Back to Home

Privacy Policy

Last updated: March 2026 · v2.0

Effective: March 3, 2026

Introduction

Punde Commerce, LLC ("we," "our," or "us") operates Nourii, an AI-powered nutrition companion for plant-based eating. This privacy policy explains how we collect, use, store, and protect your personal information when you use our website, mobile applications, and services (collectively, the "Service").

By using Nourii, you agree to the practices described in this policy. This policy should be read together with our Terms of Service.

Information We Collect

We collect information to provide and improve our services:

Account Information

  • Email address and name
  • Profile photo (optional)
  • Authentication data (via email, Google, or Apple Sign-In)
  • City/location preference for restaurant discovery

Health & Nutrition Data

  • Dietary preferences (vegan, vegetarian, flexitarian)
  • Nutrition goals (calories, protein, carbs, fat, fiber)
  • Meal logs and food intake history
  • Food photos uploaded for AI analysis
  • Allergies and dietary restrictions

Usage Data

  • Restaurants viewed, favorited, and reviewed
  • Search queries and preferences
  • AI coach conversations
  • Feature usage and app interactions
  • Device type, operating system, and browser
  • Push notification tokens (for delivering notifications)

Location Data

  • City selection for restaurant recommendations (required)
  • Precise location for nearby restaurant discovery (optional, with your permission)

Business Account Data

  • Business name, contact information, and verification documents
  • Team member email addresses and roles
  • Restaurant claim requests and supporting documentation
  • Restaurant page view analytics (provided to business owners for their claimed restaurants)
  • Photos uploaded for restaurant listings (subject to tier-based limits)

Payment Information

  • Payment details are processed securely by Stripe (web) or Apple/Google (mobile apps)
  • We do not store your full credit card number
  • Subscription status and billing history

Photo Metadata

When you upload food photos, we automatically strip EXIF metadata (including GPS coordinates, camera model, and timestamps) before storage. This means your photos are stored without embedded location or device information.

How We Use Your Information

  • Provide personalized nutrition tracking and coaching
  • Analyze food photos and estimate nutritional content
  • Generate personalized meal plans and recommendations
  • Show relevant restaurant suggestions based on your preferences
  • Track your progress toward nutrition goals
  • Send notifications about streaks, goals, and updates
  • Process payments and manage subscriptions
  • Provide business owners with analytics for their restaurants
  • Verify business account claims via SMS
  • Monitor and improve app performance and reliability
  • Improve our AI models and services
  • Respond to support inquiries

AI Training Data (Opt-In)

You may optionally choose to contribute anonymized data to help improve Nourii's AI:

  • What's collected: Food photos, nutrition corrections, and conversation data
  • Anonymization: All identifying information is removed before storage
  • Control: This is off by default and requires explicit opt-in in Settings
  • Purpose: Improving food recognition and nutrition estimation accuracy

Data Storage & Security

Your data is stored securely using industry-standard practices:

  • Data is encrypted in transit (TLS) and at rest
  • Secure authentication via Supabase Auth
  • Row-level security ensures you can only access your own data
  • Regular security audits and updates
  • We do not sell your personal information to third parties

Third-Party Services

We use trusted third-party services to operate Nourii:

  • Supabase: Database, authentication, and file storage
  • Google Gemini: AI-powered food analysis, nutrition estimation, and coaching (primary AI provider)
  • Anthropic (Claude) / OpenAI: Backup AI providers used automatically if the primary provider is unavailable
  • Stripe: Payment processing (web)
  • RevenueCat: Subscription management (iOS/Android)
  • Mapbox: Restaurant maps and location services
  • Google Places: Restaurant data and information
  • PostHog: Privacy-focused product analytics
  • Google Analytics: Website usage analytics
  • Resend: Transactional emails
  • Vercel: Website and API hosting
  • Sentry: Error tracking and performance monitoring to maintain app reliability
  • Twilio: SMS delivery for business claim verification
  • Apple Push Notification service / Firebase Cloud Messaging: Delivering push notifications to your device (via Capacitor)

Each service has its own privacy policy governing how they handle data.

Cookies & Tracking

  • Essential cookies: Required for authentication and core functionality
  • Analytics: We use PostHog and Google Analytics to understand how users interact with our app
  • No advertising cookies: We do not use cookies for advertising or sell data to advertisers

Data Retention

  • Account data is retained while your account is active
  • Meal logs and nutrition history are kept for your reference
  • You can delete your account and all associated data at any time via Settings
  • After account deletion, data is permanently removed within 30 days
  • Anonymized training data (if opted in) may be retained for AI improvement

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users. For users covered by the GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, and affected individuals without undue delay. For all other users, we will provide notification without unreasonable delay, consistent with the needs of law enforcement and any measures necessary to determine the scope of the breach.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Delete your account and all associated data
  • Export: Request your data in a portable format
  • Opt-out: Disable analytics tracking or training data contribution
  • Unsubscribe: Stop receiving marketing emails at any time

To exercise these rights, contact us at hello@nourii.app or use the account deletion feature in Settings.

Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you with the Service (account management, nutrition tracking, meal logging, AI coaching)
  • Consent: Where you have given explicit consent (AI training data contribution, marketing emails, optional analytics)
  • Legitimate interest: Improving our services, preventing fraud, and ensuring security, where these interests do not override your rights

Automated Decision-Making

Nourii uses AI to estimate nutritional content of meals from photos and text descriptions. These are automated estimates provided for informational purposes and do not produce legal or similarly significant effects. You may always manually edit nutrition values after AI estimation.

Additional GDPR Rights

  • Right to restrict processing: You may request that we limit the processing of your data in certain circumstances
  • Right to object: You may object to processing based on legitimate interests at any time
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a lawful transfer mechanism to ensure your data receives an adequate level of protection.

Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Categories of Personal Information Collected

  • Identifiers: Name, email address, account ID
  • Commercial information: Subscription and purchase history
  • Internet activity: App usage, search history, feature interactions
  • Geolocation data: City selection, precise location (if permitted)
  • Sensory data: Food photos uploaded for analysis
  • Health information: Dietary preferences, nutrition goals, meal logs
  • Inferences: AI-generated nutrition estimates and recommendations

Sale of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Your CCPA Rights

  • Right to know: You may request the categories and specific pieces of personal information we have collected about you
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to correct: You may request correction of inaccurate personal information
  • Right to opt-out: You may opt out of the sale or sharing of personal information (though we do not sell or share your data)
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights

"Shine the Light" (California Civil Code § 1798.83)

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As stated above, we do not disclose personal information to third parties for their direct marketing purposes.

International Users

Nourii is available globally. By using our services, you consent to the transfer of your data to the United States and other countries where our service providers operate. We comply with applicable data protection laws, including GDPR for European users (see above) and CCPA for California residents (see above).

Children's Privacy

Nourii is not intended for children under 13 years of age (or under 16 in EU member states where the GDPR Article 8 age threshold applies). We do not knowingly collect personal information from children under these age thresholds. If you believe we have collected information from a child under the applicable age, please contact us immediately and we will take steps to delete the information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email. Your continued use of Nourii after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, please contact us at: hello@nourii.app

Punde Commerce, LLC
Delaware, USA

For GDPR inquiries, you may also contact your local data protection authority.