nomblr Back to home

Privacy Policy

Last updated: April 26, 2026

Nomblr is a private food diary and crew recommendation app. This policy explains what we collect, why we collect it, who helps us run the service, and how account deletion works.

Plain-English Summary

Nomblr is built around private crews, not a public review feed. Your ratings, visit history, recommendations, and profile details are used to run the app and show information to crews you join or create. We do not sell personal data, and we do not use advertising tracking or IDFA-based tracking unless the app changes and this policy is updated.

Information We Collect

Account Data

  • Email address, display name, Supabase user ID, and basic account status.
  • Authentication provider details for Apple, Google, email magic link, or email/password sign-in.

User Content

  • Restaurant ratings, visit history, recommendation notes, saved places, and dining activity you create in Nomblr.
  • Priorities and taste quiz answers used to personalize crew scores and recommendations.
  • Crew names, crew descriptions, memberships, invitations, and other crew activity.
  • Profile and avatar selections you choose in the app.

Location

  • If you grant location permission, Nomblr uses your foreground location to search for nearby restaurants or places.
  • Nomblr does not use background location unless the app changes and this policy is updated.
  • Raw location is not sold and should not be exposed to other users.

Push Notifications

  • FCM/APNs device tokens used to deliver notifications.
  • Notification preferences, delivery state, and related account settings.

Purchases

  • RevenueCat entitlement, subscription, product, renewal, and purchase-status metadata.
  • Apple and Google process payment details. Nomblr does not see or store your card number.

Analytics and Diagnostics

  • Firebase Analytics app interaction data, such as screens, feature usage, app version, device type, and general engagement events.
  • Firebase Crashlytics crash reports and diagnostic data used to fix stability problems.
  • No advertising tracking, no sale of data, and no IDFA-based tracking unless the app changes.

How We Use Information

  • Provide account sign-in, private crews, ratings, visit history, recommendations, and personalized scoring.
  • Search for nearby restaurants and places when you ask the app to do that.
  • Send push notifications you enable and honor your notification preferences.
  • Manage Pro entitlements, purchase restoration, and subscription status.
  • Detect bugs, troubleshoot crashes, secure the service, prevent abuse, and respond to support or moderation reports.

Sharing and Visibility

  • Ratings, recommendations, and relevant visit details are shared only inside crews you join or create.
  • Nomblr does not publish a public review feed.
  • We may share limited information with service providers that process data for Nomblr, or when required for security, legal compliance, or safety.
  • We do not sell personal data.

Processors and Infrastructure

  • Supabase: authentication, user IDs, database hosting, storage, and app data processing.
  • Firebase / Google Cloud: analytics, Crashlytics diagnostics, push notification delivery, and related cloud infrastructure.
  • RevenueCat: subscription entitlement and purchase status management.
  • Apple and Google: app distribution, authentication systems, payment processing, APNs/FCM notification systems, and subscription management.
  • Google/place search services: nearby restaurant and place search where used by the app.

Your Choices

  • Update your display name, avatar, preferences, and notification settings in the app where available.
  • Control location and notification permissions from your device settings.
  • Restore purchases in the app if your App Store or Google Play subscription is not reflected correctly.
  • Request account deletion in the app or by contacting hello@nomblr.app.

Retention and Deletion

You can request deletion in the app from Settings or by using the instructions on our Delete Account page. When deletion is requested, Nomblr marks the account for deletion and places it in the account deletion queue.

Permanent deletion or anonymization is scheduled after a 30-day grace period. You may restore the account during that period by signing in before permanent deletion is processed. After 30 days, Nomblr batches permanent deletion or anonymization from the account_deletion_requests queue.

Some records may be retained if legally required, for security reasons, or in anonymized or de-linked form to preserve database integrity. Deleting a Nomblr account does not cancel an App Store or Google Play subscription; subscriptions must be cancelled through Apple or Google account settings.

Safety, Moderation, and Reports

Nomblr may review reports and moderation records to keep crews safe and enforce our Terms. To report abusive user content, harassment, hate content, illegal content, spam, or another safety issue, contact hello@nomblr.app with enough detail for us to investigate.

Security

We use HTTPS/TLS, provider access controls, and operational safeguards to protect data. No online service can guarantee absolute security, but we work to limit access to people and systems that need it to operate Nomblr.

Children

Nomblr is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

Changes

If Nomblr changes materially, including new data uses such as background location or advertising tracking, we will update this policy and the last-updated date.