Privacy Policy
App Version: 1.1.0
This Privacy Policy explains how the MyNutrio app collects, uses, and protects your personal data. The app provides health-related information but does not provide medical advice. If you have any questions, please contact the developer.
🗑️ Account and Data Deletion Request
Users have full control over their data. To delete your account and all associated data, please use one of these methods:
- In-App: Use the "Delete Account and Data" option located at the bottom of the Settings page (under the Danger Zone section) for instant deletion of local and cloud (Firebase) data.
- Email Request: Send an email with the subject "Account Deletion Request" to mynutrio_support@dayzenstudio.com (Requests are generally processed within 48 hours).
Security Note: Data deletion is permanent and cannot be undone. Merely uninstalling the app will not delete your cloud-stored data.
When you delete your account and data, all your personal data (profile information, food logs, weight history, etc.) is immediately and permanently removed from our systems. However, for security, abuse prevention, and legal audit requirements, basic systemic transaction records (audit logs such as who deleted the account and when) are securely stored for 90 days and are automatically and completely deleted at the end of this period.
Information We Collect
Personal and Health Information
- Google Account Information (For Google Sign-In Users):
- Your email address (obtained from your Google account)
- Your profile photo (optional, obtained from your Google account)
- First and last name (obtained from your Google account)
- This information is used for authentication and account management
- Google's privacy policy and terms of service also apply
- Profile Information: Name, date of birth/age, gender, height, weight, target weight
- Health Information: Allergy list, medical conditions, dietary preferences (vegan, vegetarian, etc.), protein supplement use
- Lifestyle Information: Activity level, eating habits (meal timing), cooking skills
- Nutrition Data: Daily meal logs, food consumed, calorie/macro tracking, water intake, meal timing
- Physical Activity Data: Step counts, walking distance, active duration, and calories burned during these activities
- Goal and Preference Data: Daily calorie/macro goals, weight goal, weekly weight change target, nutrient limits (sugar, saturated fat, sodium)
- App Preferences: Theme selection, unit system (metric/imperial), language preference, notification settings, privacy settings
Automatically Collected Information
- Device Information: Device model, operating system, app version
- Usage Data: Which features are used, app usage duration, premium and ad interactions
- Error Reports: Technical information in case of app crashes (no personal data)
How We Use Your Information and Legal Basis
Data Processing Purposes
We use your data for the following purposes:
- Provide personalized nutrition recommendations
- Calculate calories and nutritional values
- To help you track your progress
- Background Step Tracking: To measure physical activity and calculate calories burned even when the app is closed
- Improve app performance and security
- Resolve technical issues and report errors
- Send you notifications (with your permission)
- Fulfill legal requirements
Legal Basis (GDPR Article 6 and 9)
We process your personal data based on the following legal grounds:
- Consent: Explicit consent is obtained for your health data (weight, calories, meal records) (GDPR Article 9 - Special Categories of Personal Data)
- Contract Performance: We process your profile and nutrition data to provide app services
- Legitimate Interest: Anonymous usage data is processed for app security, bug fixes, and performance improvements
- Legal Obligation: Necessary data is retained for legal requirements such as tax and financial reporting
Data Storage and Security
Cloud Storage (For Google Sign-In Users)
- Google Cloud Firestore: When you sign in with your Google account, your data is securely stored in Google Cloud Firestore
- Server Location: Your data is stored on Google Cloud servers in the Europe region (eur3 - Belgium)
- Multi-Device Sync: Cloud storage allows you to access your data from all your devices
- Encryption: All data transfers are encrypted with TLS/SSL, and data is also encrypted in the cloud
- Access Control: Only your Google account can access your data; other users cannot see it
- Backup: Protected by Google Cloud's infrastructure security and backup systems
- Revocable: You can stop cloud storage at any time by signing out of your Google account
Local Storage
- All your personal data is stored locally in your device's secure app sandbox
- For users who don't use a Google account, data stays only on the device and is never sent to any servers
- When you delete the app, your local data on the device is permanently deleted
Security Measures
- Cloud data is stored encrypted, while local data is protected by the device's sandbox environment
- Google Cloud Firestore security rules prevent unauthorized access
- Security improvements are made with app updates
- Third-party access is prevented
- Privacy and security best practices are followed
Background Tracking and Foreground Services
- Our app uses Android's Foreground Service technology to count steps continuously and accurately.
- While this service is running, a persistent notification is shown in the notification panel; this notification informs the user that the app is counting data in the background.
- You can stop this permission at any time from the app settings or system settings.
Data Retention Period
- Active Accounts: Your data is retained as long as your account is active
- After Account Deletion: When you delete your account and data, all your personal data (profile information, food logs, weight history, etc.) is immediately and permanently removed from our systems. However, for security, abuse prevention, and legal audit requirements, basic systemic transaction records (audit logs) are securely stored for 90 days and are automatically and completely deleted at the end of this period. Merely uninstalling the app does not delete your cloud data linked to your Google account.
