Back to Home

Privacy Policy

Last updated: April 16, 2026 · v2.2

Effective: April 16, 2026

Introduction

Punde Commerce, LLC ("we," "our," or "us") operates Nourii, an AI-powered nutrition companion for plant-based eating. This privacy policy explains how we collect, use, store, and protect your personal information when you use our website, mobile applications, and services (collectively, the "Service").

By using Nourii, you agree to the practices described in this policy. This policy should be read together with our Terms of Service.

Information We Collect

We collect information to provide and improve our services:

Account Information

  • Email address and name
  • Profile photo (optional)
  • Authentication data (via email, Google, or Apple Sign-In)
  • City/location preference for restaurant discovery

Health & Nutrition Data

  • Dietary preferences (vegan, vegetarian, flexitarian)
  • Nutrition goals (calories, protein, carbs, fat, fiber, micronutrients)
  • Meal logs, food intake history, and supplement logs
  • Food photos uploaded for AI analysis
  • Allergies and dietary restrictions
  • Body measurements (height, weight, date of birth, sex) if provided during onboarding
  • Voice recordings processed on-device for speech-to-text meal logging (audio is not stored on our servers)
  • Gamification and progress data (streaks, badges, challenges, nutrition scores)

Usage Data

  • Restaurants viewed, favorited, and reviewed
  • Search queries and preferences
  • AI coach conversations
  • Feature usage and app interactions
  • Device type, operating system, and browser
  • Push notification tokens (for delivering notifications)

Location Data

  • City selection for restaurant recommendations (required)
  • Precise location for nearby restaurant discovery (optional, with your permission)

Business Account Data

  • Business name, contact information, and verification documents
  • Team member email addresses and roles
  • Restaurant claim requests and supporting documentation
  • Restaurant page view analytics (provided to business owners for their claimed restaurants)
  • Photos uploaded for restaurant listings (subject to tier-based limits)

Payment Information

  • Payment details are processed securely by Stripe (web) or Apple/Google (mobile apps)
  • We do not store your full credit card number
  • Subscription status and billing history

Photo Metadata

When you upload food photos, we automatically strip EXIF metadata (including GPS coordinates, camera model, and timestamps) before storage. This means your photos are stored without embedded location or device information.

How We Use Your Information

  • Provide personalized nutrition tracking and coaching
  • Analyze food photos and estimate nutritional content
  • Generate personalized meal plans and recommendations
  • Show relevant restaurant suggestions based on your preferences
  • Track your progress toward nutrition goals
  • Send notifications about streaks, goals, and updates
  • Process payments and manage subscriptions
  • Provide business owners with analytics for their restaurants
  • Verify business account claims via SMS
  • Monitor and improve app performance and reliability
  • Calculate nutrition scores and environmental impact estimates
  • Improve our AI models and services
  • Respond to support inquiries

AI Training Data (Opt-In)

You may optionally contribute anonymized data to help improve Nourii's AI:

  • What's collected: Meal photos and your nutrition corrections (the edits you make to AI estimates)
  • Anonymization: Samples are stripped of identifiers before being added to the training pool. There is no link back to your account.
  • Control: Off by default. Toggle at Settings → Privacy & Data → Contribute to improve Nourii's AI. You can change your choice at any time.
  • Opt-out behavior: When you turn this off, we stop collecting new samples from your account immediately. Samples already contributed remain in the training pool because they carry no link to your identity — there is nothing to match back to you and delete.
  • Purpose: Improving food recognition and nutrition estimation accuracy.

Data Storage & Security

Your data is stored securely using industry-standard practices:

  • Data is encrypted in transit (TLS) and at rest
  • Secure authentication via Supabase Auth
  • Row-level security ensures you can only access your own data
  • Regular security audits and updates
  • We do not sell your personal information to third parties

Third-Party Services

We use trusted third-party services to operate Nourii:

  • Supabase: Database, authentication, and file storage (US)
  • Vercel: Website and serverless API hosting (US)
  • OpenAI (GPT-4.1): Primary AI provider for coaching and meal estimation
  • Anthropic (Claude): Fallback AI provider for some coaching features
  • Google: Gemini (AI fallback + menu parsing), Google Places (restaurant data), Google Analytics (website), Google OAuth (sign-in), and Firebase Cloud Messaging (push notifications)
  • Apple: Sign in with Apple (OAuth), App Store in-app purchases, and Apple Push Notification service
  • Mapbox: Maps for restaurant discovery
  • RevenueCat: Subscription management on iOS and Android
  • Stripe: Subscription billing on the web
  • PostHog: Product analytics
  • Resend: Transactional and campaign emails
  • Sentry: Error tracking and performance monitoring
  • Twilio: SMS delivery for business claim verification

Each service has its own privacy policy governing how they handle data.

