Legal

Privacy Policy

Last updated: March 1, 2026 ยท Effective immediately

1. Who We Are

Raphera Nutrition ("we," "our," or "the Service") is a physician-designed nutrition planning tool operated at rapheranutrition.com. We are not a healthcare provider, hospital, or covered entity under HIPAA. Information you provide is used solely to generate personalized meal plans and grocery lists.

2. Information We Collect

We collect information you provide directly:

  • Account information: email address, name, password (hashed โ€” never stored in plain text)
  • Health profile: age, height, weight, medical conditions, medications, food allergies, activity level, grocery preferences
  • Lab values (optional): A1C, lipid panel, blood pressure, eGFR, liver enzymes โ€” for personal trend tracking only
  • Weight entries (optional): self-reported weight over time for personal trend tracking
  • Deviation logs (Gold tier): off-plan meals you choose to log for analysis
  • Device and session data: IP address, browser user agent, session identifiers โ€” for security and one-account-per-device enforcement

We do not collect payment card data. Payment processing is handled by Stripe and governed by Stripe's privacy policy.

3. How We Use Your Information

  • To generate your personalized weekly meal plans and grocery lists
  • To maintain your account and authenticate you securely
  • To enforce our one-account-per-device policy and detect automated abuse
  • To send transactional emails (account creation, billing receipts, plan summaries) โ€” no marketing email without your explicit opt-in
  • To improve the service through aggregated, anonymized usage analytics
  • Research (with consent only): Anonymized, de-identified aggregate data may be used for nutritional research or quality improvement. This is disclosed at signup and requires your affirmative consent. No individual data is ever shared.

4. We Do Not Sell Your Data

We do not sell, rent, trade, or otherwise transfer your personal information or health data to any third party for commercial purposes. Period.

5. Third-Party Services

We use a limited number of third-party services to operate the platform:

  • Anthropic: AI model provider used to generate meal plans and analyze deviations. Inputs are sent to Anthropic's API. Anthropic's data use policy applies.
  • Stripe: Payment processing. We do not store card data. Stripe's privacy policy governs payment data.
  • Turso / libSQL: Database hosting for your account and health profile data. Data is stored on infrastructure in the United States.
  • Vercel: Application hosting. Server logs may include IP addresses for operational purposes.

We do not share your data with advertising networks, data brokers, or analytics platforms.

6. Data Retention

Your account data is retained for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon deletion, personal data is removed within 30 days. Aggregated, anonymized analytics data may be retained indefinitely.

7. Security

Passwords are hashed using bcrypt and never stored in recoverable form. Data in transit is protected by TLS. Access to production databases is restricted to authorized personnel. Device and IP logging is used to detect unauthorized access attempts.

No security system is perfect. We cannot guarantee absolute security, and we encourage you not to share your password.

8. Your Rights

  • Access: You can view all profile data in your dashboard at any time
  • Correction: You can update any profile field at any time
  • Deletion: You can request full account deletion โ€” email us at the address below
  • Data portability: You may request a copy of your data in a machine-readable format
  • Opt-out of research use: You may withdraw research consent at any time in your profile settings

If you are located in the European Economic Area or California, you may have additional rights under GDPR or CCPA. Contact us to exercise them.

9. Children

Raphera Nutrition is not directed to individuals under 18. We do not knowingly collect information from minors. If we become aware that a minor has created an account, we will delete it.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notice at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions about this policy or requests regarding your data: support@getnutricart.com

Terms of ServiceยทCookie Policy