FeaturesAboutBlogPricingContactDownload App
← Back to Home

Privacy Policy

Last updated: March 2026

NourishAI (“we”, “our”, “us”) is based in Canon City, Colorado. This Privacy Policy explains how we collect, use, and protect your information when you use the NourishAI iOS app and website (nourishhealthai.com).

Our Privacy Philosophy

NourishAI is built with a local-first architecture. This means your nutrition data — food logs, macro tracking, body measurements, health information — is stored on your device, not on our servers. We designed it this way because your nutrition data is personal, and we believe you should own it completely.

Information We Collect

Device Information: We generate a unique device identifier (UUID) to manage your account and track AI scan usage. This identifier cannot be used to identify you personally. We do not collect your name, email, phone number, or personal contact information unless you voluntarily provide it via our contact form.

Food Photos for AI Analysis: When you use the AI photo scanning feature, your photo is sent to our server, forwarded to the Anthropic API for analysis, and immediately discarded. Photos are never stored, logged, cached, or used for training purposes. The entire process takes under 3 seconds.

Nutrition Data: Your food logs, macro data, daily nutrition totals, and health information are stored locally on your device using Apple's SwiftData framework. We have zero access to this data.

HealthKit Data: With your explicit permission, we read your weight, height, steps, and active energy from Apple Health, and write nutrition data (calories, protein, carbs, fat) back to Apple Health. HealthKit data is never sent to our servers, never shared with third parties, and never used for advertising — in compliance with Apple's HealthKit guidelines.

Subscription Data: Subscription status is managed through Apple's StoreKit 2. We verify subscription receipts server-side but do not store your payment method, credit card number, or Apple ID.

Usage Data: We track the number and type of AI scans performed (photo, text, barcode) per device for rate limiting purposes. We do not track what foods you scan or the results returned.

Website Analytics: We use Vercel Analytics and Speed Insights to understand website usage patterns. Analytics are consent-gated (you must opt in via our cookie banner) and collect only anonymized, aggregated data. No personal identifiers are tracked.

How We Use Your Information

  • To provide AI-powered food analysis when you request it
  • To enforce usage limits (free tier: 1 AI scan/week)
  • To verify subscription status and prevent abuse
  • To respond to contact form submissions
  • To improve our service quality and fix bugs

We do not use your information to: sell to third parties, serve targeted advertising, build user profiles, train AI models, or make automated decisions about you.

Data Storage & Security

Server-side data (device UUID, scan counts, subscription status) is stored in a secure PostgreSQL database hosted on Neon via Vercel's infrastructure. All data is encrypted in transit (HTTPS/TLS 1.3) and at rest. Our servers are located in the United States.

We implement the following security measures:

  • HTTPS with TLS 1.3 for all communications
  • Rate limiting on all API endpoints to prevent abuse
  • Input validation and sanitization on all user inputs
  • Content Security Policy (CSP) headers to prevent XSS
  • HSTS with 2-year max-age and preload
  • No storage of sensitive data (passwords hashed with PBKDF2)

Data Retention

Local data: Stored on your device indefinitely until you delete the app or clear app data.

Server-side data: Device registration and scan usage data is retained for as long as your account is active. Contact form submissions are retained for 2 years for customer service purposes.

Food photos: Never retained. Processed in real-time and immediately discarded.

Third-Party Services

  • Anthropic (Claude AI): Processes food photos for nutrition analysis. Photos are sent via API and not retained by Anthropic per their data processing terms. Anthropic Privacy Policy
  • OpenFoodFacts: Open-source barcode database for packaged food lookups. No personal data is shared. OpenFoodFacts Terms
  • Vercel: Website hosting, serverless functions, and analytics. Vercel Privacy Policy
  • Resend: Email delivery for contact form responses. Resend Privacy Policy
  • Apple: StoreKit 2 for subscription management, HealthKit for health data integration.
  • Neon: PostgreSQL database hosting. Neon Privacy Policy

Children's Privacy

NourishAI is not intended for children under 17. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the data we hold about your device
  • Deletion: Request deletion of all server-side data associated with your device
  • Portability: Your local nutrition data syncs to Apple Health, which supports data export
  • Opt-out: Decline analytics cookies via our consent banner

To exercise any of these rights, email support@nourishhealthai.com. We will respond within 30 days.

You can delete all local data by uninstalling the app. To request deletion of server-side data (device UUID, scan counts), contact us and we will process the request within 48 hours.

California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, email support@nourishhealthai.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website. Your continued use of NourishAI after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email support@nourishhealthai.com or visit our contact page.

NourishAI · Canon City, Colorado · USA