Privacy Policy

1. Introduction

Welcome to Nourish ("we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to the Nourish mobile app and any web services we operate under the same brand.

2. Information We Collect

We collect only the information needed for the app's core features to work. Specifically:

• Account information: your email address, your name, and either a one-way password hash or an OAuth identifier from Google or Microsoft if you sign in that way. We also keep an email-verified flag and your account creation date.
• Profile information: any of the following you choose to enter — age, weight, height, activity level, dietary restrictions, daily nutrition goals (calories, protein, carbs, fat, water), and an avatar image you pick.
• Meal data: photos you capture or upload for food recognition, the resulting food items and macros, the meal type (breakfast / lunch / dinner / snack), and the date.
• Water log: the number of glasses you log per day.
• AI coach conversations: the messages you send to and receive from the AI nutrition coach.
• Notification preferences: which notifications you've enabled and the meal-reminder times you've chosen (these are also stored on your device).
• Subscription and credits: your active plan, expiry, credit balance, redeemed coupon codes, and the receipt/customer identifiers issued by the payment processor.
• Support communications: if you submit our contact form, we keep the name, email, and message you send.

3. Information We Do Not Collect

Even though Android grants permissions broadly, Nourish only uses the narrowest possible access. We do not access, collect, or transmit:

• Your photo gallery or camera roll outside of what you explicitly capture or pick.
• Your contacts, call logs, or messages.
• Your precise or approximate location.
• Your microphone or any audio.
• Information about other apps installed on your device.
• Your raw password (we only ever store a one-way hash for password sign-ins).
• Your full card or payment-method details (those are handled exclusively by Google Play and Stripe).

The camera permission is used only when you actively tap "scan a meal", and only for the duration of that capture. File-picker access for avatar uploads goes through the Android system picker, which only hands us the single file you select.

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Nourish app and its features.
• Identify food in meal photos using Google's Gemini AI and estimate nutritional values.
• Generate personalised responses from the AI nutrition coach.
• Track your nutrition progress against your goals and show your history.
• Send local meal-time and goal-reached notifications, when you've enabled them.
• Manage your account, credit balance, and subscription.
• Send essential service-related communications (e.g. password resets, email verification).
• Diagnose technical issues and improve the app.

We do not use your data to train AI models, and we do not sell your personal information.

5. Third-Party Services

We rely on the following providers to operate Nourish. Each acts as a data processor on our behalf:

• Convex — hosted database where your account, profile, meals, water logs, AI chats, subscriptions, and credits are stored. Convex runs on Google Cloud infrastructure. Convex Privacy Policy.
• Google (Vertex AI / Gemini) — meal photos are sent to Google's Gemini model for food recognition. Google processes the image to return the food items and macros, and does not retain the image after the response. Google Privacy Policy.
• Google Play Billing — handles subscription purchases and credit-pack purchases on Android. Google issues us a purchase token; we never see your card or payment details. Google Privacy Policy.
• Stripe — handles payments for existing subscribers on the web. Stripe stores the payment method directly; we receive a customer identifier only. Stripe Privacy Policy.
• Google Sign-In / Microsoft Sign-In (optional) — if you sign in with Google or Microsoft, those providers verify your identity and send us only your basic profile (email, name, avatar). You can use email/password instead and skip them entirely.
• Transactional email — outgoing emails (password resets, email verification, occasional product announcements you've opted into) are sent through our email delivery provider.

6. Data Retention

We keep your data only for as long as it serves a clear purpose. Specifically:

• Account, profile, meals, water logs, subscription, credits: kept while your account is active.
• AI coach chat messages: automatically deleted after approximately 90 days. If you'd like to preserve a particular conversation, use the in-app "Save conversation" feature — saved conversations are kept while your account is active.
• Contact-form submissions: kept for up to 1 year, then automatically deleted.
• Failed sign-in rate-limit data: kept up to 7 days.
• Password reset codes and email verification tokens: cleared as soon as they expire (typically within a few hours of issue).
• Device-local data: sign-in token, your meal reminder times, and a small offline cache of today's meals — all wiped immediately when you sign out.

When you delete your account from inside the app, every record tied to your user — meals, photos, profile, credits, subscription, chat history, water logs, saved conversations, recipe shares — is removed from our servers in the same operation. We may retain payment-processor records (Stripe / Google Play) for as long as legally required for tax, anti-fraud, or accounting purposes.

7. Data Storage and Security

Your data is stored on Convex's infrastructure, which runs on Google Cloud. Connections between the app and our servers are encrypted in transit using HTTPS. Passwords (for users who don't use Google or Microsoft sign-in) are stored only as a bcrypt one-way hash — we cannot recover the original password and would not know it ourselves. While we take industry-standard precautions, no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, applicable laws (such as GDPR in the European Economic Area, CCPA/CPRA in California, or PIPEDA in Canada) give you specific rights over your personal data. You may:

• Access the personal data we hold about you.
• Request correction of inaccurate personal data — most fields can be edited directly in the app.
• Request a copy of your data in a portable format.
• Delete your account and associated data — this is available inside the app at any time, and is processed immediately.
• Object to or restrict certain processing of your personal data.
• Withdraw any consent you previously gave (for example, opt out of promotional emails inside Notification Preferences).
• Lodge a complaint with a relevant data-protection authority.

To exercise any of these rights, please contact us at contactus@neoncell.ca. We aim to respond within 30 days.

9. Children's Privacy

Nourish is not directed to children under the age of 13 (or under 16 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete that information.

10. International Users

Nourish is operated from Canada. By using the app, you understand that your information will be transferred to and processed in Canada, the United States (where our hosting and AI providers operate), and any other country where our service providers are located. We take steps to ensure transferred data receives an adequate level of protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the services, or applicable law. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, for significant changes, by sending an email notification or showing an in-app notice. Your continued use of Nourish after the effective date of an update constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us: