NutraForge | Privacy Policy

Introduction
NutraForge Technologies Inc. (“NutraForge,” “we,” “us,” or “our”) is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy applies to all NutraForge products and services, including:
• The NutraForge mobile application for individual users (“Consumer App”), and
• The NutraForge PRO web application for health practitioners and organizations (“Practitioner App”).

By accessing or using our Services, you agree to the practices described in this Policy.

Information We Collect
We collect and process different types of information depending on how you use our Services:

Identifiers
Name, email address, phone number, postal address, account credentials, and IP address.

Health and Nutrition Data
Dietary preferences, meal logs, fitness goals, biometrics, and other health data provided by users.
For the Practitioner App, this also includes client data added or managed by practitioners within their organization (with client consent).

Organization Details (Practitioner App)
Information needed to create or manage an organization within NutraForge PRO, such as organization name, structure, and member assignments.

Commercial and Transactional Data
Purchase and subscription history, billing and payment records, and information related to payment management for clients.

Usage and Technical Data
Device type, browser information, operating system, IP address, cookies, session activity, and analytics data. (See our Cookie Policy for details.)

Legal Basis for Processing
• Consent – for processing health data and marketing communications.
• Contractual necessity – to provide, maintain, and improve the Services.
• Legal obligations – for tax, billing, and regulatory compliance.
• Legitimate interests – to enhance security, usability, and performance.

How We Use Your Information
We use collected data to:
• Provide and improve personalized nutrition and wellness services.
• Enable practitioner–client collaboration within organizations.
• Manage subscriptions, billing, and secure payment processing.
• Authenticate users and maintain account security.
• Send important notifications, service updates, and promotional offers (with opt-out options).
• Conduct anonymized analytics to improve our products.
• Comply with applicable legal and regulatory requirements.

For NutraForge PRO
Practitioners can add clients to their organization, view and edit relevant data, and manage client billing using our integrated Stripe system. Clients must consent to being added to an organization before data access is granted. Practitioners are responsible for maintaining confidentiality within their organization.

Data Sharing and Third Parties
We share personal data only when necessary, with:
• Payment processors – Stripe for direct billing; Apple App Store and Google Play Store for mobile subscriptions.
• Cloud providers – Google Cloud for secure storage and infrastructure.
• Analytics providers – PostHog for usage and performance analytics (data is pseudonymized or aggregated).
• Authentication and access control – Auth0 for secure login and identity management.
• Legal or regulatory authorities – when required by law.

All third-party partners are contractually obligated to safeguard your information and may not use it for unrelated purposes.

Data Security
We employ industry-standard security measures, including:
• AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
• Role-based access controls and multi-factor authentication.
• Regular security reviews, audits, and vulnerability testing.
• Segregated storage for consumer and practitioner data.

Despite these measures, no system is completely secure. Report any suspicious activity to support@nutraforge.ca.

Your Rights
Depending on your jurisdiction, you may have the right to:
• Access or receive a copy of your data (portability).
• Correct inaccurate or incomplete information.
• Request deletion of non-essential data, subject to legal retention obligations.
• Withdraw consent for non-essential processing or marketing communications.

Submit requests to support@nutraforge.ca. We aim to respond within 30 days.

Practitioner and Client Data Relationship
• Practitioners act as data controllers for the information they enter or manage about their clients.
• NutraForge acts as a data processor, providing the secure platform and infrastructure.
• Clients who join a practitioner’s organization consent to sharing their data with that practitioner.
• When a client leaves an organization, practitioner access is revoked except where retention is legally required.

International Data Transfers
Personal data is primarily stored in Canada and the United States. When data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

Children’s Privacy
Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe we have collected such information, contact us so it can be removed.

Refund Policy

App Store and Google Play Purchases (Consumer App)
• Subscriptions: Cancel anytime via your Apple ID or Google Play account. Refunds must be requested directly through Apple or Google.
• One-time purchases: Refund requests must be submitted within 14 days through the respective store.

NutraForge PRO Subscriptions (Practitioner App)
• Managed directly through Stripe. Refunds are handled on a case-by-case basis for billing errors or technical issues.
• Contact support@nutraforge.ca for assistance.

Policy Updates
We may update this Privacy Policy periodically. Material updates will be communicated via email or in-app notifications. Continued use of the Services after updates constitutes acceptance of the revised terms.

Contact Us
Data Protection Officer
Email: support@nutraforge.ca
Mailing Address:
NutraForge Technologies Inc.
100 Signal Hill Rd, St. John’s, NL, Canada A1A 1B1

This policy complies with:
• CCPA (California Consumer Privacy Act)
• PIPEDA (Personal Information Protection and Electronic Documents Act – Canada)
• GDPR (European Union General Data Protection Regulation)
• Apple App Store Guidelines (§ 3.1.2(a) on refunds