Privacy Policy

Last updated · 22 April 2026

This policy explains what Nouri ("we," "us") collects when you use the Nouri mobile app (the "App"), why we collect it, and your choices. We try to collect as little as possible and to say so in plain English.

The short version We store your account email, your dietary preferences, and the products you scan. We send label photos to Google's Gemini AI to analyse them — they are not retained by us after analysis. We don't sell your data, and we don't serve ads.

§ 01Who we are

Nouri is operated by Brian Chan (the "Operator"), an independent developer. The Operator can be contacted at brianchan97hk@gmail.com.

§ 02What we collect

When you use Nouri we collect the following categories of information:

Account data. The email address associated with your Google or Apple sign-in. We do not see or store your password.
Profile data. The allergens and dietary preferences you select during onboarding (e.g., "peanuts," "vegan," "low sugar"). You can edit or clear this anytime.
Scan data. When you scan a product, we send the photo of the label to Google's Gemini API for analysis. The resulting structured data — product name, ingredients, macronutrient profile, allergens — is stored in your account so the pantry and history features work. The image itself is not retained by us after processing.
Pantry and history. Products you scan, the date you scanned them, and any expiry dates you assign. Stored locally on your device and synced to our database for your account.
Subscription status. If you subscribe to Nouri Plus, we receive a signal from RevenueCat indicating your subscription tier and renewal status. Payment itself is processed by Google Play or Apple; we never see card or bank details.
Technical data. Minimal diagnostic information used to keep the App running — app version, platform, anonymous crash reports. No advertising identifiers.

§ 03How we use it

To operate the core features of the App — scanning, personalised analysis, pantry tracking.
To enforce free-tier scan limits and deliver subscription benefits.
To fix bugs and improve the App using aggregated, non-identifying diagnostics.
To contact you about the App (e.g., a critical service announcement) using the email tied to your account.

We do not use your data for advertising, we do not sell it to third parties, and we do not use your scans to train models beyond the one-shot analysis call needed to return a result to you.

§ 04Third parties who process your data

Nouri is built on a small set of trusted services. Each of them has its own privacy policy covering how they handle data we share with them:

Supabase — authentication and database storage. supabase.com/privacy
Google Gemini API — the AI model that reads your scanned labels. ai.google.dev
RevenueCat — subscription management. revenuecat.com/privacy
Google Sign-In / Apple Sign-In — authentication providers.
Google Play / Apple App Store — payment and subscription billing.

§ 05Where your data is stored

Data is stored on servers operated by Supabase and its infrastructure providers, primarily in the United States and the European Union. By using Nouri, you consent to your data being processed in those jurisdictions.

§ 06How long we keep it

Label photos: not retained by us after analysis. Gemini's retention follows Google's own policy — see their terms linked above.
Account, profile, pantry and history: kept for as long as your account is active.
Deleted data: removed from our primary systems within 30 days of account deletion, and from backups within 90 days.

§ 07Your rights

You can:

Edit your dietary profile and delete pantry items from inside the App at any time.
Request a copy of the data we hold about you.
Delete your account and all associated data from inside the app (Profile → § Danger zone → Delete account), or by emailing brianchan97hk@gmail.com. Full details at delete-account.

If you are a resident of the EEA, UK, or California, you also have rights under GDPR and the CCPA including the right to object to processing and the right to lodge a complaint with a supervisory authority.

§ 08Children

Nouri is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us with data, email us and we will delete it.

§ 09Security

We use industry-standard measures to protect your data — encrypted connections (HTTPS/TLS), secure device storage via Expo SecureStore, and row-level access control on our database. No system is perfectly secure; if we discover a breach that affects you we will notify you promptly.

§ 10Changes to this policy

We may update this policy as the App evolves. Material changes will be announced in-App and the "Last updated" date at the top will reflect the most recent revision.

§ 11Contact

Questions, requests, or complaints: brianchan97hk@gmail.com.

This policy is provided in good faith but is not a substitute for legal advice. If you rely on this template for a published product, have a lawyer in your jurisdiction review it.