- Subscription and Payment Information: All subscription payments are managed and processed by Google Play Store. Your payment information (credit card, billing address, etc.) is stored entirely in Google's systems and is subject to Google's data retention policy. As the developer, we have no access to your payment information whatsoever.
- Anonymous Statistics: Anonymous usage data collected by Firebase Analytics (does not include identity information) is subject to Google's data retention policy
International Data Transfers (GDPR Articles 44-50)
- EU Data Storage: Google Cloud Firestore stores your data within the European Union (Belgium - eur3), fully GDPR compliant
- Google Services: Firebase and AdMob services are provided by Google LLC (USA), however:
- Google is certified under the EU-US Data Privacy Framework
- Google uses EU Standard Contractual Clauses and the June 2024 KVKK Standard Contractual Clauses (SCC) for data transfers
- Your data is primarily processed in the EU region
- Data Security: All international data transfers are protected with TLS/SSL encryption
- Right to Object: If you wish to object to data transfers outside the EU, you can use the app with local storage only without using a Google account
Advertising and Analytics
Google AdMob Ads
- Google AdMob ads are shown in the free version
- You can turn off personalized ads from your device settings or Google Ad Settings
- Ad preferences can be managed through Google Ad Settings
- Data used for ads is subject to Google's privacy policy
- Temporary premium access can be granted by watching ads
Firebase Services
- Firebase Authentication: Authentication service for Google sign-in users - Your email address and profile information are obtained from your Google account
- Firebase Cloud Firestore: Cloud data storage service for users signed in with Google account - All your nutrition and health data is securely stored in the Europe (eur3) region
- Firebase Analytics: Anonymous usage statistics (features used, app usage time, etc.) - Your data is irreversibly hashed using SHA-256 for anonymity. Instead of specific food names, only categorical data is sent. In accordance with the data minimization principle, this analytical data is retained for a maximum of 2 months and then automatically deleted.
- Firebase Crashlytics: App crashes and error reports (device model, OS version, error details - does not contain personal data) - Required to detect technical issues
- These services are subject to Google's privacy policy: Google Privacy Policy
- Data collected by Firebase Analytics and Crashlytics does not include your identity information and is processed anonymously
- Important: Firebase Analytics and Crashlytics are required for stable app operation and technical issue detection, and cannot be disabled
Your Rights
Your Rights Under KVKK (Turkey)
Under the Law No. 6698 on Protection of Personal Data (KVKK), you have the following rights:
- Right to Information: Learn whether your personal data is being processed
- Right of Access: Request information if your personal data has been processed
- Right to Rectification: Request correction of your personal data
- Right to Erasure: Request deletion or destruction of your personal data
- Right to Object: Object to the processing of your personal data
Your Rights Under GDPR (EU/Europe)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Right to learn what personal data is being processed about you
- Right to Rectification: Right to correct inaccurate or incomplete personal data
- Right to Erasure / "Right to be Forgotten": Right to request deletion of your personal data
- Right to Restriction of Processing: Right to request restriction of data processing under certain conditions
- Right to Data Portability: Right to receive your personal data in a structured, commonly used, and machine-readable format (CSV, PDF) and transfer it to another data controller
- Right to Object: Right to object to data processing based on legitimate interests or public interest
- Right not to be subject to Automated Decision-Making: Right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects
- Right to Lodge a Complaint: Right to lodge a complaint with the relevant data protection authority (Personal Data Protection Authority in Turkey)
How to Exercise Your Rights?
- In-App: You can use Settings > Data & Privacy Management > "Download Your Information" or Danger Zone > "Delete Account and Data" options
- Email: You can send your written request to mynutrio_support@dayzenstudio.com
- Response Time: Your request will be responded to within 30 days (in compliance with KVKK and GDPR requirements)
- Identity Verification: We may need to verify your identity for security purposes
KVKK Explicit Consent Statement
Under the Law No. 6698 on Protection of Personal Data ("KVKK"), regarding the processing of my personal data:
1. Processing of My Health Data
I give my explicit consent to the processing of my health data, which is special category personal data (weight, height, BMI values, calorie tracking, meal records, food consumption history, allergy information, medical conditions, medication and supplement use).
2. Cloud Storage and Synchronization
When I sign in with my Google account, I give my explicit consent to:
- Obtaining my email address, first name, last name, and profile photo from my Google account,
- Storing all my personal and health data encrypted in Google Cloud Firestore (Europe - eur3 region),
- Using my data for multi-device synchronization,
- Secure data transfers with TLS/SSL encryption,
3. Use of Firebase Services
I give my explicit consent to the processing of my data for Firebase services (Authentication, Cloud Firestore, Analytics, Crashlytics, Remote Config) used within the app. I understand that the anonymous usage data collected by Firebase Analytics and Crashlytics does not include my identity information and is only used to improve app performance.
