Legal

Privacy Notice

Last updated: 26 June 2026

1. Who we are

NutriScan is operated by V2V Wellness. V2V Wellness is the data controller for the personal data described below. Contact: support@v2vwellness.com.

2. Data we collect & why

  • Account data (name, email, login credentials) — to create and operate your account. Legal basis: performance of contract.
  • Scan content (uploaded product photos, barcodes, manual entries) — to deliver the analysis you requested. Legal basis: performance of contract.
  • Subscription & order data (plan, status, billing period) — to provide premium access. Legal basis: performance of contract.
  • Support messages — to respond to you. Legal basis: legitimate interests.
  • Usage & device telemetry (IP address, device identifiers, basic analytics) — for security, fraud prevention, and product improvement. Legal basis: legitimate interests.

3. Who we share data with

  • Stripe — our payment processor. Stripe processes payments, subscription management, and invoicing, and acts as a separate controller for that payment data under its own privacy notice.
  • Hosting & infrastructure providers (Lovable Cloud / Supabase, Cloudflare) — to host the Service.
  • AI model providers — to generate nutrition analysis from your inputs.
  • Professional advisers and authorities — where required by law.

4. International transfers

Some recipients are located outside the UK/EEA. Where this happens, we rely on adequacy decisions or Standard Contractual Clauses to safeguard your data.

5. Retention

We keep account and subscription data for as long as your account is active, and for a limited period afterwards to meet legal, tax, and accounting obligations. Scan data is retained while linked to your account and deleted or anonymised when no longer needed.

6. Your rights

Under UK GDPR and EU GDPR you have the right to access, rectification, erasure, restriction, portability, objection, and to withdraw consent. You may also lodge a complaint with your local supervisory authority (in the UK, the ICO). We aim to respond within one month. Contact support@v2vwellness.com to exercise these rights.

7. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, and row-level database security.

8. Cookies

We use essential cookies/local storage to keep you signed in and to remember your preferences. We do not use advertising cookies. Payment pages displayed by Stripe may set their own cookies under Stripe's privacy notice.