Privacy Policy – NomNomNow

NomNomNow (the “App”) helps you find quick meal ideas from the ingredients you have. We keep it simple: no ads, minimal data, and clear control.

Important

Recipe ideas are for general information only — not medical or nutritional advice.
AI suggestions can be inaccurate or incomplete; always check allergens and on-pack instructions.
See our Terms of Use for details and limitations.

Highlights

We do not collect your name or email in-app and we don’t use an advertising ID.
Ingredients/filters you type are used only to generate recipes and are not stored long-term.
We use trusted providers for infrastructure, recipe generation, integrity checks, and (future) purchases.
No data sales. Short retention windows. Opt-in notifications.

Summary

Purposes: generate recipes, prevent abuse, manage entitlements, optional notifications.
Legal bases: contract (provide the service), legitimate interests (security/fraud prevention), consent (notifications).
Processors: Cloudflare (hosting/caching), Google (Generative Language & Play Integrity), RevenueCat (purchases), Firebase Remote Config (text variants).
Retention: technical tokens and caches are kept for a short time (minutes to about a day) and then removed.
Children: the App is not directed to children under 13.

What data do we process?

Data you provide

Ingredients and filters (e.g., “pasta”, “vegetarian”) to generate recipes.
Language (EN/NL) to localize content.

App & device data

App User ID (for purchases): an anonymous identifier used by our purchase provider to determine your tier.
Device ID: a random ID stored securely on your device to help manage sessions/authentication.
Integrity/attestation tokens: short-lived tokens used to verify that requests come from a genuine device/app.
Notification preferences: on/off and chosen times; stored on your device.
Remote Config: we fetch text snippets for notifications; no analytics is enabled.

Technical data on requests

IP address and user-agent are received by our infrastructure as part of normal HTTPS traffic and may be used for security and rate-limiting.

We do not use the advertising ID, do not collect contact info in-app, and do not collect precise location.

Why do we process this data?

Generate recipes: your ingredients/filters are sent to our backend and to our AI provider to return JSON recipes.
Purchases: our purchase provider manages (future) in-app purchases and entitlement status.
Security & abuse prevention: integrity checks help block modified apps, bots, and fraud.
Notifications: only if you enable them; schedules are stored locally on your device.

Who do we share data with?

Party	Purpose	Data (summary)
Cloudflare	Hosting, delivery, short functional caching	Standard traffic metadata (IP/user-agent) and short-term functional keys/counters
Google – Generative Language	Recipe generation	Ingredients/filters plus system prompts required to generate recipes
Google – Play Integrity	App/device verification	Short-lived integrity/attestation tokens
RevenueCat	Purchases/entitlements	Anonymous app user identifier and entitlement status
Firebase Remote Config	Notification text variants	Configuration values (no analytics)

We do not share data with advertisers and we do not sell personal data.

Retention periods

Item	Period	Notes
Integrity/nonces/challenges	A few minutes	Used to verify single requests; removed shortly after.
Security/verification verdicts	Under 30 minutes	Cached briefly to improve performance.
Entitlement cache	About 1 hour	Temporary status cache (free/pro/ultimate).
Daily quota counters	One calendar day	Counter only; not used for profiling.
Recipe requests/responses	Not persisted	Processed transiently to generate recipes.

Legal bases (GDPR)

Contract: to provide core app functionality and recipe suggestions.
Legitimate interests: security, fraud prevention, and service reliability.
Consent: push notifications (you can enable/disable them at any time).

Your rights

Depending on your region, you may have rights to access, correct, delete, restrict, and port your data. You can make requests via the email below. Because we store very little, requests typically cover:

Checking your (anonymous) purchase identifier and entitlement status.
Deleting short-term caches where applicable.

You can disable notifications at any time in the App or in your device settings.

Data deletion

You can request deletion of your data at any time. Email nomnomnowapp@gmail.com with:

Your App User ID (from the app’s purchase provider screen, if available).
Your Device ID (if accessible in the app; optional but helpful).

We’ll process your request within 30 days. As we store very little, deletion usually means removing short-term caches (entitlement, quota, integrity verdicts) and initiating removal at our processors where applicable.

Children

The App is not directed to children under 13. We do not knowingly collect data from children.

Security

Transport encryption (HTTPS) between the App and our backend/providers.
Short-lived tokens and minimal retention for functional data.
Secure on-device storage for the Device ID.

No method is 100% secure, but we reduce risk by minimizing data and retention.

International data transfers

Our providers operate internationally (including the EU and the US). Where relevant, we rely on appropriate safeguards under applicable privacy laws.

Device permissions used

INTERNET – API traffic.
POST_NOTIFICATIONS – optional push notifications (opt-in).
RECEIVE_BOOT_COMPLETED – reschedule notification alarms after reboot/update.
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS (optional) – to improve delivery reliability on Android.

Changes to this policy

We may update this policy. The date at the top shows the latest change. For material updates, we may notify you in the App or via the Store listing.

Contact

Questions or privacy requests? Email us at nomnomnowapp@gmail.com.

Controller
NomNom Labs