Privacy Policy | NourishNest

1. Introduction

NourishNest ("we," "our," or "us") operates the NourishNest mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting the privacy of our users and their children. By using NourishNest, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Category	Examples	Purpose
Account Data	Name, email address, password	Account creation, authentication, communications
Child Data	Child's name (alias allowed), birth month/year	Age-appropriate food safety recommendations
Dietary Preferences	Dietary style, allergies, breastfeeding status	Personalized meal planning, allergen tracking
Usage Data	Meal plans saved, recipes viewed, grocery lists	Providing and improving the Service
Marketing Data	Email address, waitlist signup source	Newsletters, product updates (with consent)

2.2 Information Collected Automatically

When you access our Service, we may automatically collect:

Device information: Device type, operating system, unique device identifiers
Log data: IP address, browser type, pages viewed, access times
Analytics data: App usage patterns, feature interaction, crash reports

2.3 Children's Privacy & COPPA Compliance

  🛡️ Important: NourishNest is designed exclusively for adults — parents, legal guardians, and authorized caregivers aged 18 and older. This Service is not directed to children under 13, and we do not knowingly collect personal information directly from children.

2.3.1 Age Attestation

By creating a NourishNest account, you represent and warrant that you are at least 18 years of age and are the parent, legal guardian, or authorized caregiver of any child whose information you provide to the Service. If we learn that an account has been created by a person under 18, we will terminate the account and delete all associated data promptly.

2.3.2 Parent-Provided Child Data

The only child-related data we collect is information voluntarily provided by the parent/guardian account holder:

Child's name: Aliases and nicknames are encouraged — a real name is not required
Birth month and year: Used solely to determine developmental feeding stage (we do not collect an exact date of birth)
Dietary restrictions/allergies: Used solely for allergen safety in meal plan generation

We practice data minimization — we do not collect photos, precise geolocation, social media identifiers, biometrics, or any other data about your child beyond what is listed above.

2.3.3 How Child Data Is Used

Child data is used exclusively to:

Generate age-appropriate, safe meal plans and food recommendations
Provide choking risk assessments and allergen introduction guidance based on developmental stage
Display age-gated food safety information within the app

Child data is never used for advertising, marketing, profiling, or any purpose unrelated to the core meal planning service.

2.3.4 Third-Party Sharing of Child Data

Child data is never shared with advertisers, data brokers, or any third parties for marketing purposes. Child data is only processed by our infrastructure provider (Supabase) under strict contractual data protection obligations, solely for the purpose of storing and delivering the Service.

2.3.5 Parental Rights

As a parent or guardian, you have the right to:

Review: View all data we hold about your child at any time within the app (Profile → Babies)
Modify: Update your child's name, birth date, or dietary information at any time
Delete: Remove any or all child profiles immediately via the app, or by emailing privacy@nourishnest.app
Revoke consent: Withdraw your consent for data collection at any time by deleting child profiles or your account

Upon deletion of a child profile, all associated data (name, birth date, allergen records, meal plan history linked to that child) is permanently and irreversibly removed from our systems within 24 hours.

2.3.6 Child Data Retention

Child data is retained only while the associated baby profile exists on an active account. When a baby profile is deleted or when the parent account is deleted, all child data is permanently removed immediately. We do not retain anonymized child data after deletion.

3. How We Use Your Information

We use collected information for the following purposes:

Service delivery: Generate personalized meal plans, food safety alerts, and grocery lists
Age-appropriate recommendations: Tailor content based on your child's age
Allergen tracking: Manage allergen introduction protocols safely
Communication: Send welcome emails, product updates, and safety information (with consent)
Service improvement: Analyze usage patterns to improve features and user experience
Safety & security: Detect and prevent fraud, abuse, or security incidents

4. How We Share Your Information

We do not sell your personal information. We may share data only with:

Service providers: Third-party services that help us operate (listed below)
Legal requirements: When required by law, subpoena, or legal process
Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

4.1 Third-Party Service Providers

Provider	Purpose	Data Shared
Supabase	Database, authentication, hosting	Account data, usage data
Resend	Email delivery	Email address, name
Cloudflare	Website hosting, CDN	IP address, request data
Expo/EAS	App distribution, updates	Device identifiers

Each provider is contractually obligated to protect your data and use it only for the stated purposes.

5. Data Retention

We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

Active accounts: Data retained while your account is active
Deleted accounts: Personal data deleted immediately upon account deletion request. Anonymized analytics data may be retained.
Marketing data: Retained until unsubscribe request or account deletion
Audit logs: Deletion request records retained for 90 days for compliance purposes

6. Your Privacy Rights

6.1 All Users

Regardless of where you live, you have the right to:

Access: Request a copy of all personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request permanent deletion of your account and all associated data
Data portability: Export your data in a machine-readable format (JSON)
Opt-out: Unsubscribe from marketing communications at any time

You can exercise these rights directly in the app (Profile → Privacy) or by emailing privacy@nourishnest.app.

6.2 GDPR Rights (EU/EEA/UK Residents)

Under the General Data Protection Regulation, you additionally have the right to:

Restrict processing of your personal data
Object to processing based on legitimate interests
Withdraw consent at any time (without affecting lawfulness of prior processing)
Lodge a complaint with your local data protection authority

Legal basis for processing: We process your data based on (a) contract performance (providing the Service), (b) consent (marketing emails), and (c) legitimate interests (service improvement, security).

6.3 CCPA/CPRA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

Know: What personal information we collect, use, and disclose
Delete: Request deletion of your personal information
Opt-out of sale: We do not sell personal information
Non-discrimination: We will not discriminate against you for exercising your rights

To submit a verifiable consumer request, email privacy@nourishnest.app or use the in-app deletion feature.

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit (TLS/HTTPS) and at rest
Row-Level Security (RLS) on all database tables
JWT-based authentication with secure token handling
Regular security audits and vulnerability assessments

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

Our website may use essential cookies for functionality. We do not use third-party tracking cookies or advertising pixels. The NourishNest mobile app does not use cookies.

9. International Data Transfers

Your data may be processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes affecting your rights, we will provide notice via email or in-app notification.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

Email: privacy@nourishnest.app
In-app: Profile → Privacy
Web: nourishnest.app