← Back to Nuvobee

Privacy Policy

Effective 2 June 2026 · Version 1.2

The short version. Your health profile lives on your phone — not on our servers. The only time data leaves your device is when you actively ask Nuvobee to analyse a menu or dish, and even then we only send what's needed for that single request. No accounts. No tracking. No selling.

1. Who we are

Nuvobee is operated by Shailendra Singh Shekhawat, an individual based in Jaipur, India. You can reach us at hello@nuvobee.com. This policy explains what data Nuvobee collects, where it goes, and what choices you have.

2. What we collect — and what we don't

Kept on your device — not on our servers

  • Health profile: the conditions, allergies, medications, dietary goals, age range, sex, height, weight, activity level, family medical history, food triggers, and any other context you choose to enter.
  • App preferences: things like which onboarding you've seen, your subscription tier, last waiter card.
  • Photos you take inside Nuvobee (menus, blood tests) — held briefly in memory long enough to send the analysis request, then discarded. We don't save them on our servers.

All of the above lives in your browser's local storage on the device you're using. Clearing browser data, switching devices, or uninstalling deletes it. We do not back any of it up.

What we don't collect

  • We don't ask for your name, email, or phone number.
  • We don't require an account.
  • We don't track you across other sites.
  • We don't use advertising cookies or marketing pixels.
  • We don't set up persistent analytics on individuals.

What we may collect at a server level

When you send a menu or dish to be analysed, our server receives the API request. Standard web server logs may include the request timestamp, the request size, and a generic country-level location inferred from IP — used only for diagnostics, abuse prevention, and capacity planning. These logs are kept for at most 30 days and are not linked to your identity.

3. Third-party processors

Anthropic (Claude API)

Nuvobee uses the Anthropic Claude API to read menus and generate personalised picks. When you ask for an analysis, we send:

  • Your health profile fields (the ones you filled in).
  • The text or photo of the menu / dish / blood test you submitted.

We do not send your name, email, device ID, or any identifier that ties the request to you personally. Per Anthropic's API terms in force at the time of writing, Anthropic does not use API inputs or outputs to train models. Read their privacy policy for the full picture.

App store / payment platform

Subscriptions (Lifetime, Yearly, Weekly) are processed by your device's app store or our payment processor. They collect the information needed to take payment under their own privacy policy. We receive a subscription receipt only — never your card details.

Hosting

Our web app and API are hosted on Vercel. Vercel handles the traffic and stores standard server logs as described above. See Vercel's privacy policy.

4. Why we process your data

  • To give you the picks you asked for — this is the core service.
  • To keep the service running and safe — basic diagnostics, rate limiting, abuse prevention.
  • To honour our contract with you — including subscription billing.

We rely on your consent (when you set up your profile and submit a menu) and our legitimate interest in keeping the service safe and reliable.

5. Your rights

Because your profile lives on your device, you control it directly. You can:

  • Edit anything in the Profile section at any time.
  • Delete everything with the “Start fresh” button at the bottom of the Profile screen — or by clearing this site's data from your browser.
  • Cancel a subscription via your device's app store / subscription settings.
  • Request information about server-side data tied to your account (subscription status only — there is no profile data on our servers). Email us: hello@nuvobee.com.

Under GDPR (if you're in the EU/EEA), CCPA (if you're in California), or similar laws, you may also have the right to access, correct, port, restrict processing of, or object to the processing of your personal data. Because almost everything is on your device, most of these are exercised by you locally — for the rest, email us and we'll respond within 30 days.

6. Data retention

  • On-device data: kept until you delete it or uninstall.
  • Menu / dish photos in transit: processed during the request and not stored after the response is sent.
  • Server logs: up to 30 days, then deleted.
  • Subscription receipts: kept for as long as legally required for tax and accounting (typically up to 10 years depending on jurisdiction).

7. Children

Nuvobee is not directed at children under 13 (or 16 in the EU). We don't knowingly collect personal data from children. If you believe a child has used Nuvobee without parental consent, contact us and we'll help remove any associated data.

8. International transfers

Our hosting providers and Anthropic operate servers in multiple countries, which may include the United States. Where we transfer data outside the EU/EEA, we rely on the European Commission's standard contractual clauses or equivalent safeguards. The only data ever transferred is the contents of an analysis request — your on-device profile never travels to our servers as a whole.

9. Security

We use TLS for all data in transit. Because your profile lives only on your device, the strongest privacy protection is your own device's lock screen. We recommend keeping your phone secured with a passcode, biometric, or password.

10. Changes to this policy

If we change this policy in a meaningful way, we'll update the effective date above and notify you in the app before the change takes effect. For minor edits (typos, clarifications) we may make the change without notice.

11. Contact

Anything privacy-related, including data requests: hello@nuvobee.com.