Privacy Policy
What data, why, and where — all out in the open.
Nebu is an iOS app. It analyzes packaged food via barcode scanning. Our relationship with data follows three principles: collect the minimum, keep it on the device when possible, let you delete it permanently whenever you want.
Use at your own risk — no liability is accepted, under any circumstance.
The Nebu application makes no warranty and accepts no liability regarding the accuracy, timeliness, completeness, or fitness for any particular purpose of the scores, interpretations, warnings, or product information it displays. Every decision made based on information from the application is solely the USER's responsibility.
To the maximum extent permitted by law, Nebu, Appnor, and the associated developers shall not be liable for any damages arising from use of the application, from decisions made through the application, or from third-party data sources (including Open Food Facts) — whether direct, indirect, incidental, special, punitive, or consequential, including but not limited to allergic reactions, health issues, medical conditions, financial loss, data loss, or purchasing decisions.
The application is provided "AS IS" and "AS AVAILABLE". It does not constitute medical advice, legal opinion, or professional consultation. For any health, allergy, nutrition, or medical matter, you MUST consult a qualified professional. Your continued use of the application indicates that you have fully read, understood, and accepted these terms.
Nebu does not track you and runs no ad SDK. Firebase Auth stores only your email, display name, and an anonymous user ID. Your health preferences and scan history never leave the device. You can permanently delete your account with a single tap.
1 · Data collected
Nebu touches four kinds of data. The purpose and source of each is described below.
When you sign in with Apple or Google we receive email, display name, and a Firebase user ID. No password is stored.
Active only while a barcode is being read. No photo or video is recorded and nothing leaves the device.
The barcode you scan is sent as a query to Open Food Facts. That query is not linked to your identity.
Age, goal (e.g. weight management), diet style, allergies/restrictions. All stored on the device.
2 · How it's used
- App functionality: identify a barcode, fetch its nutrition data, generate a score.
- Personalization: apply different weights per goal (e.g. a stronger sugar penalty for diabetes).
- Authentication: one-tap sign-in via Apple or Google, session handling.
- Safety alerts: surface a warning if a scanned product matches a restriction you've declared.
No data is used for advertising, profiling, or behavioral analytics.
The Apple App Privacy manifest lists NSPrivacyTracking as false
and declares an empty tracking-domain list.
3 · Where it lives
| Data | Location | Encrypted? |
|---|---|---|
| Email, display name, user ID | Firebase Authentication (Google Cloud) | Yes — Google-side + HTTPS in transit |
| Health profile (age, goal, diet, restrictions) | iOS Keychain — this device only | Yes, backed by Apple Secure Enclave |
| Scan history, favorites | SwiftData (on-device database) | Via the iOS system encryption layer |
| Product cache | On-device file system | Via the iOS system encryption layer |
| Analytics / tracker data | Not collected | — |
Your health profile is not synced via iCloud Keychain
(marked with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly).
If you sign into the same account on another device, your profile starts empty again.
4 · Third parties
Nebu communicates with three external services:
- Firebase Authentication (Google LLC) — Apple / Google Sign-In flow. Stores email, name, and user ID. Firebase privacy.
- Open Food Facts (non-profit) — returns product data for a given barcode. Not linked to your identity. Terms of use.
- Apple system services — Keychain, camera, notification infrastructure. Governed by Apple's Platform Security rules.
No sharing with ad networks, analytics platforms, or data brokers.
5 · Retention
Until you delete it. The account deletion flow removes the Firebase record immediately.
Until you change or delete it, only on the active device.
Last 100 scans. Older records roll off automatically. Clearable in bulk.
Refreshes after 7 days. Clearable instantly from Settings → Data Management.
6 · User rights (GDPR / KVKK)
All of the following rights can be exercised from inside the app:
- Access: see what's in your health profile on the Profile screen.
- Rectification: update any field at any time from Profile.
- Erasure: delete individually (history, favorites, cache, preferences) or wholesale (Delete Account).
- Restriction: uninstalling the app removes everything except the server-side Firebase record. For that, use Delete Account.
- Objection / complaint: email hello@appnor.io. You may also file a complaint with your local data protection authority.
7 · Account deletion flow
In line with App Store Guideline 5.1.1(v), you can permanently delete your account from inside the app:
- Open the Profile tab.
- Tap Delete Account in the Account card.
- Read the warning and confirm.
In a single operation this removes:
8 · Children
Nebu is not directed at children under 13 and does not knowingly collect data from that age group. If you discover that your child is using Nebu and has created an account, email hello@appnor.io — we delete the account the day you notify us.
9 · Security measures
- All network traffic is HTTPS (TLS 1.2+).
NSAllowsArbitraryLoadsis off. - Sensitive preferences live in the iOS Keychain — cleared if the app is uninstalled.
- OAuth via Apple / Google Sign-In; no password ever enters the app.
- Apple Privacy Manifest declares all required-reason API usage.
- Third-party SDK count is deliberately minimal (Firebase Auth + