Privacy Policy

Last updated: April 15, 2026

NomNom ("we", "our", "the app") is a macro-nutrient tracking mobile application. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Account Data

• Email address — used for account creation, login, and password recovery.
• Password — stored as a one-way bcrypt hash. We never store or see your plain-text password.
• Guest accounts — if you skip registration, a temporary anonymous account is created with no personal identifiers.

Health & Nutrition Data

• Meals logged — food names, estimated macronutrients (calories, protein, carbs, fat), timestamps, and optional meal photos.
• Daily nutrition goals — calorie and macro targets you set.
• Profile data — weight, height, age, sex, and activity level (only if you choose to enter them for personalized recommendations).

Photos

• Food photos — sent to our server for AI analysis, then stored to display in your meal history.
• Fridge/pantry photos — processed by AI for ingredient recognition. These photos are not permanently stored on our servers after analysis.

Usage Data

• Credit balance and transaction history — records of credits earned (ads, purchases) and spent (AI scans, coach chat).
• Coach conversations — messages exchanged with the AI nutrition coach, stored to maintain conversation context.
• Coach memory — preferences, dietary restrictions, and goals that the AI coach remembers to personalize advice.

Technical Data

• Device type (iOS/Android), app version.
• We do not collect location data, contacts, or browsing history.

2. How We Use Your Data

• Core functionality — logging meals, tracking macros, displaying history and statistics.
• AI food analysis — food photos are sent to Google Gemini API for nutritional estimation. See Section 5 for third-party details.
• Personalized coaching — your meal history and stated preferences help the AI coach provide relevant advice.
• Account security — email for password resets and authentication.

3. Data Storage & Security

• All data is stored in a secure MySQL database.
• Passwords are hashed with bcrypt (never stored in plain text).
• Authentication uses JWT tokens with short expiry and refresh token rotation.
• API communication uses HTTPS encryption.

4. Data Retention

• Your meal data and account are retained as long as your account is active.
• Guest account data may be deleted after 90 days of inactivity.
• You can request deletion of your account and all associated data at any time by contacting us.

5. Third-Party Services

• Google Gemini AI — food photos and text descriptions are sent to Google's Gemini API for nutritional analysis. Google's privacy policy applies to data processed by their API.
• Google AdMob — rewarded video ads are shown when you choose to watch them for free credits. AdMob may collect device identifiers for ad personalization. See Google's ad privacy policy.
• Open Food Facts / USDA — barcode lookups query public food databases. No personal data is sent to these services.

6. Advertising

NomNom shows opt-in rewarded video ads only. You choose when to watch an ad in exchange for free credits. We do not show banner ads, interstitial ads, or any involuntary advertising.

7. Children's Privacy

NomNom is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us for removal.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and data.
• Export your meal data.

To exercise any of these rights, contact us at the email below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance.

10. Contact

For privacy questions or data requests, contact us at:
privacy@nomnom.app