Privacy Policy for "Nourish"

Effective Date: November 1, 2025

This Privacy Policy explains how the mobile application "Nourish" (hereinafter referred to as the "App," "we," "our," or "us") collects, uses, stores, and protects your personal information. By using the App, you consent to the collection and use of information in accordance with this Privacy Policy.

1. Introduction and Scope

1.1. Purpose: This Privacy Policy describes how we handle your personal information when you use the Nourish mobile application, which is designed to support eating disorder recovery.

1.2. Applicability: This policy applies to all users of the App, regardless of your location or the device you use to access the App.

1.3. Legal Basis: We process your personal data based on your consent, legitimate interests, and legal obligations.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Name, email address, password, and profile details
• Health-Related Data: Dietary records, meal tracking, emotional notes, recovery progress, eating patterns, and wellness goals
• User Content: Comments, journal entries, photos (if applicable), and other content you create within the App
• Communication Data: Messages, feedback, and support requests you send to us

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information
• Usage Analytics: App usage patterns, features accessed, time spent in different sections, and interaction data
• Technical Data: IP address, app crash reports, performance data, and diagnostic information
• Location Data: General location information (city/country level only, if you grant permission)

2.3 Third-Party Information

• Analytics Services: We may receive aggregated, anonymized data from third-party analytics providers
• Social Features: If you choose to connect with other users, we may collect information about those connections
• Advertising Data: If the App displays advertisements, we may collect limited data for ad delivery and measurement (age-appropriate only)

3. How We Use Your Information

3.1 Primary App Functionality

• Core Services: Providing and maintaining the App's core features and functionality
• Personalization: Customizing your experience, recommendations, and content based on your preferences and usage patterns
• Recovery Support: Using your health-related data to provide personalized recovery support features

3.2 App Improvement and Development

• Analytics: Analyzing usage patterns to improve app performance and user experience
• Feature Development: Developing new features and improving existing ones based on user feedback and usage data
• Quality Assurance: Identifying and fixing bugs, crashes, and performance issues

3.3 Communication and Support

• User Support: Responding to your questions, feedback, and support requests
• Important Updates: Notifying you about app updates, security issues, or changes to our terms
• Educational Content: Providing relevant recovery resources and educational materials

3.4 Legal and Security

• Compliance: Meeting legal obligations and regulatory requirements
• Security: Protecting against fraud, abuse, and security threats
• Dispute Resolution: Resolving disputes and enforcing our terms of service

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Limited Sharing Circumstances

We may share your information only in the following limited circumstances:

Service Providers: With trusted third-party service providers who assist us in:

• Hosting and infrastructure services
• Analytics and crash reporting
• Customer support tools
• Payment processing (if applicable)

Legal Requirements: When required by law, court order, or government request

Safety and Security: To protect the safety, rights, or property of our users, the public, or ourselves

Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate privacy protections)

4.3 Data Processing Agreements

All third-party service providers are bound by strict data processing agreements and may only use your data for specified purposes.

4.4 Advertising and Child Safety

Age-Appropriate Advertising: Any advertisements displayed in the App are:

• Appropriate for users aged 13 and older
• Served only through Google Play certified ad networks or by us directly
• Free from inappropriate content, violence, or harmful messaging
• Compliant with COPPA and other child protection regulations

No Behavioral Targeting for Children: We do not use behavioral advertising techniques for users under 16 years of age.

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit and at rest using strong encryption protocols
• Access Controls: Strict access controls limit who can access your personal information
• Regular Audits: We regularly review and update our security practices
• Incident Response: We have procedures in place to respond to security incidents

5.2 Data Breach Response

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Take immediate steps to contain and remediate the breach
• Provide guidance on protective measures users can take

6. Data Retention and Deletion

6.1 Retention Periods

• Account Data: Retained while your account is active and for a reasonable period after deactivation
• Health Data: Retained for the duration of your account and for up to 7 years for legal compliance
• Usage Analytics: Aggregated and anonymized after 2 years
• Communication Data: Retained for 3 years for support and legal purposes

6.2 Data Deletion

• Account Deletion: You can request complete deletion of your account and associated data
• Data Export: You can request a copy of all your personal data before deletion
• Processing Time: Deletion requests are processed within 30 days

7. Your Privacy Rights

7.1 Access and Control

You have the right to:

• Access: View all personal information we hold about you
• Correction: Update or correct inaccurate information
• Portability: Receive a copy of your data in a portable format
• Deletion: Request deletion of your personal information
• Restriction: Limit how we process your data

7.2 Consent Management

• Withdraw Consent: You can withdraw your consent to data processing at any time
• Marketing Preferences: Control how we communicate with you
• Data Processing: Object to certain types of data processing

7.3 Exercise Your Rights

To exercise any of these rights, contact us using the information provided in Section 10.

8. International Data Transfers

8.1 Cross-Border Processing

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers.

8.2 Compliance with Local Laws

We comply with applicable data protection laws in all jurisdictions where we operate, including:

• GDPR (European Union)
• CCPA (California, USA)
• LGPD (Brazil)
• PIPEDA (Canada)
• Other applicable privacy laws

9. Children's Privacy and COPPA Compliance

9.1 Age Restrictions and Target Audience

The App is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent as required by the Children's Online Privacy Protection Act (COPPA).

9.2 COPPA Compliance for Users 13-15

For users between the ages of 13 and 15:

• We collect only the minimum necessary information to provide our services
• We do not share personal information with third parties for marketing purposes
• We implement additional privacy protections for this age group
• Parents may request access to, correction of, or deletion of their child's information

9.3 Parental Consent and Supervision

• Users 13-15: May use the App with parental knowledge and supervision
• Users under 13: Must have verifiable parental consent before using the App
• Parental Rights: Parents can review, modify, or delete their child's information at any time
• Contact for Parents: Parents can contact us using the information in Section 11 to exercise their rights

9.4 Child-Safe Content and Advertising

• Content Appropriateness: All content in the App is designed to be appropriate for users aged 13 and older
• Advertising Standards: Any advertisements displayed are appropriate for children and comply with COPPA requirements
• Certified Ad Networks: We only use Google Play certified ad networks or serve our own appropriate advertisements
• No Behavioral Advertising: We do not engage in behavioral advertising targeted at users under 16

10. Changes to This Privacy Policy

10.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New legal requirements
• App feature updates
• User feedback and improvements

10.2 Notification of Changes

• Material Changes: We will notify you of material changes through the App or email
• Effective Date: Changes become effective on the date specified in the updated policy
• Continued Use: Your continued use of the App after changes constitutes acceptance

11. Contact Information

11.1 Privacy Inquiries

11.2 Response Time

We will respond to all privacy-related inquiries within 30 days.

11.3 Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you may contact your local data protection authority.

12. Additional Information

12.1 Third-Party Services

The App may contain links to third-party websites or services. We are not responsible for their privacy practices.

12.2 Cookies and Tracking

We use cookies and similar technologies to improve app functionality and user experience. You can control these settings in your device preferences.

12.3 Do Not Track

We respect "Do Not Track" signals and do not track users across third-party websites.