Privacy Policy

Nom Nom Calories

1. Overview

Nom Nom Calories ("the App") is a calorie and macro tracking application built for Android. Your privacy is important to us. This policy explains what data the App collects, how it is used, and your rights regarding that data.

2. Data That Stays on Your Device

The App stores all personal user data locally on your device using Android's native storage. Your food diary, nutrition targets, and fasting records never leave your device. The following data is stored only on your device:

Food diary entries — meal names, quantities, timestamps, calories, protein, carbs, and fat values.
Nutrition targets — your daily calorie and macro goals.
Fasting records — start times, target durations, and completion status.
Streak data — daily logging streak calculations derived from your food diary.
App preferences — water reminder settings, fasting target hours, selected AI model and provider.
Groq API key — stored in Android's encrypted secure storage (KeyStore). The key never leaves your device except when sent directly to Groq's API for food analysis.
Anonymous device identifier — a randomly generated UUID created on first launch, used solely to identify your device across analytics, error reporting, and feature flag services. This ID contains no personally identifiable information.

Android cloud backup is disabled for this App (allowBackup=false), so your data is not backed up to Google's servers.

3. Third-Party Services

The App uses the following third-party services:

a) Groq API — AI-Powered Nutritional Analysis

When you describe a meal, the text is sent to the Groq API for AI-powered nutritional analysis. The API returns estimated calorie and macro data. Your Groq API key (which you provide) is included in these requests for authentication. Groq's use of this data is governed by Groq's Privacy Policy.

b) PostHog — Product Analytics

The App uses PostHog for anonymous product analytics to help us understand how the App is used and improve it. PostHog is configured in privacy-first mode:

Automatic event capture, session recording, heatmaps, and automatic pageview tracking are all disabled.
Only three explicit events are tracked: app opened, API call success (includes AI model name, token count, and processing time), and API call failure (includes AI model name and error message).
You are identified only by the anonymous device UUID — no name, email, IP-based geolocation, or other personal data is collected.

PostHog's use of this data is governed by PostHog's Privacy Policy.

c) Sentry — Crash & Error Reporting

The App uses Sentry to detect and diagnose crashes and errors. This helps us fix bugs quickly. Sentry receives:

Error messages, stack traces, and device/OS metadata (e.g., Android version, device model).
The anonymous device UUID for grouping issues.

Groq API keys are automatically scrubbed from all Sentry data (breadcrumbs, request headers, exception values, and stack frame variables) before anything leaves your device. Sentry's use of this data is governed by Sentry's Privacy Policy.

d) ConfigCat — Feature Flags & Remote Configuration

The App uses ConfigCat for feature flags and remote configuration, allowing us to roll out new features gradually. ConfigCat receives only the anonymous device UUID for consistent flag evaluation. No personal data is sent. ConfigCat's use of this data is governed by ConfigCat's Privacy Policy.

4. Analytics Data Summary

The table below summarizes what anonymous data is collected and why:

Data	Purpose	Service
Anonymous device UUID	Unique device identity (no PII)	PostHog, Sentry, ConfigCat
App opened event	Usage frequency	PostHog
API call success/failure	AI feature reliability	PostHog
Crash reports & errors	Bug detection and fixes	Sentry
Feature flag evaluation	Staged feature rollouts	ConfigCat

No personally identifiable information (PII) is ever included in analytics or error reports.

5. Data We Do NOT Collect

We do not collect personal information (name, email, phone number) through the App.
We do not require account creation or sign-in.
We do not display advertisements or use advertising identifiers.
We do not track your location.
We do not access your camera, contacts, microphone, or files.
We do not sell, share, or rent your data to any third party.
We do not perform session recording, heatmap tracking, or automatic event capture.

6. Feedback & Bug Reports

If you choose to send feedback or report a bug through the App, a pre-filled email is opened in your device's email client using a mailto: link. The App itself does not collect or store your email address. Sending the email is entirely your choice and is handled by your email provider, not by us.

7. Permissions

The App requests the following Android permissions:

INTERNET — Required to send meal descriptions to the Groq API, fetch AI model lists, and communicate with analytics (PostHog), error reporting (Sentry), and feature flag (ConfigCat) services.
VIBRATE — Used for haptic feedback on user interactions.
POST_NOTIFICATIONS — Used for water reminders and fasting milestone notifications. You can deny or revoke this permission at any time.
SCHEDULE_EXACT_ALARM — Allows scheduling notifications at precise times for fasting milestones.
RECEIVE_BOOT_COMPLETED — Re-schedules pending notifications after a device restart.

8. Data Retention & Deletion

Your food diary, targets, fasting records, and preferences are stored locally on your device. You have full control:

Individual food entries can be deleted by swiping them in the diary.
All app data can be deleted by clearing the App's storage in Android Settings, or by uninstalling the App.
The anonymous device UUID is deleted when you clear storage or uninstall.

Anonymous analytics and error data that has already been sent to PostHog, Sentry, or ConfigCat is subject to those services' respective retention policies. Since this data contains no PII, it cannot be linked back to you once the device UUID is deleted.

9. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect data from children. If you believe a child under 13 has provided data through the App, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated date below. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy, you can reach us at: contact@nomnomcalories.com

Last updated: April 24, 2026