Privacy Policy

Product alignment note. As of this version, Yumii does not send commercial communications and does not use Users' data for promotional or marketing purposes.

V. 1 dated 28/04/2026

This privacy policy explains how Nexify Limited processes personal data when Users use the Yumii application.

Introduction - Who we are

Nexify Limited, with registered office at The Eir Building, 4 Harbourmaster Place, Custom House Dock, Dublin 1, D01 K6X5, Ireland, VAT number IE3393380OH, is the owner of the Yumii application (the “Application”, “App” or “Yumii”) and acts as data controller for the personal data of users who create and complete an account and access the personal nutrition monitoring service and related features.

The App, the Service and any features offered through the App are reserved to individuals who are at least 18 years old. Nexify Limited does not knowingly collect personal data relating to individuals under 18 and will promptly delete any such data if it becomes aware of an accidental collection.

How to contact us

For any information about this privacy policy, Users may contact the controller by writing to the registered office above or by email at info@nexify.io.

Users may also contact the Data Protection Officer (DPO), Shibumi S.r.l., at dpo@youniversal.com.

Purposes, categories of data, legal basis and retention

Personal data are processed lawfully for the purposes described below, using manual and electronic tools and security measures appropriate to the nature of the data and the purposes pursued.

Account creation and service communications

Yumii processes data needed to create and manage the account and to send service communications, such as account confirmation, password reset requests and updates to legal documents. These data may include name, surname, date of birth or age, email address, password, sex, body weight, height, technical identifiers, log files, browser and device information, and any additional information voluntarily provided by the User during account creation and completion.

To document the proper creation of the contractual relationship and the statements made during registration, Yumii also stores the date and time of acceptance, the version of the accepted legal documents, the language/interface used and the IP address from which registration is completed. These data are used to evidence acceptance of the Terms of Service, acknowledgement of the Privacy Policy, acceptance of the Health and AI Disclaimer and the declaration of being of legal age.

The legal basis is the performance of a contract to which the User is party. The retention of legal acceptance evidence is also based, where necessary, on the controller's legitimate interest in protecting its rights and documenting accountability. Passwords are processed and stored in encrypted form. Account data are retained for the duration of the account and for 30 days after the account deletion request. Legal acceptance evidence is retained for the duration of the account and for 30 days after the deletion request, unless further retention is necessary to comply with legal obligations or protect rights; log files are retained for 90 days.

Provision of App features

Yumii processes data to provide App features, including meal logging through photos, text descriptions, product barcode scanning or manual entry; processing and analysis of nutritional estimates such as calories and macronutrients; creation and management of custom recipes; dashboards, trends and statistics relating to nutritional values; and interaction with the Yumii Coach virtual assistant for general nutrition suggestions.

The data processed for this purpose may include account data, meal images, textual descriptions, scanned or manually entered products, recipes, nutritional values, dashboard data, the content and history of interactions with the virtual assistant, and any other data voluntarily provided while using the App. The legal basis is performance of the service requested by the User. These data are retained for the duration of the account and for 30 days after deletion of the account, limited to account-related personal data.

Artificial intelligence features

The controller uses artificial intelligence systems to process and analyze nutritional estimates and to enable interaction with the virtual assistant. Users' personal data are not used to train the artificial intelligence systems. AI-generated answers and nutritional estimates may be inaccurate or incorrect and must be read together with the Health and AI Disclaimer.

Legal obligations

The controller may process Users' data to comply with legal obligations, requests from authorities, regulations or European Union law. The legal basis is compliance with a legal obligation. Data are retained for the time necessary to fulfil the applicable obligation.

Data disclosure and transfers

Personal data may be transferred outside the European Union only in compliance with applicable data protection law, including the rules on adequacy decisions and appropriate safeguards.

Employees and collaborators authorised by the controller may access personal data only for the purposes set out in this policy. Third-party providers may also process data on behalf of the controller as processors, including outsourcing and cloud service providers, professionals and consultants, IT and logistics providers needed to operate the App.

Such providers include the AI system providers used in the App, namely Anthropic Ireland Limited, OpenAI Group, Google Inc, OpenRouter Inc and Groq Inc; OVH Groupe SA for data storage, management and hosting services; and Open Food Facts for access to the product database and barcode search. Users may request the list of appointed processors by contacting the controller.

Users' rights

Users may exercise the rights granted by applicable law by contacting the controller or the DPO at the addresses above. For account deletion, the User may also use the “Delete account and data” button in the personal account area.

In particular, Users may request access, rectification, update, integration, erasure, anonymisation or restriction of data processed unlawfully, data portability where applicable, and information on the origin of the data, processing purposes and methods, logic applied by electronic tools, identification details of the controller and processors, and the recipients or categories of recipients of personal data.

Users may object to processing on grounds relating to their particular situation where permitted by applicable law. Where processing is based on consent, Users may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

If Users believe that the processing of their data breaches applicable law, they may lodge a complaint with a supervisory authority in the Member State where they habitually reside, work or where the alleged infringement occurred.

External links

The controller is not responsible for keeping every link displayed in this policy constantly updated. If a link is not working or not updated, Users should refer to the relevant document or section of the websites referred to by that link.