Privacy Policy

Version v1.0 | Effective: 2026-04-10 | Last updated: 2026-04-16

Disclaimer: This policy was drafted by the product team and should be reviewed by qualified legal counsel before official publication (especially GDPR / CCPA / COPPA compliance provisions).

This document is available in both Chinese and English. The Chinese version is the primary version. The English version is a Reference Translation. In case of legal disputes, the Chinese version shall prevail.

1. Overview

Nourai ("we", "the app") is an AI-powered food and nutrition tracking application developed by the Paradox team. We are committed to providing services based on the principle of data minimization. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data.

By using Nourai, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please do not use the app.

2. Data We Collect

2.1 Account Information (Required)

  • Email address (for sign-in and password recovery)
  • Password hash (stored using argon2; we never store your plaintext password)
  • Display name (optional)
  • Account creation timestamp and last login time

2.2 User Profile (Optional)

  • Biometric data: height (cm), weight (kg), age, sex
  • Activity level (sedentary / lightly active / moderately active / very active)
  • Health goal (weight loss / gain / maintain / muscle gain)
  • TDEE and daily energy budget (derived from your profile)

2.3 Diet Entries

  • Food name, weight, meal slot, timestamp
  • Per-entry nutrition data (energy, carbs, protein, fat, fiber, sugar, sodium, etc.)
  • Food photo URLs (stored in MinIO / S3 object storage)
  • Nutrition label photos you voluntarily upload

2.4 AI Recognition Data

  • Food photos uploaded for recognition via Claude Vision (to identify food type and estimate weight)
  • Nutrition label photos uploaded for OCR
  • Recognition results (food candidates, confidence scores, AI-estimated weight)

Our commitment: These photos are used solely for the current recognition request. They are not used to train AI models and are never shared between users.

2.5 Voice Data

  • Audio recorded via the in-app "voice entry" feature
  • Audio is uploaded to the server temporarily for transcription (OpenAI Whisper API) and deleted from our servers immediately after transcription
  • The transcribed text is retained as part of the relevant diet entry or chat history

2.6 Nour AI Conversations

  • Your chat messages with the Nour AI assistant (message / response / conversation_id)
  • Conversation IDs used to maintain dialog context

2.6.1 Emotional Insights (Opt-in, default OFF)

  • Category: Emotional State — emotion classifications (joy / stress / fatigue / motivation / frustration / neutral) and their confidence scores inferred from your conversations with Nour
  • Collection condition: Collected only after you explicitly enable "Emotional Insights" in Settings. Default is OFF
  • Purpose: Used exclusively to power your own Insights & Analytics (weekly report, mood chart). Not used for advertising, not used for push notifications, never aggregated across users
  • Linkage: Data is linked to your account (user_id)
  • Retention: You control it. Disabling the toggle only stops new observations from being recorded — it does not delete history. You can erase every observation at any time via "Settings → Emotional Insights → Clear History" or by calling DELETE /api/v1/users/me/emotions

2.7 Usage Analytics & Diagnostics

  • Crash reports (collected via Sentry SDK; do not contain your diet entries or profile)
  • Device model, OS version, app version (anonymized)
  • Sentry is optional: You can disable crash reporting in Settings

2.8 Data We Do Not Collect

  • We do not collect precise geolocation (GPS)
  • We do not access contacts, calendar, or other photos in your library
  • We do not access call logs, SMS, or data from other apps
  • We do not use third-party advertising trackers (no Facebook Pixel, no GA for Firebase Ads)
  • We do not sell your personal data

3. How We Use Your Data

Your data is used only for the following purposes:

  1. Core functionality: Recording meals, calculating nutrition intake, displaying history, generating trend insights
  2. AI Recognition: Sending food photos to Anthropic Claude API (default) or Google Gemini API (configurable alternative) for recognition and weight estimation; sending nutrition labels to the same provider for OCR; sending audio to OpenAI Whisper for transcription
  3. Nour AI Assistant: Sending your messages along with relevant diet context to Anthropic Claude API or Google Gemini API for response generation
  4. Nutrition data lookup: Using food names to query the local nutrition database (cached from USDA + Open Food Facts)
  5. Personalization: Displaying daily energy budgets and macro targets based on TDEE and profile
  6. Product improvement: Aggregating anonymized crash reports to fix bugs (via Sentry)

Zero-LLM-fabrication nutrition commitment: Our AI only identifies food types and estimates weights. All nutrition values come from authoritative databases (USDA, Open Food Facts) — never from LLM generation.

4. Third-Party Services

Provider Purpose Data Shared Privacy Policy
Anthropic (Claude API) Food recognition / nutrition label OCR / Nour chat (default provider) Food photos, nutrition label photos, chat messages anthropic.com/legal/privacy
Google (Gemini API) Food recognition / nutrition label OCR / Nour chat (switchable provider) Food photos, nutrition label photos, chat messages policies.google.com/privacy
OpenAI (Whisper API) Voice transcription Temporary audio files openai.com/policies/privacy-policy
Sentry Crash monitoring (optional) Crash stacks, device model, app version sentry.io/privacy
USDA FoodData Central Nutrition database (Public Domain) No data sent back fdc.nal.usda.gov
Open Food Facts Nutrition database (ODbL license) No data sent back openfoodfacts.org/privacy
MinIO / S3-compatible storage Food photo storage Food photos Self-hosted

4.1 Open Food Facts ODbL Attribution

Nourai uses nutrition data from Open Food Facts under the Open Database License (ODbL) v1.0. Per ODbL terms, any database derived from this app remains ODbL-licensed. Original contributor attribution is available at openfoodfacts.org.

4.2 USDA Public Domain Notice

USDA FoodData Central data is a work of the U.S. Government in the public domain, with no copyright restrictions.

5. Data Storage

5.1 Local Storage

  • iOS: Authentication tokens in the system Keychain; diet entry cache via SwiftData
  • Android: Authentication tokens in EncryptedSharedPreferences (AndroidX Security); diet entry cache via Room

5.2 Cloud Storage

  • Database: PostgreSQL (with pgvector), deployed on our self-hosted infrastructure
  • Object storage: MinIO (S3-compatible) for food photos
  • Transport encryption: All client-server communication uses HTTPS (TLS 1.3)

5.3 Retention Periods

  • While account is active: All data you create is retained
  • After account deletion: All personal data is hard-deleted from the production database within 30 days; backup copies are rotated out within 90 days
  • Crash reports: Retained for 90 days (Sentry default)
  • Audio files: Deleted immediately after transcription
  • Server access logs: Retained for 30 days for security auditing

6. Your Rights (GDPR Articles 15-22)

If you are a resident of the European Economic Area (EEA), the UK, or California, you have the following rights:

6.1 Right of Access (GDPR Art. 15)

You have the right to obtain a copy of the personal data we hold about you.

6.2 Right to Rectification (GDPR Art. 16)

You can edit your profile at any time within the app's "Profile" section. For other corrections, please contact us.

6.3 Right to Erasure / Right to Be Forgotten (GDPR Art. 17)

You can delete your account via Settings. Upon deletion request:

  • All your personal data is cascade-deleted from the production database immediately (user profile, diet entries, conversation history, achievements, uploaded food photos)
  • Endpoint: DELETE /api/v1/users/me (shipped)
  • Food photos are synchronously deleted from MinIO/S3 object storage
  • Backup copies are rotated out within 90 days

6.4 Right to Data Portability (GDPR Art. 20)

You have the right to receive your personal data in a structured, commonly-used, machine-readable format (JSON).

  • Endpoint: GET /api/v1/users/me/export (shipped)
  • Export contents: user profile + diet entries + conversation history + unlocked achievements
  • Sensitive fields (password hash, refresh token hash) are filtered from the export

6.5 Right to Object (GDPR Art. 21)

You can object to specific processing (e.g., crash reporting). Disable Sentry in Settings.

6.6 Right to Withdraw Consent (GDPR Art. 7)

You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.7 How to Exercise Your Rights

To exercise any of the above rights, email [email protected]. We will respond within 30 days.

7. Children's Privacy

Nourai is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such data, we will delete it promptly.

If you are a parent and believe your child has provided us with personal information, please contact [email protected].

8. Data Security Measures

We take the following measures to protect your data:

  • Transport encryption: HTTPS (TLS 1.3) enforced
  • Password security: argon2id with random salts
  • Authentication: Short-lived JWT access tokens + refresh token rotation
  • Refresh token hashing: Refresh tokens stored as SHA-256 hashes in the database
  • Mobile key storage: iOS Keychain / Android EncryptedSharedPreferences
  • Database protection: Parameterized SQL queries (SQL injection prevention), compile-time SQL validation via sqlx
  • API security: Rate-limit middleware, JWT auth middleware
  • Principle of least privilege: Service accounts granted only required database permissions

Despite reasonable measures, no internet transmission or electronic storage is 100% secure. Please safeguard your account password.

9. Cookies and Tracking

Nourai is a native iOS / Android app and does not use cookies. We do not use any third-party analytics SDKs (no Google Analytics, no Facebook SDK, no AppsFlyer, no Branch.io).

10. International Data Transfers

  • Primary processing location: Our servers are located in [TBD region], where your data is primarily processed and stored
  • Cross-border transfers: When using Anthropic / OpenAI / Sentry, your data may be transferred to the United States and other third countries
  • Safeguards: These third-party providers commit to GDPR Standard Contractual Clauses (SCC) or equivalent cross-border transfer protection mechanisms

11. Policy Updates

We may update this policy from time to time. Material changes will be communicated via:

  • An in-app notification banner
  • Updating the "Last Updated" date at the top of this document
  • Email notification for material changes

Continued use of Nourai constitutes acceptance of the updated policy.

12. Contact Us