Privacy Policy

Download / Save as PDF

Operator note: Nourai is currently operated by its individual developer. This policy is maintained from the actual product and infrastructure behavior. It is not a claim of HIPAA compliance or legal-counsel review.

English is the governing language. Any translation into another language is provided solely for convenience. In case of any discrepancy or conflict between the English version and any translation, the English version shall prevail and govern.

1. Overview

Nourai ("we," "us," or "our") is an AI-powered food and nutrition tracking application operated by its developer, Huibin Wu. We are committed to the principle of data minimization — collecting only what is necessary to provide our services.

This Privacy Policy explains what information we collect, how we use that information, who we share it with, how we protect it, and what rights you have.

By using Nourai, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, please do not use the App.

Nourai is not a medical device. It does not provide medical diagnosis, treatment, or prescription advice. If you have diabetes, kidney disease, eating disorders, pregnancy-related nutritional needs, or other medical conditions, please consult a physician or registered dietitian.

2. Information We Collect

2.1 Account Information (Required)

• Email address — used for login, password recovery, and essential service notifications
• Password hash — stored using Argon2id; we never store plaintext passwords
• Display name — optional; used to personalize your experience
• Account creation timestamp and last login timestamp
• Authentication method (email/password, Apple Sign-In, or Google Sign-In)
• Passkey credential identifiers — if you choose to register a Passkey
• Email verification status

2.2 Profile & Goals (Optional)

• Physiological data: height, weight, age, gender
• Activity level: sedentary, lightly active, moderately active, very active
• Health goal: lose weight, gain weight, maintain, build muscle
• Timezone — used for daily summary calculations

From this information, we calculate your BMR, TDEE, daily calorie budget, and macronutrient targets. You may update or delete this profile data at any time in the App.

2.3 Food & Nutrition Records

• Food name, weight in grams, meal type (breakfast, lunch, dinner, snack), and timestamp
• Nutritional data per entry: calories, carbohydrates, protein, fat, fiber, sugar, sodium
• Food photos — uploaded by you, stored in Google Cloud Storage
• Nutrition label photos — uploaded by you for OCR processing
• Weight source — how the weight was determined (visual estimate, 3D depth, reference object)
• Search queries, barcode scans, and manual entry inputs

2.4 AI Recognition, Voice & Conversational Data

Food Photos & Nutrition Labels

• Uploaded to our servers and forwarded to Google Vertex AI (Gemini models) for food recognition, weight estimation, and nutrition label OCR
• Recognition results: candidate foods, confidence scores, estimated weights, and explanatory text

Voice Recordings

• Audio recorded via the "Speak to Log" feature
• Audio is temporarily uploaded to our servers, transcribed and parsed by Google Vertex AI (Gemini)
• Audio files are deleted immediately after processing, typically within seconds; if a transient technical failure requires a retry, temporary audio retention must not exceed 24 hours
• Only the transcribed text is retained in your food records or chat history if you save it

Nuru Chat Conversations

• Messages you send to Nuru and responses generated by Nuru
• Conversation IDs for context continuity
• Long-term memory extracted from conversations (dietary preferences, allergies, goals)
• Weekly report context derived from your nutrition data and conversation history

Our commitments:

• Photos and audio are used only for your current logging session
• We do not use your content to train AI models
• We do not share your content with other users
• Nutrition values are never invented by the AI; they come from our nutrition database (USDA + Open Food Facts) or your explicit input

2.5 Emotional Insights (Opt-In, Default: OFF)

Emotional Insights is disabled by default. If you enable it in Settings:

• Nourai infers emotional states (joy, stress, fatigue, motivation, frustration, neutral) from your conversations with Nuru
• Emotional signals are stored as high-level tags and numerical confidence scores, not as original biometric emotion templates or face/fingerprint recognition templates
• Purpose only: Personalized insights in your weekly reports and mood charts
• Not used for: advertising, push notifications, cross-user aggregation, or third-party sharing
• Retention: Controlled by you. Disabling stops new observations but does not delete historical data. You may hard-delete all emotional observations at any time via Settings or by calling DELETE /api/v1/users/me/emotions

2.6 Health Platform Data (HealthKit / Health Connect)

Health Sync is disabled by default and requires your explicit authorization. Read and write permissions are managed independently.

If you authorize Read access, Nourai may read:

• Steps
• Active energy burned
• Weight

If you authorize Write access, Nourai may write:

• Nutrition records: energy (kcal), protein, carbohydrates, fat

We do NOT read: heart rate, sleep data, blood glucose, location, contacts, call logs, or messages.

Withdrawing authorization: You may disable Health Sync in Settings at any time. Data already written to Apple Health or Health Connect must be managed separately in those apps.

2.7 Subscription & Billing Data

• Subscription status, plan type, and platform (Apple App Store or Google Play)
• Purchase receipts and verification results
• Daily quota usage (recognition, chat, voice calls)
• Trial progress and billing dates

We do not store your payment card details. All payments are processed by Apple App Store or Google Play.

2.8 Diagnostics & Stability (Optional)

We use Sentry to collect crash reports and diagnostic information:

• Crash stack traces
• Device model, OS version, and App version
• Limited user context (user ID, for error correlation)

Sentry is opt-out: You may disable crash reporting in Settings. If disabled, Sentry is not initialized on the next App launch.

We do NOT collect: your food records, chat messages, photos, or profile data in crash reports.

Current Sentry project evidence shows server-side data scrubbing enabled, default scrubbers enabled, IP address storage disabled, and additional sensitive field names configured for email, food_record, chat_content, audio_filename, HealthKit, and HealthConnect. Project-level Advanced Data Scrubbing rules were not shown in the evidence screenshot and should be added separately if Nourai needs pattern-based redaction beyond field-name scrubbing.

Current Sentry evidence supports a signed Data Processing Amendment. Current evidence does not show a Sentry Business Associate Agreement. For this reason, Nourai must keep Sentry free of PHI and sensitive user content.

2.9 What We Do NOT Collect

• Precise geolocation (GPS)
• Contacts, calendar, or photo gallery (except photos you explicitly upload)
• Call logs, SMS, or other App data
• Third-party advertising tracking (no Facebook Pixel, no Google Analytics for Firebase Ads, no AppsFlyer, no Branch.io)
• Biometric data

We do not sell your personal data.

Nourai does not collect, share, or sell consumer health data, including consumer health data that may be covered by Washington's My Health My Data Act, except as reasonably necessary to provide features requested by you, comply with law, protect security, or otherwise as described in this Policy.

3. How We Use Your Information

We use your data solely for the following purposes:

• Core functionality: Food logging, nutrition calculation, history, trends, achievements
• AI assistance: Food recognition, OCR, voice parsing, Nuru chat responses, weekly reports
• Nutrition matching: Querying our nutrition database (USDA + Open Food Facts)
• Personalization: TDEE, calorie budget, and macronutrient targets based on your profile
• Subscription management: Access control, quota enforcement, purchase verification, restoration
• Health sync: Reading/writing health platform data (with your authorization)
• Diagnostics: Fixing bugs and improving stability (via Sentry)
• Account security: Email verification, Passkey management, password resets
• Legal compliance: Responding to data subject requests, fraud prevention, legal obligations

Zero LLM-Hallucination Commitment: Our AI identifies food, estimates weight, parses labels or voice, and provides explanations. All nutritional values come from our database or your explicit input. The AI never generates nutritional data.

4. Legal Basis for Processing (GDPR)

5. Third-Party Services & Processors

We engage the following subprocessors. All subprocessors are bound by data processing agreements (DPAs) or standard contractual clauses (SCCs) where applicable.

Data Residency for Vertex AI: We use Google Vertex AI's global endpoint region. Your data may be processed in Google Cloud data centers worldwide.

5.1 Open Database License (ODbL) Notice

Nourai uses nutritional data from Open Food Facts, which is licensed under ODbL v1.0. Any derivative nutritional database based on Nourai remains subject to ODbL. Attribution to original contributors is available at openfoodfacts.org.