Cookies & Tracking

  • Essential cookies: Required for authentication and core functionality
  • Analytics: We use PostHog, Google Analytics, and Microsoft Clarity to understand how users interact with our app.
  • Microsoft Clarity: We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
  • No advertising cookies: We do not use cookies for advertising or sell data to advertisers

Data Retention

Your account profile and goals are kept for as long as your account is active. We also apply the following rolling retention windows to keep the app fast and honor your privacy:

  • Coach conversations: 90 days. You can opt out at Settings → Privacy & Data → Keep conversations forever to exempt your account from this window.
  • Meal logs: 365 days
  • Notifications: 90 days
  • AI call logs (operational telemetry): 30 days
  • After the window passes, records are permanently deleted by an automated daily job.
  • Anonymized training contributions (if opted in) remain in the training pool because they carry no link to your identity.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users. For users covered by the GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, and affected individuals without undue delay. For all other users, we will provide notification without unreasonable delay, consistent with the needs of law enforcement and any measures necessary to determine the scope of the breach.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you by emailing support
  • Correction: Update profile, goals, and meal data directly in the app, or email us for anything you can't edit yourself
  • Deletion: Delete your account at any time (see below for how the flow works)
  • Training opt-in: Turn the Contribute to improve Nourii's AI toggle on or off at Settings → Privacy & Data
  • Retention preference: Turn on Keep conversations forever at Settings → Privacy & Data to exempt your coach conversations from the 90-day retention window
  • Unsubscribe: Stop receiving marketing emails via the link in any email, or from Settings → Notifications

Deleting Your Account

You can delete your account at Settings → Delete Account, or by emailing hello@nourii.app. Here is exactly what happens:

  • Immediate lock: Your account is soft-deleted right away. You can no longer sign in or use the app.
  • 30-day grace window: If you change your mind, email hello@nourii.app within 30 days and we will restore your account.
  • Permanent deletion: After 30 days, we hard- delete your auth record and cascade through all of your owned data — meal logs, coach conversations, goals, badges, streaks, notifications, photos, and subscription records.
  • What is not deleted: Anonymized training contributions (if you opted in) stay in the training pool, since they carry no link to your identity. Aggregate analytics counts remain, with your user ID set to null.

For any other request, contact us at hello@nourii.app.

Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you with the Service (account management, nutrition tracking, meal logging, AI coaching)
  • Consent: Where you have given explicit consent (AI training data contribution, marketing emails, optional analytics)
  • Legitimate interest: Improving our services, preventing fraud, and ensuring security, where these interests do not override your rights

Automated Decision-Making

Nourii uses AI to estimate nutritional content of meals from photos and text descriptions. These are automated estimates provided for informational purposes and do not produce legal or similarly significant effects. You may always manually edit nutrition values after AI estimation.

Additional GDPR Rights

  • Right to restrict processing: You may request that we limit the processing of your data in certain circumstances
  • Right to object: You may object to processing based on legitimate interests at any time
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority

International Data Transfers

Your data is processed in the United States by our service providers (listed in Third-Party Services). Each of those providers has their own safeguards in place for international transfers (such as Standard Contractual Clauses) under their respective privacy programs.

Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Categories of Personal Information Collected

  • Identifiers: Name, email address, account ID
  • Commercial information: Subscription and purchase history
  • Internet activity: App usage, search history, feature interactions
  • Geolocation data: City selection, precise location (if permitted)
  • Sensory data: Food photos uploaded for analysis
  • Health information: Dietary preferences, nutrition goals, meal logs
  • Inferences: AI-generated nutrition estimates and recommendations

Sale of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Your CCPA Rights

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to correct: You may request correction of inaccurate personal information
  • Right to opt-out: You may opt out of the sale or sharing of personal information (though we do not sell or share your data)
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights

"Shine the Light" (California Civil Code § 1798.83)

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As stated above, we do not disclose personal information to third parties for their direct marketing purposes.

International Users

Nourii is available globally. By using our services, you consent to the transfer of your data to the United States and other countries where our service providers operate. We comply with applicable data protection laws, including GDPR for European users (see above) and CCPA for California residents (see above).

Children's Privacy

Nourii is not intended for children under 13 years of age (or under 16 in EU member states where the GDPR Article 8 age threshold applies). We do not knowingly collect personal information from children under these age thresholds. If you believe we have collected information from a child under the applicable age, please contact us immediately and we will take steps to delete the information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email. Your continued use of Nourii after changes constitutes acceptance of the updated policy.

Changelog

  • v2.2 (April 16, 2026): Published concrete retention windows (coach conversations 90 days, meal logs 365 days, notifications 90 days, AI logs 30 days), documented the new 30-day grace-window account deletion flow, and clarified how the AI training opt-in toggle works.
  • v2.1 (April 2026): Added GDPR and CCPA sections, clarified third-party processors, and documented EXIF stripping on uploaded photos.

Contact Us

If you have questions about this privacy policy or your data, please contact us at: hello@nourii.app

Punde Commerce, LLC
Delaware, USA

For GDPR inquiries, you may also contact your local data protection authority.