PRIVACY POLICY
Last Updated: November 27, 2025
Introduction
Welcome to Nutri Info ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.
Information We Collect
We collect information that you provide directly to us when you:
- Create an account
- Book an appointment
- Communicate with healthcare providers
- Upload medical documents
- Make payments
- Use our services
Personal Information
We may collect the following personal information:
- Full name
- Email address
- Phone number
- Date of birth
- Profile photograph
- Account credentials
Health Information
We collect health-related information including:
- Appointment details and history
- Medical documents (prescriptions, lab reports)
- Reason for consultation
- Health concerns and symptoms
- Communication with healthcare providers
Payment Information
Payment information is processed securely through PayHere payment gateway. We do not store your complete credit card information. We may collect:
- Transaction IDs
- Payment status
- Payment amount
- Transaction date and time
Technical Information
We automatically collect certain information when you use the App:
- Device information (model, operating system, unique device identifiers)
- IP address
- Log data (access times, pages viewed, app features used)
- Location data (with your permission)
- Push notification tokens
Authentication Data
When you sign in using Google Sign-In, we collect:
- Google account email
- Profile name
- Profile picture
- Authentication tokens
How We Use Your Information
We use the collected information for the following purposes:
Service Delivery
- Schedule and manage appointments
- Facilitate communication between patients and healthcare providers
- Process payments for consultations
- Send appointment reminders and notifications
- Provide video consultation access
- Store and manage medical documents
Account Management
- Create and maintain your account
- Verify your identity
- Provide customer support
- Respond to your inquiries
Service Improvement
- Analyze app usage patterns
- Improve app functionality and user experience
- Develop new features
- Fix technical issues
- Monitor and analyze trends
Legal and Safety
- Comply with legal obligations
- Enforce our terms and conditions
- Protect against fraudulent or illegal activity
- Protect the rights and safety of users
How We Share Your Information
We may share your information in the following circumstances:
With Healthcare Providers
Your appointment details, health information, and communications are shared with the healthcare providers you consult through our App.
With Service Providers
We share information with third-party service providers who perform services on our behalf:
- Firebase (Google) - Authentication, database, storage, and messaging
- PayHere - Payment processing
- Zoom/Google Meet - Video consultations
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
With Your Consent
We may share your information with your explicit consent for purposes not described in this policy.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
Data Storage and Security
Storage Location
Your data is stored securely on Firebase servers operated by Google. Firebase uses industry-standard security measures and encrypts data both in transit and at rest.
Security Measures
We implement appropriate technical and organizational security measures to protect your information:
- Encryption of data in transit using SSL/TLS
- Encryption of data at rest
- Secure authentication protocols
- Regular security assessments
- Access controls and authentication
- Secure API communications
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as necessary to:
- Provide our services
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.
Medical records and health information may be retained for longer periods as required by healthcare regulations.
Your Rights and Choices
You have the following rights regarding your information:
Access and Portability
You can access your personal information through your account settings. You can request a copy of your data in a portable format.
Correction
You can update or correct your personal information at any time through the App or by contacting us.
Deletion
You can request deletion of your account and personal information. Some information may be retained as required by law or for legitimate business purposes.
Opt-Out of Communications
You can opt-out of promotional emails by following the unsubscribe link in the emails. You can disable push notifications through your device settings.
Location Data
You can disable location access through your device settings at any time.
Marketing Communications
You can opt out of receiving marketing communications while still receiving important service-related messages.
To exercise any of these rights, please contact us at costhaashen@gmail.com.
Children's Privacy
Our App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.
Third-Party Services
Our App integrates with third-party services that have their own privacy policies:
Firebase (Google)
Privacy Policy: https://firebase.google.com/support/privacy
Google Sign-In
Privacy Policy: https://policies.google.com/privacy
PayHere
Privacy Policy: https://www.payhere.lk/privacy
Zoom
Privacy Policy: https://zoom.us/privacy
We encourage you to review the privacy policies of these third-party services.
California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to deletion of personal information
- Right to non-discrimination for exercising your rights
To exercise these rights, contact us at costhaashen@gmail.com.
European Privacy Rights
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
Our legal basis for processing your information includes:
- Performance of a contract with you
- Your consent
- Compliance with legal obligations
- Our legitimate interests
To exercise these rights, contact us at costhaashen@gmail.com.
Health Information Privacy (HIPAA)
We are committed to protecting your health information in accordance with applicable healthcare privacy laws. While we are not a covered entity under HIPAA, we implement HIPAA-compliant practices:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Organizational requirements
Healthcare providers using our platform are responsible for their own HIPAA compliance.
Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of any changes by:
- Posting the new privacy policy in the App
- Updating the "Last Updated" date
- Sending you an email notification for material changes
Your continued use of the App after changes become effective constitutes acceptance of the revised policy.
Contact Us
If you have questions, concerns, or complaints about this privacy policy or our data practices, please contact us:
Email: costhaashen@gmail.com
Support: support@nutriinfoclinic.com
Response Time: We will respond to your inquiry within 48 hours.
Dispute Resolution
If you have a complaint about our privacy practices, please contact us first. We will investigate and attempt to resolve any complaints.
If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.
Consent
By using the Nutri Info App, you consent to the collection, use, and disclosure of your information as described in this privacy policy.
For specific processing activities that require explicit consent, we will obtain your consent separately within the App.
You can withdraw your consent at any time by contacting us or deleting your account, though this may limit your ability to use certain features of the App.
Effective Date
This privacy policy is effective as of November 27, 2025.
