Privacy Policy
Effective Date: March 28, 2026
Tailored Nutrition LLC ("Tailored Nutrition," "we," "us," or "our") operates the website tailorednutritionllc.org (the "Website") and the Tailored Nutrition mobile application (the "App"). Together, the Website and App are referred to as the "Services."
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services. Because our App collects sensitive health-related data to generate personalized nutrition plans, we encourage you to read this policy carefully.
Related Policies
This Privacy Policy works alongside our Consumer Health Data Privacy Policy, which provides additional protections for health data under state consumer health data privacy laws (including Washington, Nevada, and Connecticut). Where both policies address a topic, the more protective provision applies. Please review both documents to understand your full rights.
- We collect health data only to personalize your meal plans and nutritional guidance
- We never sell your personal information or health data
- Our AI providers (Anthropic and OpenAI) do not use your data to train their models
- You can delete all your data at any time through the App
- We do not use tracking cookies, advertising pixels, or ad networks
- We do not share your data with advertisers, data brokers, employers, or insurers
- We extend privacy rights to all U.S. residents, not just California
- Information We Collect
- How We Use Your Information
- AI and Automated Processing
- Third-Party Service Providers
- Information Sharing and Disclosure
- Cookies, Tracking Technologies, and Do Not Track
- Data Retention
- Data Security and Breach Notification
- Your Rights and Choices
- U.S. State Privacy Rights
- Children's Privacy
- International Users
- Changes to This Policy
- Contact Us
1. Information We Collect
We collect different types of information depending on how you interact with our Services.
1a. Website — Launch Notifications
When you sign up for launch notifications on our Website, we collect:
- Email address — provided voluntarily through our signup form
1b. App — Account Information
When you create an account in our App, we collect:
- Email address — used as your account identifier
- Name — your display name
- Password — stored only in hashed form (we never store or see your plaintext password)
If you sign in using a third-party authentication provider (Google or Apple), we receive your email address and, optionally, your name from that provider. We do not receive or store your Google or Apple password.
1c. App — Health and Body Composition Data
Our App collects detailed health information through an in-depth survey to generate personalized nutrition plans. This includes:
- Demographics — date of birth, biological sex, height, and weight
- Body metrics — calculated values such as BMI and basal metabolic rate (BMR)
- Reproductive health (collected from users who identify as female, at your discretion) — reproductive state (e.g., menstrual cycle tracking, pregnancy week, breastfeeding type, postpartum status, menopause stage), cycle length, cycle regularity, and birth control type
- Activity and training — occupation activity level, lifestyle movement, resistance training details (frequency, duration, intensity, body part focus, volume, progressive overload), cardio activities, and training experience level
- Performance enhancement substances — if voluntarily disclosed, current status (natural, TRT, enhanced cycle, or off-cycle), specific compounds and dosages, cycle duration, and related health considerations
- Health conditions — any medical conditions you choose to disclose (e.g., PCOS, diabetes, hypertension) and their severity
- Medications — names, dosages, frequency, and route of administration for medications you choose to disclose
- Dietary preferences — dietary patterns (e.g., vegetarian, Mediterranean), food allergies, food dislikes, and health-oriented nutrition targets (e.g., increased energy, improved sleep)
- Budget and cooking preferences — meal frequency, weekly grocery budget, cooking skill level, maximum cooking time per meal, and any custom dietary instructions
For detailed information about how we handle consumer health data under state health data privacy laws, see our Consumer Health Data Privacy Policy.
1d. App — Usage and Tracking Data
As you use the App, we collect:
- Food log entries — meals consumed, nutritional values, dates, and timestamps
- Weight log entries — weight measurements over time
- Meal preferences — meals you have liked, disliked, or requested substitutions for, and the reasons you provide
- Grocery cart data — meals added to your shopping list and custom grocery items
- Chat conversations — messages you send to our in-app nutritional assistant and the responses you receive
- Feedback and feature requests — posts you submit through the in-app feedback system (displayed anonymously to other users)
- Notification preferences — your chosen notification categories and quiet hours
1e. App — Subscription Information
- Subscription status — whether your subscription is active, the source (promotional code, in-app purchase), and expiration date
- Promotional codes — codes you have redeemed
We do not directly collect or store payment card numbers. Payment processing for in-app purchases is handled entirely by Apple (App Store) or Google (Play Store) through their respective payment systems.
1f. Device and Technical Information
We automatically collect certain technical information to maintain and improve our Services:
- Device information — device type, model, and operating system version (collected via crash reporting)
- App version — the version of the Tailored Nutrition App you are using
- Crash and error data — error stack traces and application performance metrics (collected via Sentry when the App encounters an error)
- IP address — recorded in server access logs for security and rate-limiting purposes
We do not collect advertising identifiers (IDFA/GAID), precise geolocation data, contacts, photos, or data from other apps on your device.
1g. Local Device Storage
To provide a seamless experience, certain data is stored locally on your device:
- Authentication tokens — stored in your device's encrypted secure storage (platform-native secure keychain)
- Survey draft — if you begin but do not complete the health survey, your in-progress answers are saved locally on your device so you can resume later. This draft is stored in standard app storage and is cleared when you submit the survey or log out
- Consent and preference flags — small boolean values recording whether you have completed onboarding steps (e.g., health data consent acknowledgment)
Data stored in your device's standard app storage (as opposed to the encrypted secure storage used for authentication tokens) is protected by your device's built-in security features (device lock, OS-level app sandboxing) but is not additionally encrypted by our App.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Personalized nutrition plans — Calculate your nutritional targets (calories, macronutrients, micronutrients) and generate AI-powered meal plans | Survey responses, health data, dietary preferences | Your consent; performance of services you requested |
| Adaptive recommendations — Refine your calorie and macronutrient targets over time through our adaptive TDEE system | Food log, weight log | Your consent; performance of services you requested |
| Time-sensitive updates — Automatically recalculate age, menstrual cycle phase, pregnancy week, and training progression | Date of birth, reproductive health data, training data | Performance of services you requested |
| In-app chat assistance — Provide personalized answers through the nutritional assistant | Profile data, chat messages | Your consent; performance of services you requested |
| Account authentication — Verify your identity and provide secure access | Email, password hash, auth tokens | Performance of services you requested |
| Communications — Send password reset codes, launch notifications, and service-related communications | Email address | Performance of services you requested; your consent (for marketing) |
| Service improvement — Improve our algorithms and Services | Aggregated, de-identified usage patterns only | Legitimate interest |
| Security and abuse prevention — Detect fraud, enforce rate limits, and prevent abuse | IP address, device info, authentication logs | Legitimate interest |
3. AI and Automated Processing
Our Services use artificial intelligence to provide core functionality. We want you to understand exactly how your data is processed by AI systems.
Your data is NOT used to train AI models. Our AI providers (Anthropic and OpenAI) process your data solely to generate responses on your behalf. Under both Anthropic's and OpenAI's API data usage policies, customer API inputs and outputs are not used to train their models. Your health data, survey responses, and chat conversations are never used for AI training by our providers or by Tailored Nutrition.
3a. Meal Plan Generation
When you request meal plans, the following data is sent to our AI provider to generate personalized meals: your age, sex, height, weight, activity level, calorie and macronutrient targets, dietary preferences, food allergies, food dislikes, cooking skill level, grocery budget, and any relevant health condition or medication nutrient adjustments. The AI generates meal options with ingredients and cooking instructions based on this profile.
3b. Health Data Validation
When you enter certain health information during the survey — such as medications, medical conditions, or performance enhancement substances — this data may be sent to our AI provider for validation purposes, including checking dose ranges, identifying potential nutrient interactions, and flagging health considerations.
3c. Nutritional Chat Assistant
When you use the in-app chat, your messages and your current health profile are sent to our AI provider so the assistant can provide contextually relevant nutritional guidance. Your conversation history within a chat session is also included for continuity.
3d. Nutritional Validation
AI-generated meal nutritional data may be cross-referenced with the USDA FoodData Central database to verify accuracy. Ingredient names and quantities are sent to the USDA's publicly available database for this validation.
3e. Automated Decision-Making
Our AI systems generate meal plan recommendations and nutritional targets based on the data you provide. These are recommendations, not binding decisions. You retain full control to:
- Review, modify, or reject any AI-generated meal plan
- Update your survey responses at any time to change the recommendations you receive
- Contact us to request human review of any AI-generated recommendation
We do not use automated processing to make decisions that produce legal effects or similarly significant effects concerning you.
3f. AI Limitations
AI-generated content, including meal plans, nutritional data, and chat responses, may contain errors, omissions, or suggestions that may not be appropriate for your specific health needs. While we strive for accuracy and cross-validate nutritional data against the USDA database, you should always verify critical nutritional information and consult with a healthcare professional before making significant dietary changes, especially if you have food allergies, medical conditions, or take medications.
