Privacy Policy

Overview

Nombox ("we," "us," or "our") is a grocery shopping list application. This Privacy Policy describes how we collect, use, store, and protect your information. By using Nombox, you consent to the data practices described in this policy.

Information We Collect

Account Information

When you sign in using Apple or Google authentication, we collect:

  • Your name
  • Your email address
  • Your profile image
  • OAuth provider information (Apple or Google)
  • Unique authentication tokens and session data

Application Data

We collect and store the following data to provide our services:

  • Ingredient lists (names, colors, categories, quantities, completion status)
  • User preferences (theme, language, active list)
  • Referral codes and relationships
  • List sharing invitations and email addresses of invited users
  • Beta access codes and permissions

Payment Information

For premium subscriptions, we process payments through Stripe and store:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription tier and status
  • Billing interval (monthly/yearly)
  • Payment transaction history

We do not directly store credit card information. All payment processing is handled securely by Stripe.

Analytics and Usage Data

We collect comprehensive analytics to improve our services, including:

  • Ingredient actions (add, edit, delete, archive, restore)
  • Subscription events (modal views, checkout initiations, completions, cancellations)
  • App engagement (theme changes, sync actions, archive views)
  • Limit events (when free tier limits are reached)
  • User interactions and navigation patterns
  • Device information and browser data
  • Session timestamps and duration

Local Storage Data

The following data is stored in your browser's local storage:

  • Ingredient lists (for free tier users and offline access)
  • User preferences and settings
  • Analytics event queue (for batched sending)
  • Usage limit tracking
  • Tutorial completion status
  • Developer mode options
  • Beta access credentials

How We Use Your Information

We may use your information for any purpose, including but not limited to:

  • Providing and maintaining the Nombox service
  • Processing payments and managing subscriptions
  • Sending service-related notifications and emails
  • Improving and optimizing our application
  • Analyzing usage patterns and user behavior
  • Marketing and promotional purposes
  • Preventing fraud and abuse
  • Complying with legal obligations
  • Any other purpose at our sole discretion

Data Storage and Security

Free Tier: Data is primarily stored locally in your browser. You are responsible for backing up your data.

Premium Tier: Data is synchronized and stored in our secure cloud database (Neon PostgreSQL).

While we implement reasonable security measures, we cannot guarantee absolute security. You acknowledge that data transmission over the internet carries inherent risks.

Third-Party Services

We use the following third-party services that may collect and process your data:

  • Apple Sign-In: Authentication and identity verification
  • Google Sign-In: Authentication and identity verification
  • Stripe: Payment processing and subscription management
  • Neon Database: Cloud data storage
  • Umami Analytics: Usage tracking and analytics
  • Vercel: Hosting and deployment infrastructure

These services have their own privacy policies. We are not responsible for their data practices.

Data Sharing and Disclosure

We reserve the right to share your information:

  • With service providers and business partners
  • In response to legal requests or to comply with laws
  • To protect our rights, property, or safety
  • In connection with a business transaction (merger, acquisition, sale)
  • With your consent or at your direction
  • For any other purpose at our discretion

Data Retention

We retain your data for as long as necessary to provide our services and as required by law. We may retain certain information even after account deletion for legitimate business purposes, legal compliance, or to prevent fraud.

Your Rights and Choices

You may have certain rights regarding your personal data depending on your jurisdiction. However, we reserve the right to verify your identity and may deny requests that are unreasonable, excessive, or prohibited by law.

To exercise any rights, contact us at the email below. We will respond within a reasonable timeframe as required by applicable law.

Children's Privacy

Nombox is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using Nombox, you consent to such transfers.

Changes to This Policy

We may update this Privacy Policy at any time without notice. Your continued use of Nombox after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

Contact

For privacy-related questions or concerns, contact us at: nomboxapp@gmail.com

Last updated: October 30, 2025

Nombox | Privacy Policy