Privacy Policy

How the Nourish app collects, uses, and protects your information.

Effective date: May 12, 2026

This Privacy Policy explains how the mobile application “Nourish” (hereinafter referred to as the “App,” “we,” “our,” or “us”) collects, uses, stores, and protects your information. By using the App, you consent to the practices described in this Privacy Policy.

1. Introduction and Scope

1.1. Purpose: This Privacy Policy describes how we handle information when you use the Nourish mobile application, which is designed to support eating disorder recovery through journaling, self-care tools, reminders, and related features.

1.2. Applicability: This policy applies to all users of the App, regardless of your location or the device you use to access the App.

1.3. Legal basis: Where the GDPR or similar laws apply, we rely on consent and contract (providing the App), legitimate interests (for example App availability checks, abuse prevention, and product improvement that does not override your rights), and legal obligation where applicable.

2. Information We Collect

2.1 Information you provide or create (stored primarily on your device)

The App stores most operational data locally on your device using Hive and related storage under your app documents directory. Depending on how you use the App, this can include:

  • Profile and onboarding data: display name, gender, year of birth (if you provide it), situation (for example recovery context you select), allergens you record, and eating-disorder–related categories you choose in onboarding.
  • Journal and recovery-related content: meals and feelings you log, notes, optional photos attached to entries, optional voice memos, sliders and scores you enter, and similar fields you choose to save.
  • Self-care and other in-app content: text and optional images you add in guided exercises.
  • App settings: for example language preferences (SharedPreferences).

Sensitive nature: much of this information is health-related or otherwise sensitive. It remains on your device unless you explicitly submit certain items to us (see 2.2) or export/share data yourself.

2.2 Information processed on our servers (Appwrite)

We use Appwrite (backend-as-a-service) hosted at our API endpoint (api.nourish-app.com) for limited online features:

  • Availability check: on launch, the App may call a lightweight ping to confirm the backend is reachable. This may generate standard server logs (which can include IP address and timestamp) similar to any HTTPS request.
  • Feedback feature: when you choose to send in-app feedback, we create a row in our Appwrite database containing:
    • your rating, free-text message, category, and trigger identifiers you selected;
    • app version and build number;
    • a device summary (for example OS version and device model string) to help us reproduce issues;
    • a timestamp.

We do not use the Appwrite Account API for sign-in in the current product build: there is no user account or password stored on our servers for routine App use.

2.3 Information collected automatically (device / network)

  • Connectivity checks: the App periodically checks internet reachability (for example via DNS resolution of api.nourish-app.com). This does not upload your journal contents; it only infers connected/disconnected state for the UI and feedback submission.
  • Local logging: development and production builds may emit logs on the device (for example debugPrint / logger output). We do not operate a third-party crash analytics or product-analytics SDK (such as Firebase Analytics or Amplitude) in the codebase this Policy is aligned with. If we add one, we will update this Policy and store disclosures before enabling it.

2.4 Information we do not intentionally collect in the current version

  • No third-party advertising ID or ad-personalisation SDK is integrated in the App version described here.
  • No precise GPS / continuous location: the App does not request location permissions for tracking; any references to “location” in code are for routing/navigation within the App UI, not geolocation of the user.
  • No social graph: the App does not offer user-to-user messaging or public profiles shared between strangers.

3. How We Use Your Information

3.1 Primary App functionality

  • Core services: rendering your profile, journal, reminders, self-care flows, and statistics from on-device storage.
  • Notifications: scheduling local notifications you configure (Android may show POST_NOTIFICATIONS; audio recording uses the microphone only when you record a voice memo).
  • Optional media: saving photos you pick for journal or self-care entries (via the system picker; the implementation uses the photo library path by default in the shared image utility).

3.2 App improvement and development

  • Feedback you submit helps us understand bugs and feature requests.
  • We may derive aggregated, non-identifying statistics internally from support traffic or server logs.

3.3 Communication and support

  • User support: responding when you email us or submit feedback through the App.
  • Important updates: notifying you about material changes to this Policy or the EULA via the App or app-store release notes.
  • Compliance: meeting legal obligations.
  • Security: protecting against abuse and securing our backend infrastructure.

4. Data Sharing and Disclosure

4.1 We do not sell your data

We will not sell, rent, or trade your personal information to third parties for their independent marketing purposes.

4.2 Limited sharing circumstances

We may share information only as follows:

Processors (service providers): Appwrite B.V. (or its successors) processes feedback payloads and metadata we send to our Appwrite project, under our configuration, for hosting and database APIs. Their terms and security documentation apply at the infrastructure layer.

Legal requirements: when required by law, court order, or lawful government request.

Safety: to protect the rights, safety, or property of users, the public, or ourselves.

Business transfers: in a merger or acquisition, with continuity protections for personal data where required by law.

4.3 Data processing expectations

We contractually or by standard platform terms require processors to handle personal data only for defined purposes.