5.2 USDA Public Domain Notice

USDA FoodData Central data is a U.S. Government work in the public domain, free of copyright restrictions.

6. Data Storage & Security

6.1 Local Storage

• iOS: Authentication tokens stored in Apple Keychain (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly); local cache uses SwiftData
• Android: Authentication tokens stored in EncryptedSharedPreferences (AES-256-GCM); local cache uses Room

6.2 Cloud Infrastructure

• Database: PostgreSQL (with pgvector extension), hosted on Google Cloud SQL in us-east4
• Cache & sessions: Memorystore Redis in us-east4-b
• Object storage: Google Cloud Storage bucket nourai-photos in US-EAST4
• Application hosting: Google Cloud Run in us-east4
• AI processing: Google Vertex AI (global endpoint)
• Diagnostics: Sentry (United States)

Encryption in Transit: All client-server communication uses HTTPS with TLS 1.3.

6.3 Security Measures

• Passwords: Argon2id hashing with random salts
• Authentication: Short-lived JWT access tokens + refresh token rotation
• Refresh tokens: Stored as SHA-256 hashes in our database
• API security: Rate limiting, JWT authentication, parameterized SQL queries
• Image security: EXIF metadata is stripped from uploaded photos
• Least privilege: Service accounts granted only necessary permissions

No system is 100% secure. Please keep your account password confidential.

7. Data Retention

Account Deletion

You may delete your account at any time via Settings → Delete Account.

Upon deletion request:

1. We immediately cascade-delete your personal data from our production database (profile, entries, photos, chat history, achievements, memories)
2. We make best-effort deletion of your objects from Google Cloud Storage
3. Backups: Deleted data remains in automated backups for up to 90 days, after which it is overwritten by backup rotation
4. Legal holds: Certain minimal data may be retained longer if required by law, fraud prevention, or accounting obligations

8. Your Rights

8.1 GDPR Rights (EEA & UK Residents)

Response Time: We will respond to verified requests within 30 days. We may extend this period by 60 days for complex requests, in which case we will notify you.

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA / CPRA:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information: Disable Health Sync and Emotional Insights
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise CCPA rights, email [email protected].

Do Not Sell or Share My Personal Information: Nourai does not sell personal information and does not share personal information for cross-context behavioral advertising. If you still want to submit a "Do Not Sell or Share My Personal Information" request, email [email protected] with that phrase in the subject line.

8.3 Other Jurisdictions

If you are located in a jurisdiction with additional privacy rights (e.g., Brazil LGPD, Canada PIPEDA, South Korea PIPA, China PIPL), please contact [email protected].

For Canadian users, Nourai aims to provide meaningful consent by describing optional AI photo, label, voice, Health Sync, and Emotional Insights processing before or at the time you choose those features. You can decline optional features and still use core manual logging features.

9. Children's Privacy

Nourai is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Age Gate: During registration, users must confirm they are 13 years of age or older. If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

10. Tracking, Advertising & Data Sales

• No Cookies (App): The Nourai mobile App does not use cookies.
• No Advertising Trackers: We do not use Facebook Pixel, Google Analytics for Firebase Ads, AppsFlyer, Branch.io, or any other cross-app advertising tracking SDK.
• No Data Sales: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.
• AppTrackingTransparency: We do not use Apple's AppTrackingTransparency framework.

Our website (nourai.app) may use essential cookies for functionality. We do not use third-party analytics cookies on our website.

11. International Data Transfers

• Primary Processing: Our backend, database, cache, and object storage are hosted on Google Cloud in us-east4 / US-EAST4.
• AI Processing: Google Vertex AI uses the global endpoint; your data may be processed in data centers worldwide.
• Diagnostics: Sentry processes data in the United States.
• Cross-Border Safeguards: We rely on Standard Contractual Clauses (SCCs) and Google's GDPR-compliant data processing terms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• In-App notification banners
• Email notification (for material changes)
• Updating the "Last Reviewed" date at the top of this document

Your continued use of Nourai after any changes constitutes acceptance of the updated Policy.

13. Contact Us