4. Statistical Analysis
I give my explicit consent to the processing of my personal and health data, after being anonymized, for statistical analysis and app improvement purposes.
5. Ad Display
I give my explicit consent to the display of Google AdMob ads and the processing of necessary data for this purpose while using the free version. I understand that I can turn off personalized ads at any time through device settings or Google Ad Settings.
Right to Withdraw Consent
Right to Withdraw Consent: I understand that I can withdraw this explicit consent at any time. To withdraw my consent, I can: sign out of my Google account to stop cloud storage, use the "Delete Account and Data" option in app settings, or send an email to mynutrio_support@dayzenstudio.com to make a request. I accept that when I withdraw my consent, my data will be immediately and permanently deleted and I may not be able to use the app's core features.
Cookies and Local Storage
- Local storage is used to save your app preferences
- Web cookies are not used (mobile app only)
- Your preferences are stored securely on your device
Children's Privacy
⚠️ AGE RESTRICTIONS
- Minimum Age: 18 years - MyNutrio is intended for users aged 18 and above
- Age Rules: The app collects age information during profile creation. According to the Terms of Service, use by individuals under 18 is prohibited
- Under 18 Usage: Use of the app by individuals under 18 is strictly prohibited (KVKK and GDPR Article 8 compliance)
- Data Storage: User data is stored locally on the device and in Firebase Firestore when signed in with Google. The developer can only access data within Firebase security rules for support and legal request purposes
- Contact: For questions about your account, please contact mynutrio_support@dayzenstudio.com
Third-Party Services
Third-party services used in the app:
- Google Play Services: App updates, in-app purchases (subscription management)
- Google AdMob: Ad display (banner and interstitial ads for free users)
- Firebase (Google):
- Firebase Authentication - Google sign-in
- Firebase Cloud Firestore - Cloud data storage
- Firebase Analytics - Usage statistics
- Firebase Crashlytics - Error reporting
Note: Each of these third-party services has its own privacy policy. Please review the relevant service's privacy policy.
Automated Decision-Making and Profiling (GDPR Article 22)
The App Makes Automatic Calculations (Advisory Nature)
- Calorie Calculations: Your daily calorie needs are calculated using automatic formulas (Harris-Benedict, Mifflin-St Jeor)
- Nutritional Value Calculations: Macro and micronutrient values of foods you eat are automatically calculated
- Progress Tracking: Metrics such as weight change and calorie balance are automatically analyzed
- Important Note: These automatic calculations:
- Are advisory only, not medical decisions or diagnoses
- Do not produce legal consequences
- Users can make manual corrections at any time
- May not fully reflect your personal health status
- Right to Object: If you do not wish to rely on automatic calculations, you can use manual data entry and editing
- Profiling: The app uses your profile data (age, gender, activity level) to provide personalized recommendations, but this profiling does not produce legal consequences
Data Breach Notification and Emergency Procedures
🚨 Actions in Case of Data Breach
We maintain the highest level of security for your personal data. However, in the event of a data breach:
Our Responsibilities:
- Notification Within 72 Hours: Within 72 hours from detecting the breach:
- Notification to the Personal Data Protection Authority (KVKK)
- Notification to relevant data protection authorities (GDPR)
- User Notification: Affected users will be immediately informed via email
- Transparency: Clear and understandable information will be provided about the breach:
- Which data was affected
- Possible consequences
- Measures taken
- What users should do
- Corrective Measures: Necessary technical and administrative measures to prevent the breach will be taken immediately
Your Rights:
- Right to information about your data processing
- Right to immediately delete your data
Emergency Contact: mynutrio_support@dayzenstudio.com
Note: No data breaches have occurred to date. All your data is stored encrypted and continuous security updates are performed.
Policy Changes
- Significant changes will be notified within the app
- Updated date is indicated on this page
- Continuing to use means you accept the updates
- Updates are made as required by law
✅ Data Portability and Export
You can export all your data at any time in CSV or PDF format. To do this, simply use the Settings → Data & Privacy Management → "Download Your Information" option. Files are generated locally on your device and are not sent to any server.
🏥 Medical Disclaimer
IMPORTANT: MyNutrio is not a medical device and does not provide medical advice, diagnosis, or treatment. All health information in the app is for educational purposes only. Always consult a healthcare professional before making decisions about your health.
App content is for informational purposes only and does not replace professional medical advice.
📧 Developer Information and Contact
For privacy-related questions and requests:
Developer: Dayzen Studio (Individual developer)
Data Controller: ONUR ALKAN
Email: mynutrio_support@dayzenstudio.com
Address: Sarılar Mah. 3056. Sok. No: 6, 07600 Manavgat/Antalya, Turkey
Response Time: Your inquiries will be responded to within 30 days at the latest (KVKK and GDPR compliant)