Nourical

Legal

Privacy Policy

Last updated: May 12, 2026

At Nourical, your health data is not a product. It is a trust. This Privacy Policy explains clearly and honestly what information we collect, why we collect it, how we use it, and the rights you have over every piece of data you share with us.

By using Nourical, you agree to the practices described in this policy. If anything here is unclear, you can reach us directly at info@nourical.com.

Who We Are

Nourical is a personal nutrition and health intelligence platform operated by Nourical Technologies Ltd. When this policy refers to "Nourical," "we," "us," or "our," it means the company and the team responsible for building and maintaining the app and its services.

If you have questions about this policy or how your data is handled, contact us at:
Email: info@nourical.com
Address: 503 Tekarra Drive NW, T3R 2G4

Regulatory Scope and Commitments

Nourical is committed to handling personal data in line with applicable privacy laws, including EU GDPR, UK GDPR, and applicable US privacy laws. We apply privacy-by-design practices and only process data needed to provide and secure the service.

Data We Collect

We only collect data that helps us provide you with a better, more personalised health experience. We do not collect data for the sake of it.

Data you give us directly

  • Account information: your name, email address, and password when you create an account.
  • Health profile: age, sex, height, weight, body measurements, health goals, and activity level.
  • Health conditions: conditions you voluntarily disclose, such as diabetes or hypertension.
  • Food logs: every meal, snack, and drink you record in the app.
  • Health records: weight, blood pressure, blood glucose, sleep, step count, and related biometrics.
  • Meal plans: plans you create manually or generate with AI assistance.
  • Lab results: if you choose to upload medical documents under our Premium plan.
  • Communications: messages you send to support or within the AI coach interface.

Data we collect automatically

  • Device information: device type, operating system, app version, and unique device identifiers.
  • Usage data: feature usage, app opens, interaction patterns, and session duration.
  • Crash and performance data: error logs used to identify and fix technical issues.
  • IP address and approximate location: used for account security and region-appropriate content.

Data from third parties

  • If you sign in with Google or Apple, we receive your name and email address only.
  • If you connect Apple Health, Google Fit, Fitbit, or Garmin, we receive only the metrics you explicitly authorise.

Sensitive Health Data

We treat health information with a higher standard of care than ordinary personal data. This includes health conditions, food logs, biometric records, lab results, and related physical health data.

We will never:

  • Sell your health data to advertisers, insurers, employers, or any third party.
  • Share your health data with pharmaceutical companies or research institutions without explicit, separate consent.
  • Use your health data to make automated decisions with legal or similarly significant effects without human oversight.

We only share health data with service providers processing data on our behalf under strict contracts, with you when you request export, and with authorities only when legally required and limited to what is necessary.

HIPAA Notice: Nourical applies strong safeguards for health-related data. For consumer app use, Nourical does not automatically act as a HIPAA Covered Entity or Business Associate. Where HIPAA applies in an enterprise context, PHI processing is governed by a separate written agreement, including a BAA where required.

Lawful Bases (EU/UK)

For users in the EU and UK, we process personal data under lawful bases including contract performance, legitimate interests, legal obligations, and consent where required. Where consent is used, you may withdraw it at any time.

How We Store and Protect Your Data

  • Encryption at rest: AES-256.
  • Encryption in transit: TLS 1.3.
  • Access controls: authorised team access only, with logging and auditing.
  • Biometric lock support: Face ID or fingerprint protection on supported devices.
  • Regular security audits and periodic vulnerability testing.

No system is completely immune to risk. If a breach affects your personal information, we will notify you promptly and clearly.

Data Retention

We keep your data for as long as your account is active. If you delete your account, we permanently delete personal data within 30 days, except where law requires longer retention (for example, billing records retained for up to 7 years).

You can request a full export of your data at any time before deletion from account settings.

Cookies and Tracking

The Nourical mobile app does not use advertising cookies or third-party tracking pixels. We use limited first-party analytics to improve the product.

On our website, we use essential cookies (required) and analytics cookies (manageable in browser settings). We do not serve targeted advertising or share browsing behaviour with ad networks.

Third-Party Processing

If you connect Nourical to third-party services, those services have their own privacy policies. Nourical only receives data you explicitly authorise, and you can revoke access at any time in settings.

Children's Privacy

Nourical is not designed for or directed at children under 13, and we do not knowingly collect data from children under 13. If you believe a child created an account, contact info@nourical.com and we will promptly delete the account and associated data.

Your Rights

Depending on where you live, you may have rights to access, correction, deletion, portability, restriction, objection, and consent withdrawal.

For US residents in states with privacy laws (for example California and other states with similar frameworks), rights may include the right to know, access, correct, delete, and receive data portability, as well as the right to non-discrimination for exercising privacy rights.

To exercise your rights, email info@nourical.com or use data controls in account settings. We aim to respond within 30 days.

US State Privacy Disclosures

Nourical does not sell personal data and does not share personal data for cross-context behavioral advertising. If this changes, we will provide legally required notices and controls in advance.

Data Security

We apply appropriate security measures to prevent accidental loss, unauthorised access, alteration, disclosure, or misuse of personal data. Access is limited to employees, agents, contractors, and third parties with a legitimate business need and confidentiality obligations.

We maintain breach response procedures and will notify you and relevant regulators when legally required.

International Data Transfers

If you are outside the country where our servers are based, your data may be transferred internationally. When this happens, we implement safeguards including standard contractual clauses approved by relevant data protection authorities.

Changes to This Privacy Policy

We may update this policy as the product evolves or laws change. For material changes, we will notify you in-app or by email at least 14 days before they take effect. The effective date will always be shown at the top of this page.

We will not silently change how we use your health data. If we want to use your data in a new way not covered by this policy, we will request explicit consent first.

Contact Us

If you have questions, concerns, or requests related to privacy:
Email: info@nourical.com
Response time: Within 2 business days

If you feel your concerns have not been adequately addressed, you have the right to lodge a complaint with the relevant data protection authority in your country.