N
nutrifity
Legal

Privacy Policy

Your privacy matters - here's how we protect your data.

Last updated: April 2026

1. Introduction

Nutrifity (also known as "FitPro Hub," "we," "us," or "our") operates the Nutrifity platform - a SaaS marketplace connecting fitness and nutrition professionals with clients ("Achievers"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services.

We are based in Croatia, European Union, and we process personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Croatian Act on the Implementation of the General Data Protection Regulation, and other applicable data protection laws.

By using Nutrifity, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the platform.

2. Data We Collect

2.1 Information You Provide

  • Account information: name, email address, password, date of birth, profile photo, and user type (Achiever, Trainer, Nutritionist, or Coach).
  • Profile information: professional bio, certifications, specializations, service offerings, pricing, location, and contact preferences.
  • Payment information: billing address and payment method details. Payment card data is processed directly by our payment processors (Stripe, PayPal) and is never stored on our servers.
  • Communications: messages exchanged with other users through the platform, support tickets, and feedback submissions.
  • Content: reviews, ratings, uploaded documents, images, and other materials you share on the platform.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, search queries, booking history, and interaction patterns.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Cookies and similar technologies: session identifiers, authentication tokens, and analytics trackers. See our Cookie Policy for details.
  • Log data: server logs including access times, error logs, and referral URLs.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Account management: creating and maintaining your account, authenticating your identity, and managing your profile.
  • Service delivery: facilitating bookings between Achievers and professionals, processing payments, and enabling communication between users.
  • Platform improvement: analyzing usage patterns to improve features, fix issues, and develop new functionality.
  • Communication: sending booking confirmations, payment receipts, service updates, and (with your consent) marketing communications and newsletters.
  • Safety and security: detecting and preventing fraud, abuse, and unauthorized access; enforcing our Terms of Service.
  • Legal compliance: meeting our obligations under applicable laws, including tax reporting and responding to lawful requests from authorities.

Legal bases for processing (GDPR Article 6): We rely on contractual necessity (to provide you the service), legitimate interest (to improve and secure the platform), consent (for marketing communications), and legal obligation (for tax and regulatory requirements).

4. Data Sharing

We do not sell your personal data. We share information only in the following circumstances:

  • Between users: When an Achiever books a service, the professional receives relevant booking details (name, contact information, booking notes). Professionals' public profile information is visible to Achievers.
  • Payment processors: Stripe and PayPal process your payment transactions under their own privacy policies.
  • Service providers: Trusted third parties who help us operate the platform (hosting, email delivery, analytics) under strict data processing agreements.
  • Legal requirements: When required by law, court order, or governmental authority, or to protect the rights, property, or safety of Nutrifity, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Cookies

We use cookies and similar tracking technologies to operate, secure, and improve the platform. For detailed information about the types of cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

6. Data Retention

We retain your personal data only as long as necessary:

  • Active accounts: Your data is retained for the duration of your account. You may delete your account at any time.
  • After account deletion: We delete or anonymize your personal data within 30 days of account deletion, except where retention is required by law.
  • Financial records: Transaction data is retained for 7 years to comply with tax and accounting regulations.
  • Support communications: Retained for up to 3 years after resolution for quality assurance and legal purposes.
  • Server logs: Automatically purged after 90 days.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests, including direct marketing.
  • Right to restrict processing: Request limitation of processing in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@nutrifity.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local supervisory authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Regular security audits and vulnerability assessments.
  • Access controls limiting data access to authorized personnel only.
  • Secure password hashing and multi-factor authentication support.
  • Regular backups with encrypted storage.

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

9. International Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

10. Children's Privacy

Nutrifity is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@nutrifity.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or an in-app notification. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: