Legal · GDPR
Privacy & Data Protection Notice
This notice explains how Food Doctor AI processes personal data in line with the EU General Data Protection Regulation (GDPR) and equivalent laws. It must be reviewed by legal counsel and finalized with the operating entity’s details before public launch.
1. Data controller
The data controller is the operating entity behind Food Doctor AI. Contact for privacy matters and our Data Protection Officer (DPO) is published on the Contact page.
2. What we collect
Account data (name, email); usage data (interactions with Nouri and the directory); and, only if you choose to share it, health-related information such as goals, conditions or allergies you describe to Nouri.
3. Legal basis for processing (Art. 6 & Art. 9)
We rely on: performance of a contract (providing the service); legitimate interests (security, service improvement); and, for special-category health data (Art. 9 GDPR), your explicit consent, requested in context before any health information is processed. You can withdraw consent at any time.
4. Data minimisation & retention
We collect the minimum necessary, and we delete raw conversation content when it is no longer needed for the purpose collected. Retention periods are documented in our internal retention schedule.
5. Your GDPR rights
You have the right to: access your data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; data portability; object to processing; and withdraw consent at any time. See Your Data Rights to exercise them.
6. International transfers & processors
Where data is processed outside your region (for example by AI model, hosting or analytics providers), we use appropriate safeguards such as Standard Contractual Clauses. A list of subprocessors is available on request.
7. Automated processing & AI
Nouri is an AI system that generates educational suggestions. It does not make legal or similarly significant automated decisions about you. Human oversight and a complaint route are available.
8. Cookies
We use essential cookies for the service to function. Non-essential cookies (e.g. analytics) are used only with your consent, managed via the cookie banner and your preferences.
9. Complaints
You may lodge a complaint with your local data protection supervisory authority. We ask that you contact us first so we can help.
10. Children
The service is not directed at children below the age of digital consent in your jurisdiction without appropriate safeguards.