Legal

Privacy Policy

Last updated: 2026-04-15

Who we are

Nutripedia is operated by ALDR Ltd, a company registered in England and Wales (Companies House 16548322). ALDR Ltd is the data controller responsible for your personal data.

You can reach us at hello@nutripedia.co.uk.

What we collect

  • Your email address (when you join the waitlist or register)
  • Authentication identifiers from Firebase Auth
  • Items you save to your favourites
  • Anonymous usage data (pages visited, aggregated interaction counts)

We do not knowingly collect special category data. Nutripedia is not a medical service and we do not ask you for health information.

Why we process it

Under Article 6 of the UK GDPR and EU GDPR, we rely on:

  • Consent — for marketing emails and optional analytics cookies. You can withdraw consent at any time.
  • Contract — to provide account features you sign up for, such as saving favourites or accessing research tools.
  • Legitimate interests — to run and improve the research platform, keep it secure, and prevent abuse. We balance these against your rights and freedoms.

Who processes your data

We use vetted sub-processors to run the service. The main ones are:

  • Google / Firebase — hosting, authentication, Firestore database, Cloud Functions. Our Firebase project is located in the europe-west2 (London) region.
  • Google AI (Gemini) — powers research summarisation and retrieval. Prompts may leave the EEA (see transfers below).
  • Vercel — web hosting and edge delivery.

International transfers

Some of our processors (Google, Vercel) may process data outside the UK and EEA, including in the United States. Where this happens we rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses (SCCs) approved by the European Commission, together with any supplementary measures required.

How long we keep it

Account data is kept for as long as you have an account. If you delete your account, we erase or fully anonymise your personal data within 90 days. Anonymous, aggregated analytics may be retained beyond that point.

Your rights

Under the UK GDPR and EU GDPR you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data rectified
  • Have your data erased (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable form
  • Withdraw any consent you have given, at any time

To exercise any of these rights, email hello@nutripedia.co.uk. We respond within one calendar month.

Complaints

If you believe we have mishandled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk/concerns. We would appreciate the chance to resolve the issue first.

Changes

If we make material changes to this policy we will update the “last updated” date and, where appropriate, notify you by email.