Nabcat LogoNabcatGet the app

Privacy Policy for Nabcat

Last Updated: March 23, 2026
Effective Date: March 23, 2026

1. Introduction

Welcome to Nabcat ("we," "our," or "us"). Nabcat is an AI-powered calorie and nutrition tracking application developed by Nabcat Studio, designed to help you achieve your health and fitness goals through intelligent food logging, personalized insights, and health data integration.

This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile application. We are committed to transparency — and because Nabcat uses anonymous authentication, we collect significantly less personal data than most apps.

By using Nabcat, you agree to the practices described in this Privacy Policy.

2. How Nabcat Identifies You

Nabcat does not ask you to create an account with an email address, phone number, or social login. When you first open the app, a random anonymous session ID is automatically generated using Supabase anonymous authentication. This ID:

  • Is a randomly generated UUID — it contains no personal information
  • Is not linked to your name, email, device serial number, or any other identifier
  • Persists across app launches so your subscription and preferences are preserved
  • Is the only identifier we use to associate your server-stored data with your app session

3. Information We Collect

3.1 Information You Optionally Provide

To personalize your experience, you may choose to provide the following in the app. None of this is required:

  • First name — used to address you in the AI chat
  • Health profile: age, gender, height, current weight, target weight, activity level, fitness goal, and dietary preference
  • Nutrition goals: daily calorie, protein, carbohydrate, and fat targets
  • Measurement preference: metric or imperial

This data is stored on our servers linked to your anonymous session ID. It is never linked to your real identity because we have no way of knowing who you are.

3.2 Food Photos and Voice Recordings

  • Food photos: Captured or selected by you and sent to our AI for nutritional analysis
  • Voice recordings: Recorded when you choose to log a meal by voice
  • Retention: Photos and audio are deleted within 24 hours of processing. Only the resulting nutritional data is kept — and only on your device
  • Purpose: Solely to identify foods and calculate nutrition information

3.3 AI Chat Conversations

  • Chat messages are stored locally on your device only — they are never uploaded to our servers
  • When you send a message, the relevant conversation history is temporarily included in the AI request for context, then discarded server-side after the response is returned

3.4 Food Logs and Nutrition Data

  • All food logs, meal entries, calorie totals, and macro breakdowns are stored locally on your device
  • This data is never synced to our servers
  • If you uninstall the app, this data is permanently deleted

3.5 Subscription and Entitlement Data

  • Your subscription status (active, trial, expired) is managed by RevenueCat and mirrored in our database linked to your anonymous session ID
  • We store: subscription state, trial status, and entitlement timestamps
  • We do not store payment card details, billing addresses, or Apple/Google account information — this is handled entirely by the App Store or Play Store

3.6 Analytics Data

  • We use PostHog to collect aggregated, anonymized data about how features are used (e.g., which screens are visited, which features are activated)
  • This data does not identify you personally
  • It is used solely to understand how to improve the app

4. How We Use Your Information

4.1 To Provide the Service

  • AI analysis: Process food photos and voice input to identify meals and calculate nutrition
  • Personalization: Deliver nutrition recommendations tailored to your goals and profile
  • AI chat: Provide conversational nutrition support using your profile as context
  • Subscription management: Verify your entitlement to use premium features

4.2 To Improve the Service

  • Analyze aggregated usage patterns to improve features and fix bugs
  • Monitor AI service performance and costs

4.3 Legal and Safety

  • Comply with legal obligations
  • Protect against fraud and abuse of AI quotas
  • Enforce our Terms of Service

5. How We Share Your Information

We do not sell your information. Because most data stays on your device, there is very little to share. What we do share:

5.1 OpenAI (AI Processing)

  • When you use an AI feature, the relevant input (text message, food photo, or audio) is sent to OpenAI for processing
  • Your profile context (name if provided, nutrition goals, unit system) may be included to personalize AI responses — but no email or identity data is included because we don't have it
  • OpenAI processes this data under their Enterprise Privacy Policy
  • OpenAI does not use API-submitted data to train their models by default

5.2 Supabase (Infrastructure)

  • Supabase hosts our anonymous authentication service and the server-side database storing your profile and entitlement data
  • Data is stored in SOC 2 compliant infrastructure and encrypted at rest and in transit

5.3 RevenueCat (Subscriptions)

  • RevenueCat manages your subscription status and communicates changes (purchase, renewal, cancellation) to our servers via webhook
  • RevenueCat receives your anonymous session ID and transaction events from the App Store or Play Store
  • RevenueCat does not receive any personal information beyond the anonymous ID

5.4 Legal Requirements

We may disclose information if required by law or to:

  • Comply with valid legal processes
  • Protect our rights, users, or the public
  • Enforce our Terms of Service

5.5 Business Transfers

If Nabcat Studio is involved in a merger, acquisition, or sale of assets, server-stored data may be transferred. We will notify users of any such change.

6. Data Storage and Retention

6.1 What Stays on Your Device (Local Storage)

  • All food logs, meal entries, macro totals, and calorie history
  • All AI chat sessions and message history
  • Your AI consent preference
  • Weight history entries

This data is stored using on-device SQLite. It is deleted permanently when you uninstall the app. We have no access to it and cannot recover it.

