Privacy Policy

Last updated: March 4, 2026

Multinutrify (“we”, “us”, or “our”) operates multinutrify.com. This policy explains what personal data we collect, how we use it, where it is stored, and your rights regarding that data. We are committed to handling your information responsibly and transparently.

1. Information We Collect

1a. Information You Provide Directly

• Newsletter subscription - via the site footer or popup, you may submit your email address (and optionally your name). This data is transmitted to and stored by MailerLite (see §4a).
• Contact form - via the /contact page you may submit your name, email address, subject category, and a message. This data is transmitted to and stored by Tally.so (see §4b). We receive a notification and respond to your message directly.

1b. Automatically Collected Data

• IP address, browser type and version, device type, operating system, screen resolution
• Pages visited, navigation path, time on page, scroll depth, referral source, session duration - collected via Google Analytics 4 (see §4c)
• General geographic location (country/city level) derived from anonymised IP address
• Supplement stack preferences, theme setting (dark/light mode), and filter preferences - stored only in your browser's localStorage and never transmitted to our servers

1c. Data We Do Not Collect

We do not collect, store, or log: the content of your AI chat conversations (see §3), payment information of any kind, social media credentials, or your precise GPS location.

2. How We Use Your Information

• To send weekly newsletter emails to subscribers (every email includes an unsubscribe link)
• To respond to contact form submissions, typically within 48 business hours
• To analyse aggregated, anonymised site traffic to improve content quality, page structure, and user experience
• To detect and prevent abuse of our AI chat and API endpoints (rate limiting based on IP address)
• To comply with legal obligations if required by law

3. AI Chat Feature

The “AI Nutritionist” feature (/boost) uses Claude, an AI model developed by Anthropic, PBC (San Francisco, USA). When you send a message in the AI chat:

• Your message is transmitted over HTTPS to Multinutrify's API server (hosted on Railway in Amsterdam - see §5)
• The message is sanitised and validated, then forwarded to Anthropic's API for processing
• Anthropic processes the message and returns a response that is streamed back to you
• We do not persistently store your chat messages on our servers beyond the duration of the API request
• Your messages are processed by Anthropic subject to Anthropic's Privacy Policy

We apply rate limiting (based on IP address) and input sanitisation to protect against misuse. We strongly recommend you do not submit sensitive personal or medical information in the AI chat.

4. Third-Party Services

4a. MailerLite (Email Marketing)

We use MailerLite (MailerLite UAB, Perk\u0173 g. 30, Vilnius, Lithuania, EU) to manage newsletter subscribers. When you subscribe, your email address - and name if provided - are stored on MailerLite's servers within the European Union. MailerLite is GDPR-compliant and is registered as a data processor. You may unsubscribe at any time using the link in any newsletter email or by emailing us. See MailerLite's Privacy Policy.

4b. Tally.so (Contact Form)

Our /contact page form is powered by Tally.so (Tally Software BV, Belgium, EU). When you submit the contact form, your submission (including name, email, subject, and message) is processed and stored by Tally.so. Tally.so is GDPR-compliant and stores data on EU servers. See Tally's Privacy Policy.

4c. Google Analytics 4 (Website Analytics)

We use Google Analytics 4 (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for anonymous site analytics. GA4 anonymises IP addresses by default. Analytics data is processed by Google under the EU-US Data Privacy Framework. You can opt out of Google Analytics tracking via the Google Analytics opt-out browser add-on or by using a privacy-focused browser extension. See Google's Privacy Policy.

4d. Affiliate Partners

We participate in the Amazon Associates Program and other affiliate networks (ShareASale, Impact, and direct brand programmes). When you click a product link, you are redirected to the retailer's website. The retailer and affiliated networks may set their own cookies and track your purchase. We have no control over their data collection practices - please review the privacy policy of any retailer you visit. See our full Affiliate Disclosure.

5. Infrastructure & Data Location

The Multinutrify web application and API are hosted on Railway (Railway Corp., San Francisco, USA) using a server deployment in the Amsterdam, Netherlands (EU) data centre (AWS eu-west-1 / Amsterdam region). This means HTTP requests to multinutrify.com are processed on servers physically located within the European Union.

Your browser's localStorage data (stacks, preferences) never leaves your device and is never transmitted to any server.

6. Cookies & Local Storage

We use the following:

• Google Analytics cookies (_ga, _ga_*) - used for analytics tracking. These are third-party cookies from Google. Duration: up to 2 years. Can be opted out via the GA opt-out tool.
• Theme preference - stored in browser localStorage under a theme key. Never transmitted to servers.
• Supplement stacks & filters - stored in browser localStorage. Never transmitted to servers.

We do not use advertising cookies, retargeting cookies, or social media tracking pixels on Multinutrify.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data. EU/EEA residents have these rights under the General Data Protection Regulation (GDPR); California residents have additional rights under the CCPA; UK residents under the UK GDPR:

• Right of Access - request a copy of personal data we hold about you
• Right to Rectification - request correction of inaccurate or incomplete data
• Right to Erasure (“right to be forgotten”) - request deletion of your data
• Right to Object - object to processing based on legitimate interests
• Right to Restrict Processing - request that we limit how we use your data
• Right to Data Portability - receive your data in a structured, machine-readable format
• Right to Withdraw Consent - unsubscribe from email marketing at any time

To exercise any of these rights, email: [email protected]. We will respond within 30 days. For requests relating to data held by third-party processors (MailerLite, Tally.so, Google), we will assist in forwarding your request.

8. Data Retention

• Newsletter subscriber data: retained in MailerLite until you unsubscribe or request deletion
• Contact form submissions: retained by Tally.so per their data retention policy; our email replies are retained for up to 12 months
• Google Analytics data: retained for 14 months (Google Analytics default retention setting)
• API rate-limit records (IP address + timestamp): retained in memory only, cleared every 60 seconds per request window
• LocalStorage data: persists in your browser until you clear your browser data; we have no copy

9. Data Security

We implement the following technical and organisational security measures:

• HTTPS/TLS encryption for all data in transit (enforced via HSTS)
• HTTP security headers: Content-Security-Policy, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy
• Rate limiting on all API endpoints (newsletter, export, AI chat)
• Input sanitisation and validation on all user-submitted data
• Payload size limits on API requests to prevent abuse
• Server infrastructure hosted on Railway in the EU (Amsterdam) with Railway's own security controls

No method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Multinutrify is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child under 13 has provided us with personal information, please contact [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The “Last updated” date at the top of this page reflects the most recent revision. For material changes, we will notify newsletter subscribers by email. Continued use of the Site after any changes constitutes acceptance of the revised policy.

12. Contact & Data Controller

Multinutrify is the data controller for personal data collected through this website.

Privacy enquiries: [email protected]
General enquiries: [email protected]