NaleeNaleeBack to home

Legal

Privacy Policy

Last updated June 9, 2026

Nalee (“Nalee”, “we”, “us”) was built to be the unbought second opinion, and that starts with how we treat your information. We do not sell your personal data. We do not share it for advertising. We do not run ads. This policy explains exactly what we collect, why, and the choices you have. It applies to the Nalee app and this website. Nalee is an independent product; entity details will be updated here when our company formation completes (before paid launch).

What we collect

  • Account: when you sign in with email, Apple, or Google, we receive your name and email address to create and secure your account.
  • Scan activity: the products you scan, your scan history, items you save, and your watchlist. This is stored in your private account so your history can sync across your devices. It is never shared with brands or anyone else.
  • Your Flags (sensitive preferences): if you choose to set up a sensitivity profile (for example allergies or ingredient concerns), we store those preferences to personalize your flags. Because this can touch on health, we only collect it when you opt in, and you can change or delete it at any time.
  • Submissions: photos, barcodes, and notes you send when a product is not yet in our library. Submitted photos are processed (including by optical character recognition) to read the label and may be reviewed before a product is added.
  • Community posts: anything you choose to share publicly, such as a #sayNAH post.
  • Payment information: if you join Inner Circle, billing is handled by Apple, Google, or Stripe. We never see or store your full card number. We receive confirmation of your subscription status and the records we need for accounting.
  • Diagnostics: basic, aggregated usage and crash information to keep the app working.

Cookies and local storage

We use a small amount of on-device storage for things the service needs to function: your sign-in session, your theme preference, and your daily free-scan counter. We use no advertising trackers, no analytics pixels, and no cross-site tracking, which is why you will not see a cookie banner. Because we do not track you across other sites, “Do Not Track” and Global Privacy Control signals have nothing here to switch off; we honor their intent by default.

How we use your information

  • To provide the service, sync your history, and personalize your flags (performance of our contract with you).
  • To review submissions and grow the verified library (contract, and our legitimate interest in accurate data).
  • To improve scoring quality and fix bugs, using aggregated or de-identified data where possible (legitimate interest).
  • To send service emails such as receipts, renewal reminders, and policy updates (contract and legal obligation). Marketing email is opt-in only, and every one has an unsubscribe link.

What we never do

We do not sell your personal information. We do not share it for targeted advertising. No brand can pay to change a score or its placement, and no brand receives your scan data. In the words of the California Consumer Privacy Act: we do not “sell” or “share” personal information, and we have not done so in the preceding 12 months.

Service providers

A small set of providers process data on our behalf under data-processing agreements: Supabase (database and storage), Vercel (web hosting), Stripe (web payments), RevenueCat (subscription management), and Apple and Google (sign-in and app-store billing). Public product data comes from sources like Open Food Facts, Open Beauty Facts, and Open Pet Food Facts; nothing about you is sent to them. Our providers are based in the United States; where data of EU or UK users is transferred, the transfer is covered by Standard Contractual Clauses in those agreements.

Retention

We keep your data while your account is active. If you delete your account, we delete your personal data, including scan history and sensitivity preferences, within 30 days, keeping only what the law requires us to keep (for example tax and payment records, retained by our payment providers). Unreviewed submissions are deleted after 12 months.

Your rights, wherever you live

We extend the same rights to every user, voluntarily and consistent with laws like the GDPR and CCPA: access, correction, export (your scan history as a file), deletion, and objection. You can request deletion of your account and all associated data in the app or by emailing esdronski@gmail.com. We respond within 30 days and will verify it is really you before acting. We will never treat you differently for exercising a privacy right. EU and UK users also have the right to withdraw consent at any time and to lodge a complaint with their local supervisory authority.

Children

Nalee is for adults and teens. It is not directed to children under 13 (or under 16 in the EU), and we do not knowingly collect their data. If we learn we have, we delete it promptly. Parents can reach us at esdronski@gmail.com.

Security and breaches

Data is encrypted in transit and at rest, access is restricted, and we use row-level security on our database. No system is perfect; if a breach ever puts your data at risk, we will notify you and the relevant authorities without undue delay, and within the timelines the law requires.

Changes and contact

We will post updates here with a new effective date, and email you if a change meaningfully affects your rights. Questions and requests: esdronski@gmail.com.