Privacy Policy

Last updated: February 10, 2026

1. Introduction

Nutrition Llama ("we", "us", or "our") is operated from Canada. We are committed to protecting your privacy and handling your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). This policy explains what data we collect, why we collect it, and how we use it.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a display name (if you choose to provide one). Your password is cryptographically hashed before storage — we never store your password in plain text and cannot retrieve it.

Nutrition Data

We store the food items and nutrition information you choose to save and log through the application, including food names, nutrition facts, serving sizes, meal types, and dates. This data is provided entirely at your discretion — we only store what you explicitly submit.

Uploaded Images

When you scan a nutrition label, the image is sent to a third-party AI service (currently OpenRouter) for analysis via a vision language model. The image is processed to extract nutrition data and is not permanently stored by us. Please refer to OpenRouter's privacy policy for details on how they handle data passed through their API.

3. Analytics

We use Plausible Analytics, a privacy-focused analytics tool. Plausible does not use cookies, does not collect personal data, and does not track individual users across sites. All data is aggregated and no personally identifiable information is gathered. Plausible is compliant with GDPR, CCPA, and PECR.

4. How We Use Your Information

We use the information we collect to:

  • Provide and maintain your account
  • Store and display your saved food items and daily nutrition logs
  • Analyze nutrition label images you submit
  • Understand aggregate usage patterns through anonymous analytics

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Third-Party Services

We use the following third-party services:

  • OpenRouter — Routes nutrition label images to a vision language model for analysis. Image data is transmitted to their API and processed according to their privacy policy.
  • Plausible Analytics — Privacy-focused, cookieless web analytics. No personal data is collected.

We do not use any other third-party services that process your personal data.

6. Data Storage and Security

Your data is stored in a PostgreSQL database. We use industry-standard security measures including encrypted passwords (hashed with bcrypt), HTTP-only authentication cookies, and secure token-based authentication. While no system is perfectly secure, we take reasonable steps to protect your information.

7. Your Rights

Under PIPEDA, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Withdraw consent for the collection and use of your information

To exercise any of these rights, please contact us using the information below.

8. Cookies

We use only essential cookies required for authentication (session tokens). We do not use any tracking cookies or third-party cookies. Plausible Analytics operates without cookies entirely.

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. Your continued use of the application after changes are posted constitutes acceptance of the revised policy.

10. Contact

If you have questions about this privacy policy or wish to exercise your rights regarding your personal data, please contact us at the email address associated with the application administrator.