Privacy Policy · NomLens

Last Updated: April 23, 2026 Effective Date: TBD · To be updated upon App Store approval

1. Introduction

This Privacy Policy describes how Unreal Technology Limited (“we,” “us,” or “our”) collects, uses, and protects your information when you use NomLens (the “App”), a mobile application for AI-powered food calorie tracking and nutrition logging.

By downloading, installing, or using NomLens, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the App.

Data Controller: Unreal Technology Limited Hong Kong Contact: iossupport@unrealtechai.com

2. Information We Collect

2.1 Information You Provide Directly

When you use NomLens, you may voluntarily provide the following information, all of which is stored locally on your device:

• Profile Information: Name, age, gender, height, weight, activity level, and health goals (used to calculate your personalized Basal Metabolic Rate and nutrition targets)
• Food Diary Entries: Photos of meals, food descriptions, portion sizes, meal times, and notes you add
• Favorite Foods: Custom food items you save for quick logging
• Water Intake: Daily water consumption logs
• Body Measurements: Weight entries for progress tracking (optional)

Storage: All of the above data is stored locally on your device using Apple’s SwiftData framework. This data is not transmitted to our servers.

2.2 Camera and Photo Library Access

NomLens requests permission to access your device’s camera and photo library for the following purposes:

• Camera: To capture photos of your meals for AI-powered food recognition and to scan product barcodes
• Photo Library: To select existing photos of meals for AI analysis

Data Flow: - Photos you capture or select are processed on your device and may be sent to OpenAI for AI-powered food recognition (see Section 3.1) - Barcode images are processed locally by Apple’s AVFoundation framework; only the decoded barcode number (not the image) is used to query Open Food Facts (see Section 3.2) - Photos are not uploaded to our servers or stored in our backend

2.3 Apple HealthKit Integration (Optional)

If you grant permission, NomLens reads the following data from Apple Health:

• Step Count: Daily steps walked
• Active Energy Burned: Estimated calories burned from physical activity

Purpose: To provide context for your daily calorie intake (calories in vs. calories out).

Storage: HealthKit data is read on-demand and displayed within the App. We do not store, copy, or transmit this data to any external servers. HealthKit data remains exclusively in Apple’s secure Health database on your device.

Your Control: You can revoke HealthKit access at any time via iOS Settings → Health → Data Access & Devices → NomLens.

2.4 Subscription Information

If you subscribe to NomLens Premium, we use Apple’s In-App Purchase system and RevenueCat for subscription management. The following information is collected:

• Subscription status (active / expired / trial)
• Subscription plan (monthly / annual)
• Purchase receipt (processed by Apple)
• Anonymous subscriber ID (generated by RevenueCat)

Payment Information: NomLens does not collect, access, or store your credit card, debit card, or any payment information. All payments are processed directly by Apple through the App Store.

2.5 Anonymous Usage Analytics

We use Mixpanel to collect anonymous usage analytics to improve the App. This includes:

• Feature usage patterns (which screens are visited, how often features are used)
• App performance metrics (crash reports, load times)
• Anonymous device identifier (generated by Mixpanel, not linked to your identity)
• App version, iOS version, device type (e.g., iPhone 17 Pro)

We do not collect: - Your name, email, or any personally identifiable information - The content of your food entries or photos - Your precise location

2.6 Diagnostic and Crash Data

If the App crashes or encounters an error, we may collect:

• Crash logs (via Apple’s built-in crash reporting or Sentry, if enabled)
• Device model and iOS version
• Stack traces (technical error information)

This data is used solely to diagnose and fix bugs.

3. Third-Party Services

NomLens uses the following third-party services. Each service has its own privacy policy that applies when your data is shared with them:

3.1 OpenAI (Food Recognition)

• Purpose: AI-powered food identification and nutrition estimation from photos
• Data Shared: Meal photos (when you use the photo scan feature)
• Data Retention: OpenAI processes images per their API data retention policy. As of this writing, OpenAI does not use API data for model training and retains data for abuse monitoring for up to 30 days.
• Privacy Policy: https://openai.com/policies/privacy-policy

3.2 Open Food Facts (Barcode Database)

• Purpose: Product information lookup by barcode number
• Data Shared: Barcode numbers only (no user identifiers, no photos)
• Data Retention: Query logs per Open Food Facts public API terms
• Privacy Policy: https://world.openfoodfacts.org/cgi/privacy.pl

3.3 RevenueCat (Subscription Management)

• Purpose: Manage subscription state across devices and platforms
• Data Shared: Anonymous subscriber ID, subscription status, purchase receipts
• Data Retention: Per RevenueCat data retention policy
• Privacy Policy: https://www.revenuecat.com/privacy

