Privacy Policy

Effective date: May 21, 2026

Noms ("the app", "we", "us") is an iOS app that scans your own camera roll to find food photos and map the restaurants you've visited. This policy explains what data the app collects, why, and what we do with it.

If you have any questions, contact us at shivani.desai102@gmail.com.

What we collect

When you use Noms, the following information may be collected:

• Photos and photo metadata. When you grant photo library access, the app reads your photos to identify food images and the GPS coordinates and timestamps stored in their metadata. Small compressed thumbnails (300×300, JPEG) of photos you choose to publish are uploaded to our storage so your map survives app reinstalls. We do not upload your full-resolution photos.
• Precise location. Photo GPS coordinates (from the photo's EXIF data) are used to match each photo to a restaurant. The device's current location is also used to center the map on your area.
• Account information. When you sign in with Apple or Google, we receive your email address and (optionally) your name. You can edit your display name and profile in the app.
• App content you create. Place ratings, visit history, and any notes you write about visits.
• A user identifier (generated by Supabase) used to associate your data with your account.

We do not collect health data, contacts, financial data, browsing history, or device advertising identifiers. The app does not track you across other apps or websites.

Why we collect it

All data is used solely to make the app work:

• Matching photos to restaurants and building your personal food map.
• Letting you publish, edit, and re-view your ratings and notes.
• Letting you share ratings with friends you follow inside the app.
• Authenticating you so your data stays tied to your account.

We do not sell your data, share it with advertisers, or use it for advertising.

Who we share it with

The app relies on the following third-party services to function. Each receives only the data needed to provide their service:

• Supabase — hosts our database, authentication, and storage. Your account, ratings, visit history, and photo thumbnails are stored here. See https://supabase.com/privacy.
• Apple (Sign in with Apple) — used for authentication. See https://www.apple.com/legal/privacy/.
• Google (Sign-In, Places API) — Google Sign-In handles authentication when you choose it. The Google Places API is queried with place coordinates and search text to match photos to restaurants; no personal identifiers are sent. See https://policies.google.com/privacy.
• Mapbox — provides the map tiles displayed in the app. Mapbox may receive your IP address and the map area you view. See https://www.mapbox.com/legal/privacy.

We do not share your data with anyone else.

Where data is stored

Account data, ratings, visit history, and photo thumbnails are stored in Supabase, which operates from data centers managed by their cloud providers. We do not run our own servers.

Your original photos remain on your device — the app stores only a reference (PHAsset.localIdentifier) and a small thumbnail.

How long we keep it

• Data tied to your account is kept until you delete it or your account.
• If you delete a visit or rating in the app, it's removed from our database.
• If you delete your account (see below), all of your data is removed.

Your rights

You can:

• See what's stored — your ratings, visits, and notes are all visible in the app's profile screen.
• Edit or delete individual entries — directly in the app.
• Delete your account and all associated data — open the app, go to your profile, and tap Delete account. This removes your account and all data tied to it from our servers. If you'd prefer, you can also email us at shivani.desai102@gmail.com and we'll do it for you.
• Revoke photo or location permission — at any time in iOS Settings → Noms. The app will stop reading new photos or location data; existing data on the server is unaffected until you ask for deletion.

Children

Noms is not directed at children under 13. If you believe a child under 13 has created an account, contact us and we'll remove the data.

Security

Data in transit between the app and Supabase is encrypted via HTTPS. Authentication tokens are stored in the iOS Keychain. We rely on Supabase's row-level security to ensure each user can only access their own data.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you by email.

Changes to this policy

If we change this policy, we'll update the effective date at the top and post the new version at the same URL. Material changes will be communicated in the app or via email.

Contact

Questions, requests, or concerns: shivani.desai102@gmail.com.

Terms & Conditions →