← Home

Privacy Policy

Last updated: April 23, 2026

1. Introduction

Utrition (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our website, products, and services (collectively, the “Services”).

Our goal is to provide educational, wellness-focused guidance while respecting user trust and privacy.

2. Information We Collect

We may collect the following types of information:

a) Information You Provide Voluntarily

When you complete our wellness quiz or interact with the Services, you may provide information such as:

  • Age range
  • Sex
  • Height and weight
  • Wake/sleep timing
  • Fitness or wellness goals
  • Supplement usage
  • General lifestyle information
  • Broad medication categories (not diagnoses)

We do not require users to submit identifying health records, lab results, or medical diagnoses.

b) Automatically Collected Information

We may automatically collect limited technical information such as:

  • Device type
  • Browser type
  • Pages visited
  • Anonymous usage analytics

This information does not identify you personally.

3. How We Use Information

We use collected information to:

  • Generate personalized, non-medical wellness and supplement guidance
  • Improve and optimize our Services
  • Understand general usage patterns and trends
  • Develop aggregated insights about wellness and supplement behaviors
  • Conduct internal research and analytics

4. Aggregated and Anonymized Data

We may combine user information into aggregated and anonymized datasets that do not identify any individual.

These datasets are used to:

  • Improve our recommendations and product experience
  • Identify high-level wellness and supplement trends
  • Inform research, analytics, and business development

We do not sell personal information or identifiable health data.

5. What We Do NOT Do

To be clear, Utrition does not:

  • Sell personal data
  • Share identifiable user information with third parties
  • Provide individual data access to partners or affiliates
  • Use personal data for off-platform targeting

6. Affiliate Links and Third-Party Products

Our Services may include affiliate links to third-party products. If you choose to purchase through these links, we may earn a commission.

Utrition does not control third-party websites and is not responsible for their privacy practices.

7. Third-Party Processors

To generate personalized supplement recommendations and to power our in-product advisor chat, Utrition sends limited, purpose-scoped data to the third-party AI providers listed below. We disclose these processors here to comply with EU GDPR Articles 13 and 14 and the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.).

a) Anthropic (Claude)

Purpose: Generating your initial supplement stack (Claude Sonnet 4.6), powering advisor chat where available so you can ask follow-up questions about your supplement stack, and lightweight memory extraction and intent classification on your chat messages (Claude Haiku 4.5). Anthropic handles all user-facing AI content generation.

Data sent: Your quiz responses (age, sex, height, weight, wake/sleep timing, fitness and wellness goals, supplement history, lifestyle details, and broad medication categories), the chat messages you type, limited context from your current supplement stack, and the working state of the conversation.

Data not sent: Your name, mailing address, phone number, payment information, or any personally identifying information beyond the email address you used to save your plan. We do not send lab results, diagnoses, or medical records because we do not collect them.

Retention and training:Anthropic's commercial terms of service state that inputs and outputs submitted through the API are not used to train Anthropic models and are retained only as needed to deliver the service and comply with legal obligations. See Anthropic's commercial terms and Anthropic's privacy policy for details.

b) OpenAI

Purpose: Text embeddings only. We use OpenAI's text-embedding-3-small model to convert your chat messages into numeric vectors so that relevant prior context can be retrieved when you return to a conversation. Anthropic does not offer an embeddings API, so this step runs on OpenAI.

Scope limit: OpenAI never generates user-facing AI responses and never makes decisions about your supplement recommendations. Its role is strictly vectorization for memory retrieval.

Data sent: The text of chat messages submitted for embedding.

Data not sent: Your name, mailing address, phone number, payment information, or any personally identifying information beyond what may appear incidentally in a chat message. We do not send lab results, diagnoses, or medical records to OpenAI because we do not collect them.

Retention and training:OpenAI's API data usage policies state that data submitted via the API is not used to train OpenAI models and is retained only as needed to deliver the service and comply with legal obligations. See OpenAI's API data usage policies and OpenAI's privacy policy for details.

c) Your Rights and How to Opt Out

You may decline to use the AI-powered recommendation and chat features at any time. If you have already used them and want your data removed, you can opt out by requesting account deletion. Email support@utrition.com or visit /privacy/delete-request to initiate a deletion request. Once verified, we will delete your account data on our systems and, where applicable, submit deletion or suppression requests to our third-party processors consistent with their retention obligations.

