NexoPlate

Legal

Privacy Policy

Last updated: April 5, 2026

NexoPlate ("we," "our," or "us") is operated by Evercrest Technologies LLC, a Pennsylvania limited liability company. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with the NexoPlate mobile application and website (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

This policy applies to users in the United States (including California) and Canada. If you are located outside of these regions, please do not use the Service.

1. No User Accounts

NexoPlate does not require you to create an account. We do not collect your name, email address, or any personal profile information as part of normal app use. All food logs, weight entries, goals, and preferences you enter are stored locally on your device and are never transmitted to or stored on our servers unless you actively use an AI-powered feature (see Section 4).

2. Data Stored on Your Device

The following data is created and stored exclusively on your device using Apple's on-device database (SwiftData):

• Food entries and calorie logs
• Macro and nutrition tracking data
• Weight entries and history
• Calorie, macro, step, and burn goals
• Saved foods and saved meals
• Dashboard configuration and preferences
• AI Coach memories (see Section 5)
• Onboarding profile data (age, gender, height, activity level, goal type)

This data is not backed up to our servers. If you delete the app, lose your device, or transfer to a new device without a proper backup, this data will be permanently lost. We strongly recommend enabling iCloud Backup on your device.

3. Categories of Information We Collect

While we do not maintain user accounts, certain limited information is collected or processed when you use the Service. The table below lists each category of information, what it includes, how we use it, and how long we retain it.

Category	What We Collect	Purpose	Retention
Device Identifier	A randomly generated UUID stored on your device	Subscription validation, chat rate limiting	Stored on your device only; on our server only if you redeem an access code (retained for the life of the subscription)
Subscription Email	Email address provided to Stripe at checkout	Delivering your access code and transactional emails	Stored for the life of the subscription plus 30 days after expiration or revocation
Payment Information	Credit card and billing details	Processing subscription payments	We never receive or store this data. Handled entirely by Stripe or Apple.
AI Chat Messages	Messages you send to NexoPlate Coach, plus app context (current food log, goals, profile data, weight, step/burn data, saved user memories)	Generating AI coaching responses	Not stored on our servers after the response is delivered. Processed by OpenAI, which retains API data for up to 30 days per their policy.
AI Photo Data	Photos you submit for AI food recognition	Identifying food items and estimating nutrition	Processed in real time and immediately discarded. Not stored on our servers. Processed by OpenAI (retained up to 30 days per their policy).
Health & Fitness Data	Step count and active energy burned (read-only from Apple HealthKit)	Displaying fitness metrics in the app and providing context to AI Coach when you use chat	Stored on your device only. Included in AI chat context only during active Coach sessions.
Food Search Queries	Text search terms and barcode numbers	Looking up nutrition data from USDA and OpenFoodFacts databases	Cached for up to 12 days for performance. No user-identifying data is included.
Contact Information	Name, email, and message content submitted via contact or suggestion forms	Responding to support requests and feature suggestions	Retained for 90 days after resolution, then deleted
Usage Counts	Daily and monthly message counts for AI Coach	Enforcing fair-use rate limits	Reset daily and monthly; stored alongside subscription data

4. How We Use AI-Powered Features

When you use NexoPlate Coach or AI Photo Entry, your data is transmitted to our backend servers hosted on Cloudflare, which then forward requests to OpenAI for processing. The data sent to OpenAI includes:

• Your chat message or food photo
• Current day's food log and macro totals
• Your profile data (age, gender, height, weight, activity level, goal type)
• Step and calorie burn data
• Up to 40 AI Coach memories stored on your device
• Your saved foods and meals

This data is used solely to generate personalized coaching responses and food recognition results. We do not use this data for advertising, profiling, or any purpose other than delivering the AI feature you requested.

