Privacy Policy

Last updated: March 20, 2026

NoshNotes ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your Apple ID identifier and display name through Sign in with Apple. We do not receive your email address unless you choose to share it.

Food Log Data

We store the food items you enter, including the raw text of your entries, AI-generated nutrition estimates (calories, protein, fat, carbohydrates, fiber), any manual overrides you make, and daily log metadata (dates, totals). This data is stored securely in our database and is associated with your account.

Goals Data

If you set nutrition goals, we store your calorie and macronutrient targets to provide progress tracking features.

Usage Analytics

We collect anonymous usage analytics to improve the Service, including feature usage patterns, error reports, and general app performance metrics. We use PostHog for this purpose. Analytics data does not include your food log content.

Subscription Information

Subscription purchases and billing are handled entirely by Apple through the App Store. We receive subscription status information (active, expired, trial) from RevenueCat, our subscription management provider, but we do not have access to your payment details.

2. How We Use Your Information

We use your information to:

  • Provide AI-powered nutrition analysis of your food entries
  • Store and sync your food logs across sessions
  • Track your progress toward nutrition goals
  • Manage your subscription status
  • Improve and optimize the Service
  • Diagnose technical issues and prevent abuse

3. Third-Party Services

We use the following third-party services to operate the app:

  • Supabase — Authentication and database hosting. Your account and food log data is stored in Supabase's infrastructure with row-level security policies ensuring you can only access your own data.
  • Perplexity AI — Primary AI provider for nutrition analysis. When you enter a food item, the text is sent to Perplexity's API for analysis. Only the food text is sent — no personal identifiers are included.
  • OpenRouter — Fallback AI provider used when the primary provider is unavailable. The same data handling applies as with Perplexity.
  • RevenueCat — Subscription management. RevenueCat processes subscription events from Apple and provides us with your subscription status.
  • PostHog — Anonymous product analytics. PostHog collects usage events to help us understand how features are used and identify issues.

4. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Row-level security policies in our database ensuring data isolation between users
  • JWT-based authentication with secure token handling
  • Rate limiting to prevent abuse
  • Secure credential storage using iOS Keychain (via expo-secure-store)

5. Data Retention

We retain your food log data and account information for as long as your account is active. AI interaction logs (which track usage for rate limiting) are retained for billing and abuse prevention purposes. You may request deletion of your data at any time.

6. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Delete — Request deletion of your account and all associated data
  • Export — Request an export of your food log data in a portable format
  • Correct — Update or correct inaccurate data in your account

To exercise any of these rights, please contact us at seanwedev@gmail.com.

7. Children's Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at seanwedev@gmail.com.