Privacy Policy — NoRestNest

This policy explains what data NoRestNest (“the App”, “we”) collects, why, who we share it with, how long we keep it, and the rights you have under EU/UK GDPR. By using the App you accept this policy. If you don’t agree, don’t use the App.

1. Summary

2. Who we are

The App is developed and published by a sole developer established in the EU, acting as the Data Controller under GDPR.

Developer / Data Controller	TODO_LEGAL_ENTITY_NAME
Registered address	TODO_REGISTERED_ADDRESS
VAT / company number	TODO_VAT_NUMBER
Privacy contact	privacy@norestnest.com
Data Protection Officer	Not appointed — the App does not meet GDPR Art. 37 thresholds. The contact above is the single point of contact for data-protection enquiries.

3. What data we collect and why

Items marked local-only never leave your device unless you opt into cloud sync.

3.1 Account & identity

• Email address, display name and a unique user ID when you register with email and password or sign in with Google or Apple.
• An anonymous user ID if you use the App without signing in. Anonymous users can’t use cloud sync, the AI program builder, food-photo recognition, label scanning or food search.
• The time you created your account (used to enforce the 30-day free trial) and the time you last signed in.
• A pending-deletion flag if you ask us to delete your account (§7).

Legal basis: Art. 6(1)(b) GDPR — performance of the contract to provide the App.

3.2 Your fitness data

Everything you log inside the App:

• Workout programs, exercises, sessions, sets, reps, weights, RPE, personal records.
• Body measurements (weight, custom measurements you define).
• Food, water and meal-prep logs.
• Progress photos and videos. Photos are compressed on your device and location metadata (EXIF GPS) is removed before upload.
• Per-program statistics used to draw the charts.

Legal basis: Art. 6(1)(b).

3.3 Settings & preferences (synced if signed in)

Theme, accent colour, unit system, gender setting, height, calorie target, macro percentages, water goals and other UI preferences.

Legal basis: Art. 6(1)(b).

3.4 Subscription, trial and fair-use counters

• Your current subscription status, product, expiry date, original purchase date and platform (Apple / Google).
• A copy of your subscription state from RevenueCat (our subscription processor).
• Free-trial state (computed from when you created your account).
• Per-user counters tracking how many times you’ve used AI features and food searches in the current hour, day and month. These exist to keep the App sustainable and protect against runaway costs.

Legal basis: Art. 6(1)(b) and Art. 6(1)(f) — our legitimate interest in protecting the App from abuse.

3.5 Crash and diagnostic reports

• Anonymous crash reports (stack traces, device model, OS version, App version, anonymous installation ID).
• Anonymous usage events (screen views, key feature taps, standard SDK events like first_open).
• You can turn both off at the OS level (Android: Settings → Google → Ads; iOS: Settings → Privacy → Tracking) — we’ll respect it.

Legal basis: Art. 6(1)(f) — improving stability and quality.

3.6 Camera and photo-library access

The App asks for camera access when you scan barcodes, scan nutrition labels, take meal photos or take progress photos. It asks for photo-library access when you pick existing photos. We never access either in the background and never upload anything you didn’t select.

3.7 Account-deletion audit log

When you request deletion we keep a short audit row (request time, your email at that moment, optional reason text, scheduled execution time, final outcome) so we can prove the deletion happened. The row contains no other personal data and is kept for our own legal records after the account itself is gone.

Legal basis: Art. 6(1)(c) — record-keeping obligation; Art. 6(1)(f) — protection against fraudulent deletion claims.

3.8 What we do NOT collect

• Your location (no precise or coarse location).
• Contacts, calendar, SMS, call logs, microphone audio.
• Any advertising or attribution identifiers.
• We do not run automated decision-making with legal effect on you (Art. 22 GDPR).
• We do not profile you for marketing.

4. Where your data lives

On your device. Most data is stored locally first. When you’re offline the App keeps working from this local copy.

In the cloud. Data is mirrored to our cloud only if both: (a) you’re signed in with a non-anonymous account, and (b) you have Pro or active trial. Otherwise it stays on your device.

When the cloud copy exists, it lives on Google Firebase servers in the United States (Iowa region). Verification and password-reset emails are sent through our own mail server, which is located in the EU.

5. Who we share data with

The following companies help us run the App. Each receives only what it needs.

5.1 Google (cloud backend, sign-in, payments, AI)

Google operates our entire cloud backend through Firebase and Google Cloud — the user account system (Firebase Authentication), the database that holds your synced data (Cloud Firestore), the storage for your photos and videos (Cloud Storage), the serverless functions that run our food-photo recognition, our nutrition-label scanner, our food searches and our AI program builder (Cloud Functions), the static pages that host our deep-link verification files (Firebase Hosting), and the anonymous crash + analytics reporting (Crashlytics, Analytics). The AI features rely on Google Cloud Vision and Google Gemini — when you trigger Snap meal, Pick photo or Scan label, the image is uploaded for that single request and is not retained for training. Google Sign-In and Google Play Billing handle authentication and Android purchases.

Google privacy: policies.google.com/privacy

5.2 Apple

On iOS, Apple provides Sign in with Apple (optional authentication) and StoreKit (in-app purchases).

Apple privacy: apple.com/legal/privacy

5.3 RevenueCat, Inc.

Manages your subscription state across Apple, Google and our backend. We send RevenueCat your user ID; it tells us about purchase events.