4.4 Advertising

The current version of the App does not display third-party advertisements and does not integrate ad SDKs for behavioural targeting. If that changes, we will update this Policy and obtain any required consents before enabling advertising.

5. Data Security and Protection

5.1 Security measures

  • In transit: communication between the App and api.nourish-app.com uses HTTPS (TLS). The App is configured to use the Appwrite client with TLS to that endpoint.
  • On device: data is stored in the application sandbox provided by iOS/Android. We do not apply a separate application-level encryption layer to Hive files in the open-source snapshot this Policy reflects; you should use a device passcode and full-disk encryption features of your OS for physical security.
  • On server: feedback records are stored in our Appwrite project; security practices follow Appwrite’s and our hosting configuration.

5.2 Data breach response

If we become aware of a breach affecting personal data we hold on our systems, we will notify affected users and supervisory authorities as required by applicable law (including GDPR timelines where they apply). Purely local data on your phone is primarily protected by your device security; loss of the device or uninstalling the App without backups can permanently delete that data.

6. Data Retention and Deletion

6.1 Retention periods (high level)

  • On-device profile, journal, and media files: retained until you delete them in the App, clear storage, or uninstall the App.
  • Feedback submissions on Appwrite: retained as long as necessary to review, improve the product, and meet legal or evidentiary needs, then deleted or anonymised unless a longer period is required by law.
  • Support emails: retained only as long as needed to resolve your request and for ordinary business / tax record-keeping where applicable.

6.2 Data deletion and export

  • You can delete individual journal entries or profile fields inside the App where the UI allows it.
  • Uninstalling the App typically removes local Hive data; export or copy anything important first.
  • For data we hold on servers (for example a feedback row tied to your message), contact privacy@litfinger.com to request deletion, subject to legal exceptions.

7. Your Privacy Rights

7.1 Access and control

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object, and data portability regarding personal data we process as a controller (for example feedback content and server logs).

Because most journal and profile data stays on your device, you can often fulfil access and deletion directly in the App or by uninstalling.

Where we rely on consent (for example optional notifications or microphone use), you may withdraw it through system settings or by discontinuing the feature.

7.3 Exercise your rights

Contact privacy@litfinger.com. We aim to respond within 30 days unless applicable law requires a shorter period.

8. International Data Transfers

8.1 Cross-border processing

Appwrite Cloud regions and subprocessors may process data outside your country. Where GDPR applies, we use appropriate safeguards (such as Standard Contractual Clauses) as required and described in processor documentation.

8.2 Compliance with local laws

We aim to comply with applicable privacy laws, including the GDPR (EEA/UK) where relevant. Specific U.S. state consumer privacy laws may apply depending on our processing; we will update this section if our U.S. processing expands materially.

9. Children’s Privacy

9.1 Age restrictions

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by applicable law (including COPPA where it applies).

9.2 Teens and parents

If you are 13–17, use the App with the involvement of a parent or guardian where your local law expects it. Parents may contact privacy@litfinger.com to request deletion of information their child submitted to our servers (for example feedback). Local journal data is controlled by whoever holds the device passcode.

9.3 Expanded child-safety language (if you add ads or social features)

The current App build has no behavioural advertising and no user-to-user social feed. If you later add certified ad networks or social features, copy the detailed COPPA / teen-advertising subsections from your historical policy or from LitFinger’s legal counsel template, and update Google Play / App Store “Data safety” and age rating questionnaires accordingly.

10. Changes to This Privacy Policy

10.1 Policy updates

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or App features.

10.2 Notification of changes

  • Material changes: we will notify you through the App and/or app store release notes, and seek consent where required.
  • Effective date: changes take effect on the date stated at the top of the updated Policy.
  • Continued use: continued use after notice may constitute acceptance where permitted by law.

11. Contact Information

11.1 Privacy inquiries

For questions about this Privacy Policy or to exercise your privacy rights, contact us:

Email: privacy@litfinger.com
Address: Budilova 161/15, Plzeň, 301 00, Czech Republic
Phone: Not applicable
Data Protection Officer: Not applicable — for privacy inquiries, please contact privacy@litfinger.com

Controller: LitFinger Studio s.r.o., Czech Republic.

11.2 Response time

We will respond to privacy-related inquiries within 30 days, unless applicable law requires a shorter period.

11.3 Supervisory authority

If you believe we have not addressed your concerns adequately, you may contact your local data protection authority.

12. Additional Information

12.1 Third-party services

The App may open websites (for example legal documents at nourish-app.com) or system apps (mail, share sheet). Their privacy policies govern those services.

12.2 Cookies and similar technologies

Nourish is primarily a native mobile application. Our marketing website may use cookies or analytics as described on that site’s own policy.

12.3 Do Not Track

“Do Not Track” browser signals do not apply inside the native App in the same way as on websites. We do not run cross-app behavioural ad networks in the current build.

By using the Nourish App, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of information as described herein, to the extent consent is legally required.

Last updated: May 12, 2026