Privacy Policy

Last updated: April 5, 2026

Nōra ("we", "us", "the app") is a meal-prep planning application. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

• Account information: Email address and encrypted password when you sign up. If you use Google or Apple Sign-In, we receive your email and display name from the provider.
• Profile preferences: Dietary needs, meal count, prep time, and style preferences you select in the app. These are stored locally on your device and in our database when you are signed in.
• Meal plans: AI-generated meal plans are saved to your account so you can access them later.
• Usage data: We do not use any analytics or tracking SDKs. We do not collect device identifiers, location, or browsing history.

2. How We Use Your Data

• To generate personalized meal plans based on your preferences.
• To save and display your meal plans across sessions.
• To authenticate your account.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

• Supabase (supabase.com): Hosts our authentication and database. Your email and meal plan data are stored on Supabase servers in the EU. Supabase Privacy Policy.
• OpenRouter / AI providers: Your dietary preferences (not your email) are sent to AI language models to generate meal plans. No personally identifiable information is included in AI requests.
• Google Fonts: The app loads the "Outfit" typeface from Google Fonts. Google may log standard HTTP request data (IP address). Google Privacy Policy.

4. Data Storage & Security

Account data is stored in a Supabase PostgreSQL database with row-level security. Passwords are hashed using bcrypt. All network traffic uses HTTPS/TLS encryption. Local preferences are stored in your browser's localStorage.

5. Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the right to:

• Access your data - visible in your Profile.
• Rectify inaccurate data - update your preferences at any time.
• Delete your account and all associated data - use the "Delete account" button in your Profile, or email us.
• Export your data - contact us and we will provide your data in a machine-readable format.

6. Data Retention

We retain your data as long as your account is active. When you delete your account, all personal data and meal plans are permanently removed within 30 days.

7. Children's Privacy

Nōra is not intended for children under 16. We do not knowingly collect data from minors.

8. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes.

9. Contact

For privacy-related questions, contact us at: [email protected]