Privacy Policy

1. Who We Are

NourishNest is a product of First Bites Digital L.L.C. ("Company," "we," "us," or "our"). We operate the NourishNest mobile application and the website at nourishnest.app.

If you have questions about this policy, contact us at hello@nourishnest.app.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash — never in plain text).

Baby Profile Information

To generate personalized meal plans, we collect information you provide about your child, including:

• Date of birth (used to calculate age-appropriate food recommendations)
• Known food allergies and intolerances
• Dietary preferences or restrictions
• Feeding stage and texture preferences

Usage Data

We automatically collect certain usage information when you use the app, including:

• Device type, operating system, and app version
• Features accessed and screens viewed
• Crash logs and performance data
• IP address and general geographic region

Payment Information

Subscription payments are processed by Apple (iOS) or Google (Android) through their in-app purchase systems. We do not receive or store your credit card or payment details. We receive only a subscription status confirmation.

3. How We Use Your Information

We use the information we collect to:

• Generate personalized, age-appropriate meal plans and food safety recommendations
• Monitor for FDA food recalls and alert you to relevant recalls based on your meal plans
• Track allergen introduction history
• Provide partner/caregiver sharing features
• Send transactional emails (account confirmation, security alerts)
• Improve the app's features and fix bugs
• Comply with legal obligations

We do not use your data for advertising, sell it to third parties, or use it to train AI models without explicit consent.

4. Children's Privacy (COPPA)

NourishNest is designed for parents and caregivers — not for use by children under 13 directly. We collect information about infants and young children only as provided by their parents or guardians to power the app's meal planning features.

We do not knowingly allow children under 13 to create accounts. If you believe a child under 13 has created an account without parental consent, please contact us immediately at hello@nourishnest.app and we will delete the account.

Child profile data (age, allergies, feeding stage) is used exclusively to provide the service and is never shared with third parties for commercial purposes.

5. Data Sharing

We share your data only in the following limited circumstances:

• Service Providers: We use Supabase for database hosting (encrypted at rest), Google (Gemini API) for AI meal plan generation, and PostHog for anonymous analytics. These providers process data only on our behalf and under strict data processing agreements.
• Partner Sharing: If you invite a caregiver, they receive read-only access to the meal plans and food diary you choose to share. You can revoke access at any time.
• Legal Requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.
• Business Transfers: In the event of a merger or acquisition, user data may be transferred. We will notify you in advance.

6. Data Security

We use industry-standard security measures to protect your data:

• TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Row-Level Security (RLS) enforcing that users can only access their own data
• Bcrypt password hashing — we never store plaintext passwords
• JWT-based authentication with short-lived tokens
• Automated leaked password detection

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please email us at hello@nourishnest.app.

7. Your Rights & Choices

Depending on your location, you may have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct inaccurate information via the app settings
• Deletion: Delete your account and all associated data at any time from Settings → Account → Delete Account
• Portability: Request an export of your data in a machine-readable format
• Opt-out: Disable analytics tracking in app settings at any time

To exercise any of these rights, email hello@nourishnest.app. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

Anonymized, aggregated usage data (with no personally identifiable information) may be retained indefinitely for product improvement purposes.

9. Cookies & Tracking

The NourishNest website uses minimal tracking:

• PostHog Analytics: Collects anonymous usage data to improve the website. No personal data is linked to analytics events unless you are logged in.
• No third-party advertising cookies are used on our site or in our app.

10. International Users

NourishNest is operated from the United States. If you access the service from outside the U.S., your data will be processed and stored in the U.S. By using NourishNest, you consent to this transfer.

For EU/EEA users: We comply with GDPR requirements. Our legal basis for processing is your consent (given at account creation) and the performance of our contract with you (providing the service).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent in-app notice at least 14 days before the changes take effect. Your continued use of the service after that date constitutes your acceptance of the updated policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

• 📧 Email: hello@nourishnest.app
• 🏢 First Bites Digital L.L.C., United States