Privacy Policy

[NUTRA COMP LTD] | Last updated: February 2026

1. Introduction

[NUTRA COMP LTD] (“we”, “us”, “our”) operates the Nutra Comp platform, a software-as-a-service application that generates dietary supplement ingredient substantiation documentation and compliance documents (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service.

We are registered in England and Wales and our primary privacy obligations arise under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Because many of our users are based in the United States, we also take into account applicable US state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) where relevant.

By using Nutra Comp, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Who We Are (Data Controller)

[NUTRA COMP LTD] is the data controller for personal data collected through the Nutra Comp platform.

Contact us regarding any privacy matters at:
Email: privacy@nutracomp.com

3. Data We Collect

3.1 Account Information

When you register for Nutra Comp, we collect:

  • Full name
  • Email address
  • Password (stored in hashed/encrypted form)
  • Business or company name

3.2 Billing and Payment Information

To process subscription payments, we collect:

  • Billing name and address
  • Payment card details (processed and stored securely by our third-party payment processor; we do not store full card numbers)
  • Subscription tier and transaction history

3.3 Business and Formulation Data

As part of using the Service, you may input:

  • Your company or brand details
  • Dietary supplement formulation information, including ingredient names, dosages, and product descriptions
  • Compliance documentation preferences and outputs

This data is used solely to provide you with the substantiation and compliance documents you request.

3.4 Usage and Technical Data

We automatically collect:

  • IP address and approximate location (country/region)
  • Browser type and device information
  • Pages visited, features used, and session duration
  • Error logs and diagnostic data

4. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

4.1 To Provide and Operate the Service (Contract)

  • Process account registration and authentication
  • Generate substantiation and compliance documents using AI-powered tools
  • Process subscription payments
  • Provide customer support

4.2 To Improve the Service (Legitimate Interests)

  • Analyse usage patterns to improve features and user experience
  • Monitor system performance and security
  • Conduct internal research and product development

4.3 To Communicate with You (Legitimate Interests / Consent)

  • Send transactional emails (e.g. receipts, account notices)
  • Send service updates or security notices
  • Send marketing communications where you have opted in (you may opt out at any time)

4.4 Legal Compliance (Legal Obligation)

  • Comply with applicable laws and regulations
  • Respond to lawful requests from courts or regulatory authorities

5. AI-Powered Processing

Nutra Comp uses artificial intelligence and machine learning services provided by third-party AI providers (such as large language model APIs) to generate documentation. When you submit formulation data, ingredient details, or other inputs, this information is processed by our AI systems.

We take steps to ensure that:

  • Data submitted to AI APIs is used only to generate your requested outputs
  • We select AI providers who offer appropriate data processing agreements and confidentiality protections
  • Formulation data is not used to train third-party AI models without your explicit consent, where we are contractually able to enforce this

You acknowledge that AI-generated documents are provided as a starting point for substantiation and compliance purposes and should be reviewed by qualified professionals before regulatory submission.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

  • Payment processors (e.g. Stripe) to handle subscription billing
  • AI API providers to generate your documents
  • Cloud hosting providers for data storage and infrastructure
  • Analytics providers to help us understand usage patterns (using anonymised or aggregated data where possible)
  • Professional advisors (lawyers, accountants) under confidentiality obligations
  • Law enforcement or regulatory authorities where required by law

All third-party processors are subject to data processing agreements and are required to handle your data in accordance with applicable law.

7. International Data Transfers

As a UK-based company serving US users, your data may be transferred to and processed in countries outside the UK and EEA, including the United States. Where such transfers occur, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission
  • Adequacy decisions where applicable

8. Data Retention

We retain personal data for as long as necessary to provide the Service and comply with legal obligations:

  • Account data: retained for the duration of your subscription plus 2 years after account closure
  • Formulation and document data: retained for the duration of your subscription; you may delete specific documents at any time
  • Billing records: retained for 7 years to comply with financial regulations
  • Usage logs: retained for up to 12 months

After applicable retention periods, data is securely deleted or anonymised.

9. Your Rights

9.1 UK GDPR Rights (UK and EEA users)

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate data
  • Erasure: request deletion of your data (subject to legal retention obligations)
  • Restriction: request that we restrict processing of your data
  • Portability: receive your data in a structured, machine-readable format
  • Object: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise your rights, contact us at privacy@nutracomp.com. We will respond within one month.

If you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

9.2 US Privacy Rights (California and Other States)

If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to:

  • Know what personal information we collect and how it is used
  • Delete personal information we hold about you
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal data)
  • Non-discrimination for exercising your privacy rights

To submit a CCPA request, contact us at privacy@nutracomp.com.

10. Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS) and at rest
  • Hashed password storage
  • Access controls limiting who can access personal data
  • Regular security monitoring and vulnerability assessments

No method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by law.

11. Cookies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

  • Essential cookies: required for the Service to function (e.g. authentication sessions)
  • Analytics cookies: help us understand how users interact with the platform
  • Preference cookies: remember your settings and preferences

You can manage cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use core features of the Service.

12. Children’s Privacy

The Service is intended for business users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the Service. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

14. Contact Us

For any questions or concerns about this Privacy Policy or how we handle your data, please contact us at: privacy@nutracomp.com