RevenueCat privacy: revenuecat.com/privacy

5.4 Anthropic, PBC

Powers the AI program builder. When you generate a program, your inputs (goals, equipment, days per week, free-text answers — never your full account data, photos or sync content) are sent to Anthropic’s Claude API for processing. Anthropic’s commercial terms exclude API inputs and outputs from model training by default.

Anthropic privacy: anthropic.com/legal/privacy

5.5 Akamai Technologies, Inc. (Linode brand)

Hosts the virtual machine that runs our mail server in an EU data centre. When we send you a verification email or a password-reset email, your email address and the message pass through this server on the way to your inbox. Delivery logs are kept for short-term debugging and rotated within 4 weeks.

Akamai privacy: akamai.com/legal/privacy-and-policies

5.6 USDA FoodData Central

When you search for a food, your search query (no identity, no personal data) is forwarded to the USDA’s public food database.

5.7 Open Food Facts

When you scan a product barcode, the barcode value (no identity) is sent to Open Food Facts to look up the product.

5.8 No other SDKs

There are no advertising SDKs, no attribution or install-tracking SDKs, no social-network SDKs and no analytics other than Firebase Crashlytics and Firebase Analytics.

6. International transfers

If you’re in the EU/EEA, your cloud data is processed by Google in the United States. Google self-certifies under the EU–US Data Privacy Framework, which is an EU adequacy decision under Art. 45 GDPR. Where the Framework does not apply, EU Standard Contractual Clauses (Art. 46 GDPR) apply via Google’s Data Processing Addendum. The same Standard Contractual Clauses apply to RevenueCat and Anthropic (both US-based).

Our outgoing email server stays inside the EU — no Art. 44 transfer is involved for that leg.

7. Account deletion and data retention

You can delete your account at any time inside the App: Profile → Account actions → Delete Account. When you do:

1. Your account is marked for deletion and the recovery page opens. Other devices are signed out.
2. Google Play subscription: automatically cancelled. You keep Pro through your current paid period; it won’t auto-renew.
3. Apple App Store subscription: Apple does not let third-party apps cancel server-side. The App opens a one-tap link to Settings → Apple ID → Subscriptions where you complete the cancellation yourself.
4. A 30-day grace period starts. You can cancel deletion on the recovery page during this time. Cancelling deletion does NOT restore a cancelled Play subscription — you’d need to re-subscribe.
5. Or you can choose Delete now to skip the grace period and delete immediately.
6. After 30 days (or immediately, if Delete now), we hard-delete your account: every cloud document, every cloud file, your RevenueCat customer record and any referral code that lists you as inviter.
7. We keep the short audit row described in §3.7.

If you uninstall the App without using Delete Account, your cloud data stays until you sign back in and request deletion.

We retain:

• Anonymous, aggregated analytics events for as long as Firebase Analytics retains them (default 14 months). No UID, no email, no IP.
• Tax/accounting records related to subscription purchases — kept as long as required by EU and national accounting law (typically 7–10 years). No workout, photo or nutrition data.

8. Your rights under GDPR

You have the right to:

• Access the data we hold about you (Art. 15).
• Correct inaccurate data (Art. 16).
• Delete your account and data (Art. 17 — see §7).
• Restrict or object to processing based on legitimate interest, such as analytics and crash reports (Art. 18 / 21).
• Receive a copy of your data in a structured, machine-readable format (Art. 20).
• Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect prior processing.
• Complain to your local data-protection supervisory authority. EU contact list: edpb.europa.eu/board-members.

To exercise any of these rights, write to privacy@norestnest.com. We respond within one month (Art. 12(3) GDPR).

9. Children

NoRestNest is not intended for children under 13 (or under 16 in jurisdictions where 16 is the digital-consent age). If you’re a parent or guardian and believe your child has provided us with personal data, contact us so we can delete it.

10. Security

• All traffic between the App and our backend is encrypted with HTTPS / TLS.
• Cloud data is encrypted in transit and at rest by our cloud provider.
• Database rules restrict your data to your account — nobody else can read or write it.
• Verification and password-reset email links are one-time-use and expire automatically (3 days for verification, 1 hour for password reset).
• Outbound email from noreply@norestnest.com is signed with industry-standard authentication so your mail client can confirm it really came from us.
• We use rate limits on AI features to bound the impact of a compromised account.

No system is perfectly secure. If a personal-data breach happens that is likely to affect your rights, we’ll notify you and the relevant supervisory authority without undue delay (Art. 33 / 34 GDPR).

11. Permissions requested

Permission	Why	Optional?
Camera	Barcode scanning, label scanning, meal/progress photos	Yes — denying disables those flows
Photo library	Pick existing meal/progress photos	Yes
Internet	Cloud sync, authentication, in-app purchases	Required for cloud features
Notifications	Not used today; if added later we’ll request explicit consent	n/a

We never request location, microphone, contacts, calendar or background camera access.

12. Contact

13. Changes to this policy

We may update this Privacy Policy as the App evolves. Material changes are highlighted by an in-app notice on next launch. The “Last updated” date at the top always reflects the current version. Continued use after a change becomes effective constitutes acceptance.

---

© 2026 NoRestNest. All rights reserved.