4. Third-Party Service Providers
We use the following categories of third-party service providers to operate our Services:
- AI processing — Anthropic (Claude) and OpenAI — We use Anthropic (Claude) as our primary AI provider for meal generation and chat assistance, and OpenAI for certain survey validation tasks (health condition lookups, medication interactions, birth control validation, and supplement analysis). Data sent to these providers is used solely to process our requests and generate responses. Neither Anthropic nor OpenAI uses API inputs or outputs to train their models under their respective API data usage policies.
- Authentication providers — Google and Apple — If you choose to sign in with Google or Apple, your authentication token is verified with the respective provider. We receive only your email address and, optionally, your name.
- Email delivery — Resend — We use Resend to deliver password reset codes and launch notification emails. The service receives only the recipient email address and message content.
- Nutritional databases — USDA FoodData Central — We query the USDA FoodData Central database to validate the nutritional accuracy of AI-generated meals. Only ingredient names and quantities are sent; no personal information is included in these queries.
- Crash reporting — Sentry — We use Sentry to collect crash reports, error logs, and application performance data. This data may include device type, operating system version, and error stack traces. No personal health data, survey responses, or meal plan information is sent to Sentry. Crash reporting is disabled in development builds and only active in production.
- Subscription management — RevenueCat — We use RevenueCat to manage in-app subscriptions purchased through the Apple App Store and Google Play Store. RevenueCat receives your anonymous user ID and subscription status to verify your entitlements. RevenueCat does not receive your name, email, health data, or survey responses.
- Grocery shopping integration — Instacart — If you use the "Buy on Instacart" feature, your grocery list items (ingredient names, quantities, and units) are sent to Instacart to create a shoppable list. No personal health data, dietary preferences, or account information is shared with Instacart.
All third-party service providers are contractually bound to use your information only for the purpose of providing services to us and are prohibited from using it for their own purposes. If we change service providers or add new ones that handle personal data, we will update this policy accordingly.
5. Information Sharing and Disclosure
We do not sell, rent, or share your personal information with third parties for their direct marketing purposes. We do not share your data with advertising platforms, data brokers, social media companies, employers, insurers, or creditors.
We may disclose your information only in the following circumstances:
- Service providers — As described in Section 4, to third-party providers who perform services on our behalf
- Legal requirements — If required by law, regulation, subpoena, court order, or other legal process
- Safety — If we believe disclosure is necessary to protect the rights, property, or safety of Tailored Nutrition, our users, or the public
- Business transfers — In connection with a merger, acquisition, or sale of all or a portion of our assets, in which case you will be notified via a prominent notice on our Website or within the App before your personal information is transferred to a new entity
- Anonymized feedback — Feature requests and bug reports you submit through the in-app feedback system are displayed to other users in an anonymized form (your name and email are never shown)
6. Cookies, Tracking Technologies, and Do Not Track
Our Website does not use third-party tracking cookies, analytics services, or advertising pixels. We do not track your activity across other websites. No third parties collect personally identifiable information about your online activities through our Website.
Our App uses local device storage (secure storage for authentication tokens) but does not use third-party analytics SDKs, advertising identifiers, or cross-app tracking.
Do Not Track (DNT) and Global Privacy Control (GPC): Because our Services do not track users across third-party websites or apps, we do not respond to DNT browser signals — no third-party tracking occurs regardless. We honor Global Privacy Control (GPC) signals; however, since we do not sell or share personal information for advertising, no additional action is required when a GPC signal is detected.
7. Data Retention
We retain your personal information only for as long as necessary to provide the Services and fulfill the purposes described in this policy. The specific retention periods are:
| Data Type | Retention Period |
|---|---|
| Account credentials (email, name, password hash) | Duration of active account |
| Survey and health data | Duration of active account; permanently deleted on account deletion |
| Food and weight logs | Duration of active account; permanently deleted on account deletion |
| Chat conversations | Duration of active account; permanently deleted on account deletion |
| Meal plans and preferences | Duration of active account; permanently deleted on account deletion |
| Grocery cart data | Duration of active account; permanently deleted on account deletion |
| Notification preferences | Duration of active account; permanently deleted on account deletion |
| Subscription records | Duration of active account; may be retained up to 7 years after deletion for tax and legal compliance |
| Password reset codes | 15 minutes (automatically deleted after expiration) |
| Authentication tokens (revoked) | Until original expiration (24 hours), then automatically purged |
| Crash reports (Sentry) | Per Sentry's retention policy (90 days by default) |
| Server access logs (IP addresses) | 90 days, then automatically purged |
| Website email signups | Until you unsubscribe or request deletion |
| Aggregated, de-identified data | May be retained indefinitely; this data cannot be used to re-identify any individual |
Account Deletion
When you delete your account (available in the App under Profile settings), all of your personal data — including your survey responses, health data, meal plans, food and weight logs, chat history, grocery data, notification data, and meal preferences — is permanently deleted from our active systems. This action is irreversible. We also direct any third-party processors who received your data to delete it.
