nutriasoftnutriasoft
ESEN
Get started free
ProductPricingSecurityRoadmapSign inGet started free
nutriasoftLegalPrivacy
Privacy Notice

Full privacy notice.

Effective January 1, 2026. Prepared under Mexico's LFPDPPP.

Last updated: January 1, 2026.

1. Identity and address of the controller

The nutriasoft project is operated by Codemach (independent software-engineering studio, codemach.dev), under the responsibility of Miguel Ángel Careaga Gómez in Mexico. We are responsible for processing your personal data and your patients' data when we process it on your behalf as a processor. The legal structure of the controller will be updated publicly in this notice once the operating entity is incorporated.

2. Personal data we collect

As the nutritionist account owner: full name, email address, phone number, RFC or tax identifier, billing details, professional license, and when applicable, profile photo.

As a patient (data your nutritionist records in your chart): name, date of birth, gender, phone, email, address, clinical history, anthropometry, bioimpedance, progress photos, visit notes, meal plans, and adherence records. This is sensitive data and we process it under Article 9 of LFPDPPP.

Automatic technical data: IP address, browser type, operating system, essential session cookies. We do not collect biometric data or precise geolocation.

3. Processing purposes

Primary purposes

  • Provide the contracted service (chart, calendar, plans, billing).
  • Issue tax receipts and manage the commercial relationship.
  • Respond to support requests and communicate with you about your account.
  • Comply with legal, tax, and regulatory obligations.

Secondary purposes (require consent)

  • Send product newsletters, guides, and clinical education.
  • Run aggregated and anonymized analysis to improve the product.
  • Conduct satisfaction surveys and user interviews.

You may object to secondary purposes at any time without affecting the service.

4. Data transfers

We share data only with processors under DPA-equivalent contracts:

  • Stripe, Inc. — payment processing. U.S., certified under the Data Privacy Framework.
  • Amazon Web Services — hosting and storage. Regions us-east-1 and mx-central-1.
  • Resend / Postmark — transactional email delivery.
  • Sentry — error monitoring (without clinical data).

We do not sell, rent, or commercialize your data for advertising or external profiling purposes.

5. ARCO rights and revocation

At any time you may exercise your rights to Access, Rectify, Cancel, or Oppose, and revoke your consent. Email privacidad@nutriasoft.com with a copy of your identification and the right you wish to exercise.

We will respond within 20 business days. Service is free of charge; only justified costs for physical copies or shipments may apply.

For patients: some requests must be routed through your nutritionist, who owns the chart. We will guide you on who should handle it.

6. Cookies

We use essential authentication cookies, first-party analytics cookies, and optionally preference cookies. Details and controls are available in our cookie policy. cookie policy.

7. Changes to this notice

We may update this notice. We will notify material changes by email at least 15 days before they take effect. The current version is always published on this page with the latest update date.

8. Contact for the personal data department

Contact person: Miguel Ángel Careaga Gómez (Codemach).
Email: privacidad@nutriasoft.com
You may file complaints with INAI if you believe your rights have been violated: www.inai.org.mx