California residents have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt out of sale. Utrition does not sell personal information. Residents of the European Union and the United Kingdom have rights under the GDPR, including the right of access, rectification, erasure, restriction, portability, and objection. Exercise any of these rights by emailing support@utrition.com.

8. Cookies and similar technologies

We use a single first-party session cookie for authentication and a localStorage entry to remember your analytics-consent choice. No third-party analytics, advertising, or tracking technologies are loaded. You can change your choice any time via “Manage cookie preferences” in the footer.

9. Data Security

We use reasonable administrative, technical, and organizational measures to protect information. However, no system is 100% secure, and we cannot guarantee absolute security.

10. Your Choices

You may:

  • Choose not to provide certain information
  • Download a copy of your data from Settings → Privacy → Download my data
  • Request deletion from Settings → Privacy → Request deletion, or by contacting us
  • Decline to use the AI-powered recommendation and advisor features

Requests will be honored subject to applicable laws and operational requirements. State-specific rights (including Washington, California, Colorado, Connecticut, and Nevada) are enumerated in Section 11 below.

11. Your rights if you live in Washington, California, Colorado, Connecticut, or Nevada

Several U.S. states have enacted consumer health data laws that apply to Utrition because the information we collect — goals, diet flags, broad medication categories, and supplement history — is treated by those laws as “consumer health data” even though we are not a HIPAA-covered entity. This section enumerates the rights available to residents of each state, the ways to exercise those rights, and our response timelines.

Binding legal language in this section is pending review by outside counsel. Placeholders marked [LEGAL REVIEW REQUIRED]will be replaced with counsel-approved text before we begin paid acquisition or expand beyond Phase 1. In the meantime, we commit operationally to the access, deletion, correction, opt-out, and response-timeline mechanics described below. To exercise any right, email privacy@utrition.com or use the self-serve controls in Settings → Privacy.

a) Washington — My Health My Data Act (MHMDA, RCW 19.373)

Who it covers: Any natural person physically located in, or a resident of, Washington at the time they interact with Utrition.

Consumer health data we collect that falls within MHMDA's scope: goals (e.g. sleep, energy, muscle, longevity), broad medication categories (never specific drug names — see Section 2), broad dietary restrictions and allergen flags, supplement history, and inferences drawn from the above to generate your supplement plan.

Rights available to you under MHMDA:

  • Right to know and access. You may request a copy of the consumer health data we have collected about you and a list of the third parties to whom we have disclosed it.
  • Right to delete. You may request deletion of all of your consumer health data. Utrition will also forward deletion requests to our subprocessors (listed in Section 7).
  • Right to withdraw consent. You may withdraw consent at any time for collection, sharing, or sale. Utrition does not sell consumer health data and has no plans to.
  • Right against sale without authorization. Utrition will not sell your consumer health data. A signed authorization would be required before any such sale, and we do not solicit one.
  • Right to non-retaliation. Utrition will not deny services, charge different prices, or degrade quality because you exercised an MHMDA right.

How to exercise: Email privacy@utrition.comwith the subject line “MHMDA request.” Alternatively, use the self-serve “Download my data” and “Request deletion” controls in Settings → Privacy.

Response timeline: We will respond within 45 days of receipt, with one 45-day extension permitted if the request is complex (we will notify you in writing if we extend).

Appeal and complaints: If we decline a request, you may appeal by replying to our response email; we will respond to the appeal within 45 days. You may also file a complaint with the Washington State Attorney General at atg.wa.gov/file-complaint.

[LEGAL REVIEW REQUIRED — counsel must confirm MHMDA scope mapping, consent/authorization form language, private-right-of-action disclosure, geofencing representations, and the adequacy of our subprocessor disclosures.]

b) California — CMIA (Cal. Civ. Code § 56 et seq.) and CCPA / CPRA

CMIA scope:The California Confidentiality of Medical Information Act generally applies to providers, contractors, and businesses offering “software or hardware to consumers…that is designed to maintain medical information.” Utrition's supplement planner is a wellness tool and does not maintain diagnoses or provider-sourced medical records; however, because CMIA has been applied broadly to consumer health apps, we extend CMIA-style protections to the wellness information we collect.

Rights available to California residents:

  • Right to know what categories of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
  • Right to delete your personal information (subject to statutory exceptions — e.g., legal retention obligations).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing for cross-context behavioural advertising. Utrition does not sell or share personal information for behavioural advertising.
  • Right to limit use of sensitive personal information. Utrition uses sensitive information (including health-related data) only to generate your plan and to communicate with you.
  • Right to non-discrimination for exercising CCPA rights.

How to exercise: Email privacy@utrition.comwith the subject line “California privacy request,” or useSettings → Privacy.

Response timeline: We will confirm receipt within 10 business days and respond substantively within 45 days, with one 45-day extension available for complex requests.

Complaints: California Attorney General at oag.ca.gov/privacy/privacy-complaint, or the California Privacy Protection Agency at cppa.ca.gov.

[LEGAL REVIEW REQUIRED — counsel must confirm CMIA applicability determination, the “medical information” carveout, CCPA sensitive-PI treatment, and whether a Shine the Light disclosure is required.]

c) Colorado — Colorado Privacy Act (CPA, C.R.S. § 6-1-1301 et seq.)

Rights available to Colorado residents:access, correction, deletion, data portability, and opt-out of targeted advertising, sale, and profiling that produces legal or similarly significant effects. Utrition does not engage in targeted advertising, sale, or high-impact profiling. Health-related data is considered “sensitive data” and we process it only after obtaining your consent during signup.

How to exercise: privacy@utrition.comwith the subject line “Colorado CPA request.”

Response timeline: 45 days, with one 45-day extension for complex requests.

Appeal: Reply to our response; we will respond to an appeal within 45 days and, if we decline the appeal, provide the contact for the Colorado Attorney General at coag.gov/resources/colorado-privacy-act.

[LEGAL REVIEW REQUIRED — counsel must confirm universal opt-out signal handling, processor/controller designation, and the required DPA with subprocessors.]

d) Connecticut — Connecticut Data Privacy Act (CTDPA, Conn. Gen. Stat. § 42-515 et seq.)

Rights available to Connecticut residents: the same access, correction, deletion, portability, and opt-out rights as under the Colorado CPA, with comparable 45-day response timelines. Health data is sensitive data under CTDPA and is processed only with your consent.

How to exercise: privacy@utrition.comwith the subject line “Connecticut CTDPA request.”

Complaints: Connecticut Attorney General at portal.ct.gov/AG/Common/Complaint-Forms.

[LEGAL REVIEW REQUIRED — counsel must confirm CTDPA applicability and universal opt-out handling.]

e) Nevada — SB 370 (Chapter 603A consumer health data amendments)

Rights available to Nevada residents: access, deletion, and withdrawal of consent for consumer health data. Utrition does not sell consumer health data.

How to exercise: privacy@utrition.comwith the subject line “Nevada SB 370 request.”

Response timeline: 60 days, with one 30-day extension available.

Complaints: Nevada Office of the Attorney General at ag.nv.gov/Complaints/File_Complaint.

[LEGAL REVIEW REQUIRED — counsel must confirm Nevada consumer-health-data scope mapping and any notice requirements distinct from the older opt-out-of-sale framework.]

f) Other jurisdictions

Residents of other U.S. states, the EU, the UK, and other regions retain the rights described in Sections 7 and 10 above. If you believe a jurisdiction-specific right applies that is not enumerated here, email privacy@utrition.com and we will evaluate and respond within the statutory timeframe.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. Consistent with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13, and the quiz blocks users who indicate an age under 13. If you believe a child under 13 has provided us with information, contact us at support@utrition.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by the “Last Updated” date above.

14. Contact Us

If you have questions about this Privacy Policy, contact us at support@utrition.com.