Privacy Policy

Last updated: 2026-06-09

NomBot.ai ("NomBot," "we," or "us") is built by a solo developer doing business as Mindless AI LLC. We take your privacy seriously and try to collect as little data as possible while still giving you great food recommendations. This policy explains what information we collect, why we collect it, and what choices you have.

1. Information We Collect

Provided by you

• Account details from Apple Sign-In or Google Sign-In — typically your email address, display name, and a Firebase user ID assigned to your account.
• Food preferences you configure inside the app, including favorite cuisines, dietary restrictions, and similar taste settings.
• Spin history and feedback you give on restaurants NomBot recommends (thumbs up/down, saves, skips).
• Any messages you send us when you contact support via the contact form on this website.
• Your email address if you sign up for our newsletter through the website. Signing up is entirely voluntary.

Collected automatically

• Precise device location, but only when you actively ask NomBot to find nearby restaurants. Location is requested at the point of use and is not stored long-term on our servers.
• Basic device information (device model, operating system version, app version) needed to keep the app working and compatible.
• Crash diagnostics via Firebase Crashlytics when the app crashes or throws an unexpected error. Crash and diagnostic reports are associated with your account identifier so we can investigate issues linked to specific accounts.
• In-app interaction signals linked to your account, such as which restaurant cards you tap into, which action buttons (e.g., directions, phone, website) you use, cards you skip past, and general session activity patterns. We collect these signals to learn your preferences and improve the relevance of the restaurants we recommend to you.
• The interaction signals above are stored linked to your NomBot account so that your personalized recommendations improve as you use the app. You can delete this data at any time by deleting your account via Profile > Account.
• When you choose to share a restaurant pick, we record that you shared it — the restaurant and a randomly generated share identifier, linked to your account — so we can create the share link and understand how the sharing feature is used.

2. How We Use Your Information

• To operate core app functionality — letting you sign in, sync preferences across devices, and see your spin history.
• To generate personalized restaurant recommendations based on your preferences, location, explicit feedback (saves, skips, ratings), and in-app interaction signals we have observed over time.
• To manage your account, including subscription status and account deletion.
• To detect and prevent fraud, abuse, and violations of our Terms of Service.
• To improve the app by reviewing aggregate, non-identifying usage and crash data.
• To create the public link when you share a restaurant pick, and to measure how sharing performs using anonymous, aggregate view and tap counts.
• To send you occasional product emails. When you create a NomBot account, we may send you product emails — new features, important updates, and the NomBot newsletter. Every such email includes a one-click unsubscribe link, and you can opt out at any time, including via our contact page. If you subscribe via our website, we use your email solely for the newsletter.

About shared links: When you tap Share on a restaurant, NomBot creates a public web page at a nombot.ai link that shows the restaurant and NomBot's note about it. Anyone you send the link to can open it, and the page is not indexed by search engines. A shared page never includes your name, email, or any other personal information — only the restaurant and NomBot's take. We count anonymous views and tap-throughs on shared pages to measure the feature; we do not identify the people who open a shared link.

3. Service Providers

NomBot relies on a small number of trusted service providers to run. We only share the minimum information each provider needs to do its job:

• Firebase (Google) — authentication, Firestore database for your preferences, and Crashlytics for crash diagnostics.
• Google Firebase Analytics (GA4) — collects usage and interaction analytics (e.g., features used, screen views, session activity) to help us understand how the app is used and where to improve it. Analytics data is pseudonymous and governed by Google's privacy policy.
• RevenueCat — handles subscription and purchase receipts. RevenueCat stores purchase history and a pseudonymous identifier tied to your account.
• Google Places / Google Maps — powers restaurant search and map views. Location queries run against Google's APIs in real time.
• OpenRouter — we use OpenRouter to generate recommendation and personality text from language models. We do not send your email, name, or other personally identifying information to OpenRouter.

We do not sell your personal information. We do not share it with third parties beyond the service providers above. NomBot does not run cross-app or cross-site tracking, does not present an App Tracking Transparency prompt, and does not integrate with advertising networks.

4. Data Retention

We retain your account information and preferences for as long as your account is active. When you delete your account, we purge your personal data from our systems immediately upon confirmation. Some derivative records may persist according to their own retention policies: billing history required by Apple or Google, pseudonymous purchase events retained by RevenueCat for billing audit, and immutable audit-log entries we are required to keep.

5. Your Rights

You can access or update most of your information directly inside the app. To permanently delete your account and associated data, use the in-app "Delete Account" button under Profile > Account. Deletion is final and runs an end-to-end purge of your data.

If you are located in the European Economic Area, the United Kingdom, or California, you may have additional rights under laws such as the GDPR or CCPA — including the right to access, correct, export, or restrict processing of your data. We honor those rights on request; please contact us using the link below.

If we use your in-app interaction data for personalization on the basis of our legitimate interests, you have the right to object to that processing at any time. To exercise that right, contact us at hello@nombot.ai and we will stop using behavioral signals for your recommendations and delete the stored interaction history tied to your account.

Newsletter and marketing emails: Every newsletter or marketing email we send includes a one-click unsubscribe link. You may also unsubscribe at any time via our contact page. We will process unsubscribe requests promptly and will not send further marketing emails once you have opted out.

6. Children's Privacy

NomBot is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will also notify you by email or with an in-app notice before the changes take effect.

8. Contact

Questions about this policy? Reach out via our contact page.

This policy is provided for informational purposes and is not legal advice. Please consult your own counsel for definitive interpretation.