Last updated: 4 June 2026
NutriFind takes data protection seriously. Here's a plain-English summary of what we do with your information and your clients'. For the full legal detail, see our Privacy Policy.
NutriFind is operated by NutriFind Limited, a UK private limited company registered in England and Wales (company number 16754201). The company was founded by Riddhita Chatterjee (sole director) in September 2025 and is based in Orpington, England.
NutriFind Limited is registered with the UK Information Commissioner's Office (ICO) under registration number ZC168444.
We built NutriFind because the practice management tools available to newly-qualified UK dietitians and registered nutritionists are mostly afterthoughts from larger American products. NutriFind is designed from the ground up around UK dietetic practice and UK data protection requirements.
You are the data controller for your client records — their names, health information, session notes, and any data they share with you. NutriFind is the data processor: we store and process this data on your behalf, under your instructions.
NutriFind is the data controller for your own account information — your name, email, professional credentials, and practice details.
All client and account data is stored in the European Union on Neon (PostgreSQL), encrypted at rest and in transit. Database backups are managed by Neon and stored within the EU.
File uploads (menu photos, documents) are stored on Cloudflare R2 in a private bucket. Access requires authentication.
Email is sent via Postmark (US-based, with EU-UK Data Privacy Framework certification). We use Postmark for transactional emails only — no marketing emails are sent through this system without your explicit opt-in.
By default, only you. NutriFind uses row-level access controls so each dietitian's data is isolated from every other dietitian's — no other practitioner on the platform can see your clients, sessions, notes, or AI-generated content.
When you choose to share specific items with a client (shared session notes, shared meal plans, shared progress reports), the client can see those specific items via their consumer portal account. Items you have not shared remain private to you. The distinction between private and shared is explicit in the practitioner UI — you control what each client can see.
You can also generate a public tokenised link to send an intake form to a prospective client. That link grants access only to fill in the form once; the response is then private to you. Possession of the token is the only access requirement, so treat the URL like you would a password and send it only to the intended client.
Our team can access your data only when you explicitly request support, and never for marketing or analytics purposes. We do not sell, share, or transfer your data to third parties for their commercial purposes. We do not use your data to train any AI models.
When you use AI features (meal plan generator, progress report writer, client email drafter, menu analyser), the inputs you provide are sent to Anthropic to generate the response.
Before sending, we strip identifying information: client names, initials, NHS numbers, postcodes, and other direct identifiers are removed or replaced with generic labels. The AI sees only the clinically relevant context, not your client's identity.
Anthropic retains AI inputs for up to 30 days for abuse monitoring and does not use them to train their models. We have a data processing agreement with Anthropic covering UK GDPR transfer requirements.
Intake form data: when a client submits an intake form via the tokenised link, their answers are not sent to any AI service. They are stored against the client record exactly as submitted and visible only to the dietitian.
All AI outputs are drafts. You are responsible for reviewing and editing them before use with clients.
Under UK GDPR, both you and your clients have the right to:
For requests about your own account data, email contact@nutrifind.ai. For requests about your clients' data, you handle these directly as the data controller — we will cooperate with your requests as your processor.
You can export all your account and client data at any time from your account settings — Settings → Data & privacy → Download my data. After you close your account, we retain your data for 30 days (in case you change your mind), then delete it permanently. We retain your invoice and transaction records for as long as your NutriFind account is active. We recommend exporting your records to your accounting software regularly, and practitioners are responsible for keeping their own business records as required by UK law (currently at least 6 years from the end of the relevant tax year per HMRC guidance). If your account is closed, you can request a final export of your data before deletion.
NutriFind is built specifically for UK practice. We follow UK GDPR, the Data Protection Act 2018, and ICO guidance for health data. Our infrastructure uses providers with appropriate international data transfer safeguards (Standard Contractual Clauses or adequacy decisions) where data leaves the UK/EU.
Email our team at contact@nutrifind.ai. We respond within 2 business days. If we can't resolve your concern, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.
This page is a summary. The Privacy Policy is the legally binding document covering data processing. Last updated: 4 June 2026.