Skip to main content
Nourlinourli

Privacy Policy

How we protect your privacy and handle your data

Last updated: February 27, 2026

Key Points

  • We never store your food photos - processed in memory only
  • Your data is encrypted using industry-standard security
  • Access, export, or delete all your data at any time
  • We never sell your personal information
  • EU and California residents have additional protections

1.Our Commitment to Privacy

At Nourli, we are committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, use, and protect your data when you use our service.

2.Data Controller

The data controller responsible for your personal data is:

Martynas Gintalas

Individual Activity Registration No. 1484354

Vilnius, Lithuania

Email: privacy@nourli.health

The supervisory authority for data protection in Lithuania is the State Data Protection Inspectorate (Valstybine duomenu apsaugos inspekcija, VDAI). You have the right to lodge a complaint with the VDAI or with the supervisory authority in your country of residence.

3.Zero Photo Retention Policy

We do not store your food photos.

When you upload or take a photo of your food:

  • Photos are processed in memory only for AI analysis
  • Images are immediately deleted after analysis is complete
  • No photos are saved to our servers or databases
  • Only the extracted nutrition data is stored in your account

4.Information We Collect

Account Information

  • Email address (for account creation and communication)
  • Profile information (age, height, weight, activity level - provided when setting nutrition goals)
  • Nutrition goals and preferences

Usage Data

  • Food entries and nutrition data you manually input or that we extract from photos
  • App usage analytics (anonymous and aggregated)
  • Device information and IP address

5.How We Use Your Information

  • To provide and improve our AI-powered nutrition analysis
  • To track your progress and provide personalized recommendations
  • To communicate with you about your account and our service
  • To provide customer support
  • To improve our service through anonymous analytics

6.Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for all data transmission
  • Secure cloud infrastructure with regular security audits
  • Access controls and authentication protocols
  • Regular security updates and monitoring

7.Your Rights

You have the right to:

  • Access your personal data
  • Correct or update your information
  • Delete your account and all associated data
  • Export your nutrition data
  • Opt out of marketing communications

8.Data Retention

  • Account data: Retained for the life of your account
  • Nutrition data: Retained until you delete your account
  • Photos: Never stored (processed and immediately deleted)
  • Analytics data: Anonymous and aggregated, retained for service improvement

9.For European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

  • Contract: To provide our nutrition tracking service as agreed in our Terms of Service
  • Legitimate Interest: To improve our service, prevent fraud, and ensure security
  • Consent: For optional marketing communications (you may withdraw consent at any time)

International Data Transfers

Your data is transferred to and processed by US-based services: OpenAI (AI analysis), Supabase (data storage), RevenueCat (subscriptions), Sentry (error monitoring), and Vercel (hosting). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Automated Decision-Making

Nourli uses AI to estimate nutritional values from food photos and to generate personalized nutrition recommendations. These are estimates and general wellness suggestions, not medical decisions. No access to the service is restricted based on automated processing. You may contact us at privacy@nourli.health with questions about how AI is used.

Your Additional Rights

  • Right to data portability (receive your data in a structured format)
  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to not be subject to solely automated decisions with legal or significant effects
  • Right to lodge a complaint with your local data protection authority

10.For California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights.

Categories of Personal Information Collected

  • Identifiers (email address, IP address, device ID)
  • Personal information (name, physical characteristics for nutrition calculations)
  • Internet activity (app usage, browsing history within the app)
  • Geolocation data (timezone only, for accurate date tracking)

We Do Not Sell Your Personal Information

Nourli does not sell, rent, or share your personal information with third parties for their direct marketing purposes. We do not participate in data broker activities.

Your California Privacy Rights

  • Right to know what personal information is collected
  • Right to delete your personal information
  • Right to opt-out of sale or sharing (we do not sell your data)
  • Right to non-discrimination for exercising your rights
  • Right to correct inaccurate personal information

How to Exercise Your Rights

To submit a request, email us at privacy@nourli.health. We will respond within 45 days. You may also delete your account directly in the app under Settings.

11.Third-Party Services

Nourli is the data controller for your personal data. The following services process data on our behalf or as part of service delivery:

OpenAI (AI provider)

Powers our AI food analysis and nutrition coach.

  • Food analysis: Food photos and text descriptions are sent to OpenAI for nutritional estimation. Photos are not stored by Nourli and are discarded after analysis.
  • Nutrition coach: Your nutrition logs, goals, dietary preferences, and chat messages are sent to provide personalized coaching responses.
  • Data use: API data is not used for model training. OpenAI may retain API inputs for up to 30 days for safety monitoring.

Supabase (data processor)

Stores all account data, nutrition logs, and handles authentication on our behalf. Data is encrypted at rest and in transit.

RevenueCat (data processor)

Manages subscription state using your account identifier. No health or nutrition data is shared with RevenueCat.

Stripe (payment processor, via RevenueCat)

Processes web payments through RevenueCat. Nourli never receives or stores payment card details.

Sentry (data processor)

Receives error reports for app stability monitoring. Health data and personal identifiers are actively scrubbed before transmission.

Vercel (hosting provider)

Hosts the web application and collects anonymous page view and performance metrics. No cookies are set and no personal data is collected by Vercel Analytics.

12.Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the updated policy on this page
  • Sending you an email notification
  • Displaying a notice in the app

Changes are effective immediately upon posting.

Questions About Your Privacy?

We're committed to transparency and protecting your privacy

Contact Privacy Team

privacy@nourli.health