Privacy Policy

1. Who we are

Nivra ("Nivra," "we," "us," or "our") is an iOS application that helps you understand the nutritional quality of food products by scanning barcodes or taking photos. This Privacy Policy explains what data we collect, how we use it, and what rights you have.

If you have questions about this policy, contact us at hello@trynivra.app.

2. Information we collect

Information you provide directly

• Account information: your name and email address when you sign up, or an anonymous Apple ID token if you use Sign in with Apple.
• Preferences: your answers to the onboarding questions — age range, dietary goals, allergens, and whether you're shopping for kids. Used to personalize warnings and recommendations.
• Scan history: every product you scan, along with an optional flag for whether you actually ate it (your "eating quality" tracking).
• Chat messages: questions you ask our AI assistant about specific products.

Information collected automatically

• Device information: device model, iOS version, and a unique device identifier for crash-reporting purposes only.
• Usage information: which features you use and how often, so we can improve the app. Never tied to your identity in analytics.
• Crash reports: if the app crashes, we receive a stack trace via Sentry so we can fix the bug.

What we do NOT collect

• Your contacts, calendar, camera roll, or photos (beyond the specific photo you tap to scan).
• Your precise location or GPS data.
• Your browsing history outside the app.
• Financial information — all purchases go through Apple's App Store; we never see your card.
• Health data from Apple Health (unless you explicitly enable HealthKit integration in a future version).

3. How we use your information

We use the data we collect only to:

• Provide the core Nivra experience — scoring products, showing ingredient breakdowns, tracking your eating quality over time.
• Personalize warnings (for example, flagging allergens you selected during onboarding).
• Power the AI chat feature — your question + product context is sent to our AI provider (Anthropic) to generate a response.
• Fix crashes and improve the app.
• Respond to your support requests.

4. Third-party services we use

Nivra relies on a small number of vendors to operate. Each is bound by their own privacy policy and industry-standard data-protection agreements.

• Supabase — hosts our database and handles authentication. Your email, scan history, and preferences are stored there.
• Anthropic (Claude API) — powers our AI chat and ingredient analysis. We send the product name, ingredients text, and your question. Anthropic does not retain this data beyond processing per their API terms.
• Open Food Facts — a free, open food products database we query for barcode lookups. We send them the barcode only; they do not receive any user identifier.
• Sentry — crash reporting. Receives only anonymous crash stacktraces and device model information.
• Apple — handles authentication (Sign in with Apple), in-app purchases, and App Store distribution per Apple's own privacy policy.

5. How we store and protect your data

Your data is encrypted in transit (TLS 1.3) and at rest (AES-256). Supabase infrastructure runs on SOC 2 Type II certified providers. We use row-level security to ensure your data is only accessible by you.

No system is 100% secure. If we learn of a data breach that affects you, we will notify you within 72 hours as required by GDPR.

6. Your rights

Depending on where you live, you have the right to:

• Access — request a copy of all the data we hold about you.
• Correct — ask us to fix inaccurate data.
• Delete — request that we delete your account and all associated data. You can do this directly in the app (Account → Delete Account) or by emailing us.
• Export — download your scan history in a machine-readable format.
• Object — opt out of any specific data use.

GDPR (for users in the European Economic Area)

Our legal basis for processing your data is (a) contract performance — to provide the Nivra service you signed up for, (b) your consent for optional features like notifications, and (c) our legitimate interest in improving the app and preventing fraud.

CCPA (for California residents)

We do not sell your personal information as defined under the California Consumer Privacy Act. You have the right to know what data we collect, the right to delete it, and the right to non-discrimination for exercising these rights.

7. Children's privacy

Nivra is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has given us personal information, contact us at hello@trynivra.app and we'll delete it immediately.

Nivra includes an optional "Kid Safe Mode" for parents shopping for children — this is a content filter, not a separate account type. All data is still under the adult account holder.

8. Data retention

We keep your data only as long as your account is active. When you delete your account, all personal data is permanently removed from our database within 30 days. Backups are rotated every 90 days, after which deleted data is fully purged.

Anonymous crash reports and aggregate analytics may be retained indefinitely for product improvement, but these contain no personally identifiable information.

9. International data transfers

If you are located outside the United States, please be aware that your data will be transferred to and processed in the United States, where our servers are located. By using Nivra, you consent to this transfer.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app and update the "Last updated" date above. Continued use of Nivra after a change means you accept the updated policy.

11. How to contact us

Questions, requests, or concerns? Email us at hello@trynivra.app. We respond to all privacy requests within 30 days.