpose |
Data Used |
Legal Basis (UK GDPR) |
| Generate personalised meal plans |
Age, weight, height, goal, diet type, allergies, calorie target, meal history |
Performance of contract / Explicit consent |
| Daily AI coach messages |
Name, yesterday's compliance, streak, today's plan |
Consent (notification permission) |
| Progress & streak tracking |
Daily meal logs, weight entries, compliance scores |
Performance of contract |
| Process subscription payments |
Purchase history, subscription tier (via RevenueCat) |
Performance of contract |
| Push notifications |
FCM token, meal plan data, streak status |
Consent |
| Show ads (free tier only) |
Advertising ID, general usage context |
Consent (ATT on iOS / consent on Android 13+) |
| Improve the product |
Aggregated, anonymised usage analytics |
Legitimate interests |
| Fraud prevention & security |
Device ID, account activity patterns |
Legitimate interests / Legal obligation |
| Legal compliance |
Any data required by applicable law |
Legal obligation |
What We Will Never Do With Your Data
- Sell your personal information to any third party
- Share your health data with insurance companies, employers, or lenders
- Use your data for political profiling or targeting
- Share individual user data with advertisers (only aggregated, anonymised statistics)
- Use your AI chat messages for any purpose beyond generating your response
- Transfer your data to any country without adequate legal safeguards
BITRY LTD uses the following trusted sub-processors and third-party services to operate iNutrio. We share only the minimum data necessary and have Data Processing Agreements (DPAs) or equivalent contractual safeguards in place with each.
π₯
Firebase β Google LLC (USA)
Authentication, Firestore database, push notifications (FCM), analytics, crash reporting (Crashlytics)
Data shared: User ID, anonymised usage events, device info, FCM push token
Transfer basis: Google's Standard Contractual Clauses (SCCs) and UK Addendum
β Firebase Privacy Policy
π€
OpenAI, L.L.C. (USA)
Powers AI meal plan generation and AI Coach chat responses via GPT-4o
Data shared: Pseudonymised health profile (age, weight range, goal, diet type, allergies). We do NOT send your name, email, or contact details to OpenAI. AI chat messages are processed to generate responses.
Note: OpenAI API does not use API-submitted data to train models by default (API Data Usage Policy). We have DPA in place.
Transfer basis: OpenAI Standard Contractual Clauses
β OpenAI Privacy Policy
π³
RevenueCat, Inc. (USA)
Manages in-app subscription entitlements and purchase verification
Data shared: User ID, subscription status, purchase events. Card details are handled exclusively by Apple App Store or Google Play β RevenueCat never sees payment card information.
Transfer basis: RevenueCat Standard Contractual Clauses
β RevenueCat Privacy Policy
π±
Google AdMob β Google LLC (USA)
Displays advertisements to free-tier users only. PRO subscribers see zero ads and are excluded from AdMob entirely.
Data shared: Advertising ID (Android GAID / iOS IDFA), device type, general app context. You can opt out via device settings.
Transfer basis: Google Standard Contractual Clauses
β Google Privacy Policy
π
Instacart β Maplebear Inc. (USA)
Grocery delivery integration. When you tap "Order on Instacart", you are redirected to Instacart's platform via an affiliate link.
Data shared: Grocery item names only. Once you leave the iNutrio app, Instacart's privacy policy governs all further interaction.
β Instacart Privacy Policy
π
Apple Inc. & Google LLC β App Stores
App distribution and in-app purchase payment processing
Note: Apple and Google collect their own data under their own privacy policies when you download or make purchases. BITRY LTD does not control this data collection.
β Apple Privacy Policy
Β·
β Google Privacy Policy
BITRY LTD does not sell, rent, or trade your personal information. We share data only in the following strictly limited circumstances:
6.1 Sub-Processors (Service Providers)
We share data with the third-party vendors listed in Section 5, solely to operate iNutrio. Each vendor is bound by a Data Processing Agreement (DPA) or equivalent contractual mechanism, prohibiting them from using your data for any other purpose.
6.2 Legal Requirements
We may disclose your data if required by law, court order, or lawful request by public authorities. This includes:
- Compliance with a legal obligation under UK, EU, or US law
- Requests from law enforcement with appropriate legal authority
- Protecting the rights, property, or safety of BITRY LTD, our users, or the public
Where legally permitted, we will notify you of such requests before complying.
6.3 Business Transfers
If BITRY LTD undergoes a merger, acquisition, restructuring, or insolvency proceeding, your personal data may be transferred to the acquiring entity. We will provide at least 30 days' advance notice via email and/or in-app notification. You will have the right to delete your account before any such transfer takes effect.
6.4 Aggregated & Anonymised Data
We may share aggregated, anonymised statistics (e.g., "65% of users prefer high-protein plans") with business partners or the public. This data cannot be reverse-engineered to identify individual users.
