Nomi Nomi
← Back to Nomi

Privacy Policy

Last updated:

Our Privacy Philosophy

We collect only what we need to make your food choices clearer. We do not sell your personal data. We avoid retaining raw data longer than necessary and give you control over your account.

What We Collect

Data falls into a few categories. Some is required for the app to function (account + operational), some improves analysis quality, and some is optional analytics.

  • Account: email (if you sign up with email/password) or provider identifier (Apple / Google).
  • Scan events: barcode, anonymized product metadata, timestamp, nutritional profile derived from external sources.
  • User inputs: preferences you explicitly set (e.g., dietary flags in the future).
  • Device basics: coarse locale + platform (iOS / Android) for formatting and debugging.
  • Purchase state: subscription entitlements (non‑sensitive) via RevenueCat.

What We Do NOT Collect

We intentionally avoid collecting data that is not essential to delivering value to you.

  • No precise geolocation.
  • No contact list, photos.
  • No health records.
  • No ad identifiers for cross‑app tracking.

How Analysis Works

When you scan a product, we look up structured nutrition data (e.g., Open Food Facts) and may process text through AI models to identify ultra‑processed characteristics. We cache anonymized analysis summaries to speed up later scans. We do not send your email or direct identifiers to model providers.

Security Practices

We use modern TLS for data in transit and provider‑managed encryption at rest (Firebase, Google Cloud). Access to production data is role‑restricted. Secrets are stored server side, never hard‑coded in the app.

  • Authentication via Firebase Auth.
  • Entitlements & purchases via RevenueCat (tokenized).
  • Usage & crash diagnostics via Firebase (aggregated).

Retention

Scan history is retained so you can revisit results. If you delete your account, associated scan history and cached personalized data are scheduled for removal. Aggregated, non‑identifiable statistics (e.g., count of scans per category) may persist to improve global accuracy.

Your Controls

You can request deletion or export of your account‑linked data. Some data may be briefly retained in backups (automatic rotation).

  • Delete account: from Profile > Edit / Delete (irreversible).
  • Export: email us to request a machine‑readable export.
  • Revoke sign‑in provider access: manage in Apple / Google settings.

Third‑Party Services

We rely on reputable infrastructure and analytics providers. Each acts as a processor of limited scoped data.

  • Firebase (Auth, Firestore, Crashlytics, Analytics): core backend + diagnostics.
  • Google Cloud (server functions & model proxy).
  • Open Food Facts: public nutrition dataset lookups.
  • RevenueCat: subscription entitlement management (no raw payment details stored by us).
  • AI model providers (via secure proxy): ingredient text classification & pattern interpretation.

Links to each provider's policy are available upon request at support@nomiapp.io.

Children's Privacy & Safety

We are committed to protecting children's privacy in compliance with COPPA and applicable laws. This app is suitable for all ages with parental supervision.

  • No behavioral advertising: Ads shown to children are non‑personalized and contextual only.
  • Limited data collection: We collect only essential data needed for app functionality.
  • Parental controls: Parents can request deletion of their child's data at any time.
  • Safe content: All food analysis is educational and age‑appropriate.

Parents: Contact support@nomiapp.io for data requests or privacy questions about your child's account.

Policy Changes

If we make material changes, we will highlight them in‑app before they take effect. Continuing to use the app after notice constitutes acceptance of the updated terms.

Contact & Requests

Questions, deletion or export requests, or security concerns? We respond to most inquiries within 7 days.