6.2 What Is Stored on Our Servers

  • Anonymous session ID: Your Supabase UUID
  • Profile data: Optional name, unit system, nutrition goals, onboarding status
  • Entitlement data: Subscription status and trial state
  • Webhook audit log: Anonymized subscription event records (purchase, renewal, expiration)

6.3 Media Retention

  • Food photos: Sent to OpenAI for analysis, then deleted within 24 hours
  • Voice recordings: Transcribed immediately, audio deleted — transcript used only for that session and not stored server-side

6.4 Retention Periods

  • Server-stored profile and entitlement data is retained while your anonymous session is active
  • You may request deletion of your server-side data at any time by contacting support@eatlyapp.xyz with your request — we will delete all records associated with your anonymous session ID within 30 days
  • Anonymized, aggregated analytics data may be retained indefinitely as it cannot identify you

7. Your Choices and Controls

7.1 Clear Local Data

  • You can clear all food logs at any time via Settings in the app
  • You can clear all chat history at any time via Settings
  • Uninstalling the app permanently deletes all local data

7.2 Edit or Clear Profile Data

  • You can edit or clear any profile field (name, goals, preferences) directly in Settings
  • Clearing these fields removes them from our servers

7.3 Request Server Data Deletion

Because we have no email address or identity for you, please email support@eatlyapp.xyz from any address and include a request to delete your data. We will ask you to provide your anonymous session ID (available in Settings > About) so we can locate and delete the correct records.

7.4 AI Feature Consent

  • AI features that use your profile as context require explicit in-app consent before activation
  • You can withdraw consent at any time in Settings — this disables personalized AI responses

7.5 Camera, Photos, and Microphone

  • All media permissions are optional
  • You can revoke any permission at any time via your device settings
  • The app works with manual food entry if media permissions are denied

8. Data Security

8.1 Technical Measures

  • Encryption in transit: All communication between your device and our servers uses TLS/SSL
  • Encryption at rest: Server-side data is encrypted using industry-standard encryption (Supabase SOC 2 compliant)
  • Minimal server exposure: Most sensitive data (food logs, chat history) never leaves your device
  • Anonymous by design: We cannot identify you from the data we hold even if it were exposed

8.2 Limitations

No method of storage or transmission is 100% secure. We continuously work to protect your information and have designed the app to minimize what we store server-side.

9. Children's Privacy

Nabcat is not intended for children under 13. We do not knowingly collect information from children under 13. Because we use anonymous authentication with no email collection, we have no mechanism to verify age. If you believe a child under 13 is using the Service, please contact us at support@eatlyapp.xyz.

10. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where our service providers (Supabase, OpenAI, RevenueCat) operate. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

10.1 EU/EEA Users (GDPR)

  • We comply with the General Data Protection Regulation (GDPR)
  • Your rights include: access, rectification, erasure, restriction of processing, and data portability
  • You have the right to lodge a complaint with your local supervisory authority
  • For erasure requests, see Section 7.3

10.2 California Users (CCPA)

  • We do not sell your personal information
  • You have the right to know what data we hold (see Section 6.2 for the complete list)
  • You have the right to request deletion (see Section 7.3)
  • We will not discriminate against you for exercising your CCPA rights

11. Changes to This Privacy Policy

11.1 Notification of Changes

  • Material changes: We will notify you via prominent in-app notice at least 30 days before changes take effect
  • Minor changes: We will update the "Last Updated" date at the top of this policy

11.2 Acceptance

  • Continued use of Nabcat after changes become effective constitutes acceptance of the updated policy

12. Data Collection Summary

Data TypeWhere StoredRetentionShared With
Anonymous session IDSupabase (server)Until deletion requestedSupabase, RevenueCat
Profile preferencesSupabase (server)Until cleared or deletedOpenAI (AI context only)
Food logsDevice onlyUntil cleared or uninstalledNot shared
Chat historyDevice only7 days (auto-pruned)Not shared
Food photosTransient (in-flight only)Deleted within 24 hoursOpenAI only
Voice recordingsTransient (in-flight only)Immediate deletionOpenAI only
Subscription statusSupabase (server)Until deletion requestedRevenueCat
AnalyticsPostHog (server)Indefinite (anonymized)PostHog only

13. Contact Us

If you have questions, concerns, or data requests regarding this Privacy Policy, please contact us:

Email: support@eatlyapp.xyz
Privacy inquiries: privacy@eatlyapp.xyz
App Name: Nabcat: AI Calorie Tracker
Developer: Nabcat Studio

Response Time: We aim to respond to all privacy inquiries within 5 business days.

13.1 GDPR Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: privacy@eatlyapp.xyz

13.2 Supervisory Authority

If you are located in the EU/EEA and have concerns about our privacy practices, you have the right to lodge a complaint with your local data protection authority.

Last Updated: March 23, 2026
Effective Date: March 23, 2026

This Privacy Policy reflects our privacy-first architecture: most of your data never leaves your device, and what we do store is anonymous by design.