6.5 With Your Explicit Consent
Where you use our in-app share feature to post your meal plan or progress to social media, you consent to that specific disclosure. Shared content includes a "Generated by iNutrio" watermark. You control what is shared and when.
| Data Type |
Retention Period |
Reason |
| Account & profile data |
Until deletion + 30 days |
Account operation |
| Meal plans & food logs |
Until deletion + 30 days |
Progress history |
| AI chat messages |
90-day rolling window |
Conversation context for AI responses |
| Weight entries |
Until deletion + 30 days |
Progress tracking |
| Payment & subscription records |
7 years from transaction date |
UK HMRC tax compliance (Companies Act 2006) |
| Crash & error logs |
90 days |
Bug diagnosis and fixing |
| Anonymised analytics |
Indefinitely |
Aggregate product insights (not linkable to you) |
How to Delete Your Account & Data
You can permanently delete your account through two methods:
- In-app (fastest): Profile β Settings β Delete Account β Confirm deletion
- By email: Send a request to ceo.bitry.io@gmail.com with subject line "Account Deletion Request" from your registered email address
Upon confirmed deletion, all personal data is permanently removed from active systems within 30 days. Financial records required for UK tax compliance are retained for 7 years in anonymised form.
Google Play Compliance: In accordance with Google Play's Data Deletion policy (effective December 2023), iNutrio provides an in-app mechanism for account and data deletion. Users do not need to visit a website or contact support β deletion is available directly within the app.
ποΈ
Access
Request a full copy of the personal data we hold about you
βοΈ
Rectification
Correct any inaccurate or incomplete personal information
ποΈ
Erasure
Request permanent deletion of your account and all personal data
π¦
Portability
Receive your data in a structured, machine-readable JSON format
π«
Object
Object to processing based on legitimate interests
βΈοΈ
Restriction
Request we restrict processing while a complaint is investigated
π
Withdraw Consent
Withdraw consent for health data processing at any time
π΅
Opt-Out of Ads
Opt out of personalised ads via your device settings or upgrade to PRO
How to Exercise Your Rights
Most controls are available in-app under Profile β Settings. For formal data requests, email ceo.bitry.io@gmail.com. BITRY LTD will respond within 30 days (extendable to 60 days for complex requests, with notice).
We may need to verify your identity before fulfilling requests. We will never charge a fee for reasonable requests.
Notification Controls
- In-app: Profile β Settings β Notifications
- Device-level: Settings β Apps β iNutrio β Notifications (Android) or Settings β Notifications β iNutrio (iOS)
Advertising Opt-Out
- Android 13+: Settings β Privacy β Ads β Delete advertising ID
- iOS 14.5+: Settings β Privacy & Security β Tracking β Disable "Allow Apps to Request to Track"
- Upgrade to PRO: PRO subscribers are completely excluded from all advertising data collection
Age Requirement: iNutrio is intended for users aged 13 and older. The app is not directed at children under 13. Users aged 13β17 should have parental or guardian consent prior to use.
BITRY LTD does not knowingly collect personal information from children under 13 years of age. We comply with the US Children's Online Privacy Protection Act (COPPA). iNutrio is not marketed to or designed for children under 13.
During onboarding, users provide their age. If a user indicates they are under 13, the app will:
- Immediately block account creation
- Discard all data entered in that session without saving
- Display a clear age restriction notice
If we become aware that we have inadvertently collected data from a child under 13, we will delete that data promptly. Parents or guardians who believe a child under 13 has registered should contact us immediately at ceo.bitry.io@gmail.com.
Users Aged 13β17
For teenage users, we recommend parental involvement. Parents may request to review, modify, or delete their minor child's account data by contacting ceo.bitry.io@gmail.com with documentation establishing the parental relationship.
Technical Safeguards
- Encryption in transit: TLS 1.3 for all data between app and servers
- Encryption at rest: Firebase Firestore uses AES-256 encryption at rest
- Authentication: Firebase Authentication with secure session tokens; no passwords stored by BITRY LTD
- Firestore Security Rules: Server-side database rules enforce that users can only access their own data β not client-side only
- API Security: OpenAI API calls are made server-to-server via Firebase Cloud Functions β API keys are never exposed in the mobile app binary
- No plaintext passwords: Firebase Authentication handles all credential management
Organisational Safeguards
- Access to production data is restricted on a strict need-to-know basis
- All sub-processors are bound by Data Processing Agreements
- Regular review of Firebase security rules and API configurations
Data Breach Notification
In the event of a personal data breach that poses a risk to users' rights and freedoms, BITRY LTD will:
- Report the breach to the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware, as required by UK GDPR Article 33
- Notify affected users without undue delay where the breach is likely to result in high risk to their rights
- Notification will be sent to the email address registered on your account
Note: No method of internet transmission or electronic storage is 100% secure. While we implement commercially reasonable security measures, we cannot guarantee absolute security of data.
Context: BITRY LTD is a UK company. Our users are primarily in the United States. Our infrastructure (Firebase, OpenAI, RevenueCat) is based in the United States. This means your personal data is transferred from the UK to the US.
Legal Basis for UK β US Transfers
The United Kingdom is not in the EU post-Brexit, but the UK GDPR imposes similar transfer restrictions. The United States does not have a blanket UK adequacy decision. We rely on the following mechanisms for lawful transfer:
- UK International Data Transfer Agreements (IDTAs): Our agreements with Firebase (Google), OpenAI, and RevenueCat incorporate UK-approved IDTAs or the UK Addendum to the EU Standard Contractual Clauses, which are the appropriate transfer mechanism post-Brexit
- UK-US Data Bridge: Where applicable, we rely on the UK Extension to the EU-US Data Privacy Framework for transfers to certified US organisations
- Adequacy: For transfers to other countries where the UK has issued an adequacy regulation, we rely on that adequacy finding
Firebase Infrastructure
Firebase data centres are certified under ISO 27001, SOC 1, SOC 2, and SOC 3 standards, providing strong independent assurance of data protection practices. Google's Data Processing Terms include the UK IDTA.
Your Rights Regarding Transfers
You may request details of the specific transfer mechanisms we use for any particular sub-processor by contacting ceo.bitry.io@gmail.com. You may also request a copy of the relevant contractual safeguards.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional privacy rights. These rights are in addition to the general rights described in Section 8.
Your CCPA/CPRA Rights
- Right to Know: Know what personal information we collect, use, and disclose, including the specific pieces of information collected
- Right to Delete: Request deletion of personal information we have collected
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information for cross-context behavioural advertising
- Right to Limit Sensitive Personal Information: Limit use of sensitive personal information (including health data) to necessary purposes
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising CCPA rights
Do Not Sell or Share My Personal Information
BITRY LTD does not sell your personal information. BITRY LTD does not share your personal information for cross-context behavioural advertising. You do not need to submit an opt-out request β we do not engage in these practices.
Personal Information Categories Collected (Past 12 Months)
| CCPA Category |
Collected |
Sold |
Shared for Ads |
| Identifiers (name, email, device ID) | β
Yes | β No | β No |
| Health / medical information | β
Yes | β No | β No |
| Internet / app activity (usage data) | β
Yes | β No | β No |
| Inferences (goals, preferences) | β
Yes | β No | β No |
| Financial / payment information | β No (Apple/Google) | β No | β No |
| Precise geolocation | β No | β No | β No |
| Biometric information | β No | β No | β No |
Submitting a CCPA Request
California residents may submit requests by emailing ceo.bitry.io@gmail.com with subject "CCPA Privacy Request". We will respond within 45 days (extendable to 90 days with notice). We will verify your identity before processing requests. Requests are free of charge (up to two per 12-month period).
Note: Although iNutrio is primarily marketed to US users, BITRY LTD is a UK company and UK GDPR applies to our data processing activities. UK and EEA users who download the app also benefit from the following rights.
UK GDPR Rights Summary
Under the UK GDPR and Data Protection Act 2018, you have the rights listed in Section 8 of this policy (access, rectification, erasure, portability, objection, restriction, withdraw consent). These rights are enforceable against BITRY LTD as the data controller.
Data Controller
BITRY LTD is the data controller for all personal data processed in connection with iNutrio. BITRY LTD is registered/required to register with the UK Information Commissioner's Office (ICO) as a data controller.
Legal Bases for Processing (UK GDPR Article 6 & 9)
- Article 6(1)(b) β Contract: Processing necessary to provide the meal planning service you signed up for
- Article 6(1)(a) β Consent: Push notifications, advertising, health data
- Article 6(1)(f) β Legitimate Interests: Product analytics, fraud prevention, security (balanced against your rights)
- Article 6(1)(c) β Legal Obligation: Tax and financial record retention under UK law
- Article 9(2)(a) β Explicit Consent: Special category health data processing
Right to Lodge a Complaint
If you believe BITRY LTD has not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the UK supervisory authority:
ποΈ UK Supervisory Authority
We encourage you to contact us first at ceo.bitry.io@gmail.com β we aim to resolve all privacy concerns directly and promptly.
BITRY LTD may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. When changes are made:
- The "Last Updated" date at the top of this page will be revised
- Material changes (those that significantly affect your rights or how we use your data): we will notify you via push notification and/or prominent in-app banner at least 7 days before the changes take effect
- Minor changes (clarifications, typo corrections, new sub-processor additions): we will update this page without separate notification, but the "Last Updated" date will change
- Previous versions of this policy are available on request by emailing ceo.bitry.io@gmail.com
Your continued use of iNutrio after the effective date constitutes acceptance of the updated policy. If you do not agree, you may delete your account before changes take effect.
Version History
| Version | Date | Summary |
| 1.0 | January 1, 2025 | Initial policy β iNutrio app launch |
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact BITRY LTD:
Registered Company Details
π’ BITRY LTD
| Legal Name | BITRY LTD |
| Jurisdiction | Incorporated in England and Wales, United Kingdom |
| Registered Office | London, United Kingdom |
| Privacy Email | ceo.bitry.io@gmail.com |
| Support Email | ceo.bitry.io@gmail.com |
| Application | iNutrio β AI Meal Planner |
Quick Request Links
UK Supervisory Authority
If you are not satisfied with our response to a privacy concern, you have the right to contact the UK Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.