As disclosed in our Terms of Service (Section 13), we may retain anonymized, aggregated data sets derived from User Content that do not identify individual users. Such data cannot be linked back to you after account deletion.
Inactive Accounts
We may implement an inactive account deletion policy in the future to comply with data minimization principles. If we do, we will update this policy with specific timelines and notify you by email before any deletion occurs.
8. Data Security and Breach Notification
8a. Security Measures
We implement the following security measures to protect your personal information:
- Password hashing — Passwords are hashed using an industry-standard one-way hashing algorithm with salt. We never store plaintext passwords.
- Secure token storage — Authentication tokens are stored in your device's platform-native secure storage, not in plaintext or local storage.
- Token revocation — Logout and account deletion immediately invalidate your authentication token.
- Access controls — Server-side data files are restricted with appropriate file permissions. Your data is accessible only to you through your authenticated account.
- Atomic writes — Data is written using atomic file operations to prevent data corruption.
- Input validation — All user inputs are validated and sanitized to prevent injection attacks.
- Rate limiting — Authentication endpoints are rate-limited to prevent brute-force attacks, with account lockout after repeated failed attempts.
- Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
While we take reasonable measures to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.
8b. Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify affected individuals by email and through an in-app notification without unreasonable delay, and no later than 60 days after discovery of the breach, consistent with the FTC Health Breach Notification Rule
- Notify the Federal Trade Commission (FTC) as required by applicable law
- Provide a description of the breach, the types of data involved, the steps we are taking to address the breach, and recommended steps you can take to protect yourself
- Comply with all applicable state breach notification laws, which may require shorter notification timelines in certain jurisdictions
8c. HIPAA Disclaimer
Tailored Nutrition is not a HIPAA covered entity or business associate. We do not create, receive, maintain, or transmit Protected Health Information (PHI) on behalf of any healthcare provider, health plan, or healthcare clearinghouse. The health data you provide is consumer-generated wellness data, not clinical health records. If you have questions about how your health data may be protected under other laws, see Section 10 (U.S. State Privacy Rights) and our Consumer Health Data Privacy Policy.
9. Your Rights and Choices
You have the following rights regarding your personal information. We extend these rights to all users, regardless of your state or country of residence:
- Access — You may request to know what personal information we hold about you. Within the App, you can view all your stored data at any time through your Profile.
- Correction — You may update your survey responses, name, and email address at any time within the App. You may also request corrections by contacting us.
- Deletion — You may delete your entire account and all associated data at any time through the App (Profile > Delete Account). You may also request deletion by contacting us.
- Data portability — You may request a copy of your personal data in a commonly used electronic format (JSON). Contact us to make this request.
- Withdraw consent — You may withdraw your consent to the collection and processing of your health data at any time by deleting your account or contacting us. Withdrawing consent may limit or eliminate your ability to use features that require health data.
- Opt-out of communications — You may unsubscribe from email communications at any time by using the unsubscribe link included in every email, or by contacting us directly.
- Notification control — You may customize or disable any category of in-app notifications through the App's notification preferences.
- Right to appeal — If we decline to take action on your request, we will inform you of the reason and provide instructions for how to appeal the decision. You may also file a complaint with the Attorney General of your state or the Federal Trade Commission.
How to Exercise Your Rights
To exercise any of these rights, contact us at support@tailorednutritionllc.org. You may also submit requests through an authorized agent; if you use an authorized agent, we may require the agent to provide proof of written authorization and we may verify your identity directly.
Response timeline: We will acknowledge your request within 10 business days and complete it within 30 days. If we need additional time (up to 15 additional days for complex requests), we will notify you in writing with an explanation.
Identity verification: Before processing requests to access, correct, or delete your data, we will verify your identity by asking you to confirm information associated with your account (such as your email address).
10. U.S. State Privacy Rights
We provide the core privacy rights described in Section 9 to all U.S. residents, regardless of which state you live in. The following disclosures address additional requirements under specific state privacy laws.
