Data Processing Agreement (DPA)

NutriTrack AI processes personal data in accordance with documented customer instructions and product functionality. Processing is limited to service delivery, security, and support obligations.

Depending on feature usage, processed categories may include account identifiers, nutrition logs, hydration logs, body signals, body metrics, and associated metadata required for service operation.

Technical and organizational controls include encryption-aware data handling patterns, access boundaries, validation-first ingestion, and operational safeguards for confidentiality and integrity.

Where subprocessors are used to operate the service, they are selected for reliability and security posture. Appropriate contractual safeguards apply for data transfer and processing obligations.

Some AI-enabled functions may depend on third-party model or API providers operating under contractual controls. We require these providers to meet security and confidentiality expectations appropriate to the service.

Security incidents affecting personal data are assessed promptly and handled through defined response procedures, with customer communication and remediation support as required.