Privacy Policy
Effective date: 11 January 2025
In brief: Nomology is a recipe app that learns your food preferences. We collect the information you give us and use it to recommend recipes you'll enjoy. We don't sell your personal data. You can delete your account and data at any time.
1. Who we are
Nomology is operated by David Maude, a sole trader based in the United Kingdom.
Address: 15 Village Road, Hull, HU8 8QP
Privacy enquiries: privacy@nomology.food
General support: support@nomology.food
2. What data we collect
Account information
When you create an account, we collect your email address and display name. You may optionally add a profile photo. If you sign in using Apple or Google, we receive basic profile information from those services (but not your password).
Your food preferences
To recommend recipes you'll enjoy, we collect information about your tastes, including recipe ratings, ingredient preferences, cuisine preferences, cooking skill level, and equipment you have available. If you choose to exclude certain ingredients (for any reason—allergies, dietary requirements, or personal preference), we store those exclusions to filter your recommendations.
Content you create
If you use our premium features, we store recipes you create or import, recipe collections, meal plans, shopping lists, and notes you add to recipes. If you join or create a Circle (a shared group), we store content you share within that group.
Usage information
We collect information about how you use the app, including which features you access, recipes you view, and technical information such as your device type, operating system version, and app version. We also collect crash logs to help us fix problems.
Subscription information
If you subscribe to a paid plan, we track your subscription status and AI feature usage (to enforce usage limits). We do not see or store your payment card details—payments are handled entirely by Apple or Google.
3. How we use your data
We use your information to provide and improve Nomology, including to give you personalised recipe recommendations based on your taste profile, to enable features you've chosen to use (meal planning, shopping lists, Circles), to process your subscription and enforce usage limits, to send you important service messages (such as password resets or subscription confirmations), to fix bugs and improve the app, and to prevent fraud and abuse.
We do not use your personal data for advertising. We do not sell your personal data to third parties.
Anonymised analytics
We may use anonymised, aggregated data about food preferences and trends for analytics purposes, including sharing insights with third parties. This data cannot be linked back to you personally. For example, we might report that "40% of users prefer spicy food"—but never information about any individual user.
4. Our legal basis for processing
Under UK data protection law, we need a lawful basis to process your personal data. Our bases are as follows:
| Processing activity | Legal basis |
|---|---|
| Providing the app and its features | Contract (necessary to deliver the service you've signed up for) |
| Personalising recommendations | Legitimate interests (improving your experience) |
| Subscription management | Contract |
| Fixing bugs and improving the app | Legitimate interests |
| Preventing fraud | Legitimate interests |
| Sending service messages | Contract / Legitimate interests |
| Anonymised analytics | Legitimate interests |
5. Who we share your data with
We use trusted third-party services to operate Nomology. These providers process data on our behalf and are contractually required to protect it.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication | All account and preference data (encrypted, stored in EU) |
| RevenueCat | Subscription management | User ID, subscription status |
| Apple App Store / Google Play | Payment processing | Purchase transactions (we don't see card details) |
| Anthropic (Claude AI) | AI recipe features | Recipe text and prompts you submit (no user identifiers) |
| Google Cloud (Imagen) | AI image generation | Recipe descriptions (no user identifiers) |
| Firebase | Push notifications | Device tokens |
AI features and your prompts
When you use AI features (such as creating a recipe from a URL or refining a recipe), the text you provide is sent to our AI providers. We do not send your user ID or other personal identifiers with this data. However, please be aware that if you include personal information in your prompts (for example, "my husband John is allergic to..."), that text will be processed by the AI service.
6. International data transfers
Your main account data is stored by Supabase in the European Union (Stockholm, Sweden). Some of our other service providers are based in the United States, including Anthropic, RevenueCat, Firebase, and Google Cloud.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place. Our US-based providers operate under Standard Contractual Clauses approved by the UK authorities, which provide contractual protections for your data.
7. How long we keep your data
We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some data may be retained for longer if required by law (for example, financial records for tax purposes) or if anonymised for analytics.
8. Your rights
Under UK data protection law, you have the following rights:
- Access: You can request a copy of the personal data we hold about you.
- Rectification: You can ask us to correct inaccurate data.
- Erasure: You can ask us to delete your data (the "right to be forgotten").
- Portability: You can request your data in a portable format.
- Objection: You can object to processing based on legitimate interests.
- Restriction: You can ask us to restrict processing in certain circumstances.
To exercise any of these rights, please email privacy@nomology.food. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data properly.
9. Data security
We take reasonable measures to protect your data, including encryption of data in transit and at rest, secure authentication (including support for Apple and Google sign-in), access controls limiting who can access user data, and regular security reviews.
However, no system is completely secure. If you become aware of any security issues, please contact us immediately at privacy@nomology.food.
10. Children's privacy
Nomology is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app or by email before the changes take effect. The "effective date" at the top of this page shows when the policy was last updated.
12. Contact us
If you have any questions about this privacy policy or how we handle your data, please contact us:
Email: privacy@nomology.food
Post: David Maude, 15 Village Road, Hull, HU8 8QP, United Kingdom