3.4 Mixpanel (Product Analytics)

• Purpose: Anonymous usage analytics to improve the App
• Data Shared: Anonymous usage events (no PII)
• Data Retention: Per Mixpanel data retention policy
• Privacy Policy: https://mixpanel.com/legal/privacy-policy/

3.5 Apple (Platform Services)

• Purpose: App distribution, In-App Purchase, HealthKit, iCloud (if user enables)
• Data Shared: Per Apple’s standard platform services
• Privacy Policy: https://www.apple.com/legal/privacy/

4. How We Use Your Information

We use the collected information for the following purposes:

1. Provide Core Functionality: Display your food diary, calculate nutrition totals, track progress toward your goals
2. AI Food Recognition: Process meal photos via OpenAI to identify foods and estimate nutrition
3. Personalization: Customize nutrition targets based on your profile (age, weight, activity level)
4. Subscription Management: Process and validate your subscription status
5. App Improvement: Analyze anonymous usage patterns to improve features
6. Bug Diagnosis: Investigate crashes and errors to improve stability
7. Customer Support: Respond to your inquiries (only when you contact us)

We do not use your information for: - Advertising or ad targeting - Selling data to third parties - Training AI models (our integration with OpenAI is per-request and does not contribute to model training) - Cross-device tracking for marketing

5. Data Storage and Security

5.1 Local Storage

The majority of your data is stored locally on your device:

• Food diary entries, favorites, water intake, body measurements: SwiftData database on device
• Profile information and preferences: iOS UserDefaults on device
• Photos: Not stored by NomLens (only processed via OpenAI API, which does not retain long-term)

5.2 iCloud Sync (Optional, Future Feature)

Future versions of NomLens may offer iCloud sync for cross-device data backup. If enabled, your data will be stored in your personal iCloud account, controlled by Apple’s security and privacy standards. This feature is not currently active in the initial release.

5.3 Security Measures

We implement industry-standard security practices:

• API keys for OpenAI and other services are stored securely using iOS Keychain (when applicable)
• Network communications use HTTPS/TLS encryption
• No personal data is transmitted in plain text
• Access to our infrastructure follows principle of least privilege

However, no system is 100% secure. If we become aware of a data breach that affects you, we will notify you in accordance with applicable law.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (European Economic Area, UK)

If you are located in the EEA or UK, under the General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (right to be forgotten)
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to our processing of your data
• Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at iossupport@unrealtechai.com.

Since most data is stored locally on your device, you can also exercise many rights directly by: - Deleting entries within the App - Uninstalling the App (deletes all local data) - Revoking HealthKit permission in iOS Settings

6.2 CCPA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know what personal information is collected
• Request deletion of personal information
• Opt-out of the sale of personal information (Note: We do not sell your personal information)
• Non-discrimination for exercising your rights

6.3 Other Jurisdictions

Residents of other jurisdictions may have similar rights under local privacy laws. Contact us at iossupport@unrealtechai.com to learn more.

7. Children’s Privacy

NomLens is not intended for use by children under 13 years of age (or under 16 in the EEA/UK).

We do not knowingly collect personal information from children. If we learn that we have collected information from a child without parental consent, we will delete that information promptly. If you believe your child has provided us with information, please contact iossupport@unrealtechai.com.

The App is rated 12+ on the App Store based on references to health and fitness topics that may not be suitable for young children.

8. Data Retention

• Local Device Data: Retained until you delete individual entries or uninstall the App
• Photos Sent to OpenAI: Not retained by us; subject to OpenAI’s retention policy (typically up to 30 days for abuse monitoring, not used for training)
• Subscription Records: Retained by Apple and RevenueCat per their respective policies
• Analytics Data: Retained by Mixpanel per their data retention policy (typically 1-5 years)
• Support Communications: Retained for up to 2 years after the last interaction

9. International Data Transfers

If you are located outside the United States or the European Union, please be aware that your data may be transferred to and processed in countries where our third-party service providers operate (primarily the United States).

We ensure appropriate safeguards are in place through: - Standard Contractual Clauses (SCCs) with service providers - Service providers certified under relevant frameworks (e.g., EU-US Data Privacy Framework where applicable)

10. Cookies and Tracking Technologies

NomLens is a mobile application and does not use web cookies. However, it does use:

• Anonymous Device Identifiers: Generated by Mixpanel for analytics (not linked to your Apple ID)
• iOS Advertising Identifier (IDFA): Not used by NomLens

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the “Last Updated” date at the top of this policy
• For material changes, we will notify you via in-app notification or email (if we have your email)
• Continued use of the App after changes indicates your acceptance of the updated policy

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Unreal Technology Limited Hong Kong Email: iossupport@unrealtechai.com

For privacy-specific inquiries (GDPR / CCPA): iossupport@unrealtechai.com For general support: iossupport@unrealtechai.com

Last Updated: April 23, 2026 Version: 1.0