Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account and using the Service. This includes your email address, authentication credentials, and any health or dietary data you choose to submit for diet plan generation.

We also collect usage data automatically, including device information, IP address, browser type, pages visited, and interaction patterns. This data helps us improve the Service and diagnose technical issues.

2. How We Use Your Information

We use your information to: (a) provide, maintain, and improve the Service; (b) generate personalized diet and nutrition plans; (c) process payments and manage subscriptions; (d) communicate with you about your account, updates, and support; (e) detect and prevent fraud, abuse, or security incidents.

We do not sell your personal information to third parties. We do not use your health data for advertising purposes.

3. Data Storage and Security

Your data is stored on secure servers hosted by Amazon Web Services (AWS) in the United States. We employ industry-standard security measures including encryption in transit (TLS) and at rest (AES-256), access controls, and regular security audits.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is completely secure. You acknowledge that you provide your information at your own risk.

4. Third-Party Services

We use the following third-party services to operate the platform:

• Stripe — payment processing. Subject to Stripe's privacy policy.
• Resend — transactional email delivery. Processes your email address.
• Apple, Google, Microsoft — OAuth authentication. Receives only the data necessary for sign-in.
• Amazon Web Services — cloud infrastructure and data storage.

Each third-party service operates under its own privacy policy. We encourage you to review their policies independently.

5. Cookies and Tracking

We use essential cookies to maintain your authentication session. These cookies are HttpOnly and secure — they cannot be accessed by client-side scripts. We do not use advertising cookies or third-party tracking pixels.

We may use anonymous analytics to understand aggregate usage patterns. This data does not identify individual users.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or necessary to resolve disputes.

Anonymized and aggregated data that cannot identify you may be retained indefinitely for research and service improvement purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict certain processing activities; (e) request a portable copy of your data.

To exercise any of these rights, contact us at privacy@notblossom.com. We will respond to requests within 30 days.

8. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@notblossom.com.