Privacy policy
Last updated: 27 June 2026
This page is maintained by the Plenibite team to answer common privacy and data-handling questions about the Plenibite app. It describes our current product practices and is not an independent audit or certification.
Our principle
Plenibite is built local-first. Your profile, meals and reminders are stored on your device. We only send data to our servers when it is strictly needed to deliver a feature you asked for — for example, syncing your account across devices or analysing a meal photo you submit.
What we store on your device
- Your profile (goals, preferences, restrictions)
- Logged meals and macro estimates
- Streaks and reminder settings
Data we collect (per user)
A complete map of what is tied to your account, what stays on your device, and what is only collected with your consent.
Account & identity (linked to your user ID)
- Profile — your user ID and basic profile fields.
- Authentication — email, hashed password or OAuth identity, last sign-in time (managed by our auth provider).
- Subscription — Stripe / RevenueCat IDs, plan, status, trial state, and billing period.
Health & behaviour (per-user logs)
- Meals — every logged meal: macros (calories, protein, carbs, fat), timestamp, and source (manual, photo, or recipe).
- Saved favorites — recipes and meals you favorited.
- Reminders — your meal reminder schedules and preferences.
- Daily AI usage — daily scan/AI counter used to enforce free-plan limits.
Communications
- Email send log & state — which emails were sent to you, delivery status, and timestamps.
- Unsubscribe tokens — per-email tokens that let you opt out.
- Suppression list — bounce and complaint records so we stop emailing addresses that failed.
- Feedback — in-app feedback you submit, tied to your account.
- Referral source — how you told us you found the app.
Stored only on your device
These never leave your device unless you choose to sync by signing in:
- Onboarding answers (local cache)
- Streak data, theme, cookie consent choice, and the "remember me" flag
Only with your consent
- Sentry — anonymized crash and error reports (analytics consent).
- Product analytics events — only dispatched when analytics consent is granted.
- Marketing attribution — only when marketing consent is granted.
What we do not track
- No third-party advertising or cross-site tracking.
- Meal photos are processed to estimate macros and are not retained afterwards.
- Card numbers never touch our servers — they are handled directly by Stripe.
What we send to our servers
- Meal photos you choose to analyse — sent to our AI provider to estimate macros. Under the provider terms we use, these inputs are not used to train their general models.
- Account email if you sign in, so we can sync your profile across devices.
- Payment details handled directly by Stripe if you upgrade to Plus. We never see your card number.
What we do not do
- We do not sell your data.
- We do not show third-party ads.
- We do not share your meals or health information with insurers or employers.
Your rights
You can edit your profile at any time from the Profile screen. You can permanently delete your account and all synced data directly in the app via Profile → "Delete account". You can also email us at info@nouri-app.com to request a copy of your data.
Data security & encryption
Data sent between your device and our servers is encrypted in transit using HTTPS/TLS. Data stored on our servers is encrypted at rest by our hosting and database providers. Security is a shared responsibility: we configure access controls, authentication and least-privilege roles in the app, while underlying infrastructure security is provided by our hosting platform.
Data retention
- Meal photos are processed for analysis and not retained after the macro estimate is returned.
- Synced profile and meal logs are kept while your account is active.
- When you delete your account, all associated data is removed within 30 days, except where we are legally required to keep records (e.g. payment receipts).
Third parties we use (subprocessors)
- Lovable Cloud / Supabase (EU) — account, authentication and data sync. DPA.
- Google Gemini & OpenAI — AI providers used to analyse meal photos and generate recipes. Inputs are not used to train their models.
- Stripe (Ireland) — payment processing for Plenibite Plus. Card data is handled directly by Stripe. DPA.
- Upstash (EU, Frankfurt) — rate-limiting cache; stores only a hashed user id and a counter. DPA.
- Sentry (EU, Frankfurt) — anonymised crash and error reporting; only loaded with your explicit consent. DPA.
Right of withdrawal (EU)
Plenibite Plus is a digital service. You have a 14-day right of withdrawal under EU Directive 2011/83/EU. When you start a paid subscription you may be asked to expressly request immediate delivery and acknowledge that you waive your right of withdrawal once the service has been fully performed. You can cancel anytime from Profile, and any cancellation made during the free trial is free of charge.
Children
Plenibite is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
Medical disclaimer
Plenibite provides general nutrition information and is not a replacement for medical or dietetic advice. Always consult your healthcare provider for medical questions.
Cookies & local storage
We use three categories of storage, controlled via the cookie banner:
- Necessary — sign-in session, theme and consent choice. Always on.
- Analytics — anonymous crash reports (Sentry). Off until you opt in.
- Marketing — attribution and campaign measurement. Off until you opt in.
You can change your choice anytime by clearing the consent in your browser; the banner will re-appear on next visit.
Data Protection contact
To exercise your rights (access, rectification, erasure, portability, restriction, objection) or to ask any data-protection question, email our Data Protection contact at info@nouri-app.com. We aim to reply within 7 days. You also have the right to lodge a complaint with your national data protection authority.
Contact
General questions? Reach us at info@nouri-app.com.