Privacy Policy

1. Controller

The controller responsible for data processing on this website under the General Data Protection Regulation is the operator of Newtrivo:

Name

Steffen Kuhr

Address

Motzfeldstraße 25
47574 Goch

Email

info@newtrivo.com

2. Basic principles

Newtrivo is a private hobby and leisure project without commercial intent. The website does not generate revenue from advertising, affiliate links, sponsorships, donations or other payments.

Newtrivo does not use advertising networks, social media pixels, Google Analytics, affiliate tracking or user profiling for advertising purposes. Personal data is processed only where it is necessary for accounts, login, email verification and the nutrition features used voluntarily by the user.

3. Website access and hosting

When you access the website, the web server processes technically necessary connection data so the page can be delivered to your browser. This may include your IP address, date and time of access, requested URL, HTTP status, referrer and browser or device information.

This processing is technically required. The legal basis is Art. 6(1)(f) GDPR, the legitimate interest in providing a stable, secure and error-free website. Server log data is not used for advertising or to create personal usage profiles.

4. Registration and user account

For a user account, Newtrivo processes the account data entered by the user. The email address is required; the name is optional. Passwords are never stored in plain text and are hashed with bcrypt before storage.

• Email address
• Optional name
• Hashed password value
• Account creation timestamp
• Email verification status and timestamp

The legal basis is Art. 6(1)(b) GDPR where processing is necessary to provide the user account and the related functions.

5. Email verification

After registration, Newtrivo creates a verification token that is valid for 24 hours. The token is stored together with the email address and is deleted after successful verification or expiry.

If an SMTP service is configured, your email address is transmitted to that email provider to deliver the verification email. The specific provider will be named if a production email service is used. In development mode, no external email delivery is used; the verification link is displayed locally.

6. Login, sessions and cookies

Login is handled through Auth.js with email and password. After a successful login, the application uses a technically necessary session so protected areas such as the diary, calculators and profile remain available. Necessary authentication cookies are used for this purpose.

These cookies are used only for login, security and session management. They are not used for advertising, analytics or third-party tracking. Without these technically necessary cookies, login functionality cannot work reliably.

7. Nutrition data, diary and profile

If you use the nutrition features, Newtrivo stores the data you voluntarily enter in your user account. This data may reveal information about diet, activity and personal goals and is therefore handled with particular care.

• Diary entries with date, meal, food, quantity and creation timestamp
• Activities with date, activity type, duration and calculated calories
• Nutrition goals such as calories, protein, carbohydrates and fat
• Profile values for goal calculations: weight, height, age, sex, activity and goal
• Saved meals with name, ingredients and quantities
• Favorites based on stored food IDs

The legal basis is Art. 6(1)(b) GDPR for providing the requested features and Art. 6(1)(a) GDPR where you voluntarily enter particularly personal information. If individual entries qualify as health data under Art. 9 GDPR, processing is based solely on your voluntary input and consent under Art. 9(2)(a) GDPR. You can remove individual diary entries, activities, saved meals and favorites inside the application.

8. Local storage in the browser

Newtrivo stores food filter settings locally in your browser usinglocalStorage so your food list view can be restored on your next visit. This information is not used for tracking and is not necessarily linked to your user account. You can delete it at any time via your browser data settings.

9. No analytics, advertising or affiliate services

Newtrivo currently does not use external analytics or marketing services, including:

• Google Analytics or comparable analytics tools
• Meta/Facebook Pixel, TikTok Pixel or other social media trackers
• Advertising networks, retargeting, affiliate tracking or sponsorship measurement
• Embedded social media plugins

Fonts are provided locally through Next.js. During normal website use, this does not cause your browser to connect to Google Fonts.

10. Recipients and data sharing

Personal data is not sold, rented or shared with third parties for advertising purposes. Data is shared only where technically necessary, for example with the hosting provider or a configured SMTP provider for verification emails, where there is a legal obligation, or where you have given explicit consent.

Transfer of personal data to countries outside the EU or EEA is currently not intended. If a provider with third-country relevance is used in the future, this Privacy Policy will be updated beforehand and the required legal basis will be stated.

11. Storage period and deletion

Account data and voluntarily stored nutrition data generally remain stored for as long as your user account exists or until you delete individual data. Verification tokens expire after 24 hours and are deleted after successful verification.

If you request deletion of your account or personal data, the operator will delete the data unless statutory retention obligations or legitimate reasons prevent deletion. A direct account deletion function will be provided once it is technically implemented in the application.

12. Security

Newtrivo limits access to stored user data to what is technically necessary. Passwords are stored as hashes. Protected areas check the authenticated session, and stored diary, meal and favorite data is associated with the user ID so users can access only their own data.

13. Your rights

Under the GDPR, you have the following rights in particular:

• Access to stored personal data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of personal data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing based on legitimate interests (Art. 21 GDPR)
• Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

To exercise your rights, you can contact the address listed above.

14. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, especially in the Member State of your habitual residence, place of work or place of the alleged infringement.

15. Changes to this Privacy Policy

This Privacy Policy will be updated if functions, technical infrastructure, service providers or legal requirements change. The current version is available on this page.