5. AI Coach Memories

NexoPlate Coach may generate "memories" — brief summaries of your preferences, dietary restrictions, and goals — to personalize your coaching experience over time. These memories are:

• Stored exclusively on your device, not on our servers
• Fully visible and manageable by you within the app
• Deletable at any time from Settings → Coach → Memory Settings
• Included in AI chat context only when you actively use the Coach

6. HealthKit Data

NexoPlate may request read-only access to Apple HealthKit for step count and active energy burned data. In accordance with Apple's guidelines:

• HealthKit data is never used for advertising or shared with data brokers
• HealthKit data is never transmitted to our servers except as part of AI Coach context when you initiate a chat session
• HealthKit data is never sold or shared with third parties for marketing
• You can revoke HealthKit access at any time in iPhone Settings → Privacy & Security → Health

7. Email Communications and Marketing Consent

By purchasing a NexoPlate Pro subscription (whether through the App Store or our website), you consent to receive transactional emails related to your subscription (such as access code delivery and purchase confirmations) as well as occasional marketing communications from NexoPlate, including blog posts, product updates, and feature announcements.

You may unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link included in every marketing email we send. Unsubscribing from marketing emails will not affect transactional emails related to your subscription.

We will never sell, rent, or share your email address with third parties for their marketing purposes.

8. Third-Party Service Providers

We work with a limited number of third-party services to operate the Service. Each provider receives only the minimum data necessary for its function:

• Cloudflare: Hosts our backend infrastructure. May process request metadata (IP addresses, request headers) per Cloudflare's Privacy Policy.
• OpenAI: Processes AI Coach messages and food photo recognition. Receives chat messages and app context as described in Section 4. Governed by OpenAI's Privacy Policy.
• Stripe: Processes payments for web-based subscriptions. We never receive or store your payment card details. Governed by Stripe's Privacy Policy.
• Resend: Delivers transactional and marketing emails. Receives your email address and email content. Governed by Resend's Privacy Policy.
• USDA FoodData Central: Public government database for food search. No personal data is transmitted.
• Open Food Facts: Public database for barcode scanning. No personal data is transmitted.
• Apple (App Store & HealthKit): Processes App Store subscriptions and provides HealthKit data access. Governed by Apple's Privacy Policy.
• Squarespace: Hosts our website. May collect standard visitor analytics. Governed by Squarespace's Privacy Policy.

We do not sell, rent, or share your information with any third parties beyond what is listed above.

9. Cross-Border Data Transfers

NexoPlate is operated from the United States. If you access the Service from Canada, please be aware that data processed through our AI features (NexoPlate Coach and AI Photo Entry) and subscription services is transmitted to and processed on servers located in the United States. By using these features, you consent to the transfer of your data to the United States.

We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. All data in transit is encrypted using HTTPS/TLS.

10. Data Security

All communications between the app and our backend services use encrypted HTTPS connections. On-device data is protected by Apple's built-in device encryption. Because we do not maintain user accounts or store personal data on our servers beyond what is described in this policy, the risk of a data breach affecting your personal information is minimal. However, no system is completely secure, and we cannot guarantee absolute security of data in transit.

11. Data Loss Disclaimer

12. Children's Privacy

NexoPlate is not intended for use by children under the age of 13 (or under 16 in California for purposes of sensitive personal information). We do not knowingly collect any information from children under 13. If you believe a child under 13 has used the Service, please contact us at legal@nexoplate.com and we will take appropriate steps to delete any associated data.

13. Your Privacy Rights

All Users: You may contact us at any time at legal@nexoplate.com to request information about what data we hold that is associated with your device, to request correction of inaccurate data, or to request deletion of your data from our systems.

California Residents (CCPA/CPRA): If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete personal information we have collected about you. We will process deletion requests within 45 days.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. However, you may submit an opt-out request at any time.
• Right to Limit Use of Sensitive Information: You may request that we limit our use of sensitive personal information (such as health and nutrition data) to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at legal@nexoplate.com or submit a request through our contact form. We may verify your identity by asking you to provide your device ID (found in Settings within the app). We will respond to verifiable requests within 45 days.

Do Not Sell or Share My Personal Information: Evercrest Technologies LLC does not sell your personal information, nor do we share it for cross-context behavioral advertising. If you would like to submit a formal opt-out request, please email legal@nexoplate.com with the subject line "Do Not Sell or Share."

Canadian Residents (PIPEDA): If you are a Canadian resident, you have the right to access, correct, and request deletion of your personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA). By using AI-powered features of the Service, you expressly consent to the collection, use, and cross-border transfer of your data as described in this policy. To exercise your rights, contact us at legal@nexoplate.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.