10a. California (CCPA/CPRA & CalOPPA)
If you are a California resident, you may have additional rights under the CCPA/CPRA depending on applicable thresholds. In compliance with CalOPPA and regardless of whether we currently meet CCPA thresholds, we voluntarily provide the following disclosures:
| Category of Personal Information | Specific Data Elements | Source | Business Purpose | Sold or Shared? |
|---|---|---|---|---|
| Identifiers | Email address, name, IP address | Directly from you; automatically collected | Account creation, authentication, security | No |
| Health and biometric information | Height, weight, BMI, health conditions, medications, reproductive health, allergies (see Section 1c) | Directly from you; derived by our systems | Personalized meal plan generation, adaptive recommendations | No |
| Commercial information | Subscription status, promotional codes | From app store payment systems; directly from you | Subscription management, entitlement verification | No |
| Internet or electronic network activity | App usage data, food logs, weight logs, chat messages, crash reports (see Sections 1d, 1f) | Automatically collected; directly from you | Service delivery, adaptive recommendations, error monitoring | No |
| Sensitive personal information | Health data, medications, reproductive health, substance use (see Section 1c) | Directly from you | Personalized nutrition services at your explicit direction | No |
Additional California rights:
- Sale or sharing — We do not sell or share your personal information as defined by the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.
- Right to limit use of sensitive personal information — Because we use sensitive personal information only to provide the services you have requested, no additional limitation is necessary.
- Non-discrimination — We will not discriminate against you for exercising any of your privacy rights.
- "Shine the Light" — We do not share personal information with third parties for their direct marketing purposes.
10b. Virginia (VCDPA)
If you are a Virginia resident, you have the rights described in Section 9. Additionally:
- Reproductive and sexual health data — Under the VCDPA amendments effective July 1, 2025, we are required to obtain separate consent before collecting reproductive and sexual health information. We obtain this consent during the onboarding survey before collecting any reproductive health data. You may withdraw this consent at any time.
- Right to opt out of profiling — You may opt out of profiling that produces legal or similarly significant effects. Our AI-generated meal plans are recommendations that you can accept, modify, or reject, and we do not believe they produce such effects. If you disagree, contact us to opt out.
10c. Colorado (CPA)
If you are a Colorado resident, you have the rights described in Section 9. We support universal opt-out mechanisms as required by the Colorado Privacy Act.
10d. Connecticut (CTDPA)
If you are a Connecticut resident, you have the rights described in Section 9. For additional protections specific to consumer health data, see our Consumer Health Data Privacy Policy, which includes geofencing restrictions and enhanced consent requirements under Connecticut law.
10e. Washington, Nevada, and Other State Health Data Laws
If you are a resident of Washington, Nevada, Connecticut, or another state with consumer health data privacy laws, please see our Consumer Health Data Privacy Policy for detailed disclosures about how we collect, use, share, and protect your consumer health data, including your specific rights under those laws.
10f. Additional States
As additional state privacy laws take effect, we will extend the rights described in Section 9 to residents of those states. Because we already provide core privacy rights to all users universally, we believe we meet or exceed the requirements of all currently effective U.S. state consumer privacy laws.
11. Children's Privacy
Our Services are restricted to users who are 18 years of age or older. We require age confirmation during account registration. We do not knowingly collect personal information from anyone under 18.
In compliance with the Children's Online Privacy Protection Act (COPPA), if we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete that information and terminate the associated account.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@tailorednutritionllc.org and we will take steps to delete that information.
12. International Users
Tailored Nutrition is operated from the United States. If you access or use our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
By using our Services, you consent to the transfer of your information to the United States and acknowledge that your data will be subject to U.S. law.
European Economic Area (EEA), United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland:
- Legal basis for processing — We process your personal data based on the legal bases described in Section 2 (consent, performance of a contract, legitimate interest). For health data classified as special category data under GDPR Article 9, we rely on your explicit consent, which is obtained during the onboarding survey.
- Data transfers — Your data is transferred to the United States. We rely on your explicit consent as the legal mechanism for this transfer.
- Your rights — In addition to the rights in Section 9, you have the right to lodge a complaint with your local data protection supervisory authority.
- Data Protection Officer — For privacy inquiries related to GDPR, contact us at support@tailorednutritionllc.org.
We are committed to protecting your data regardless of your location. If you have questions about how your data is handled under the laws of your jurisdiction, please contact us.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Effective Date" at the top of this page
- Post a "What Changed" summary describing the specific changes
- Post a notice on our Website or within the App
- For significant changes affecting how we handle health or sensitive data, we will notify you by email at least 30 days before the changes take effect
- Where required by law, obtain your consent before implementing changes to how we process your data
Prior versions of this policy will be available upon request. We encourage you to review this page periodically.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights regarding your personal information, or have concerns about how your data is handled, please contact us:
Tailored Nutrition LLC
Email: support@tailorednutritionllc.org
We will respond to privacy-related inquiries within 30 days.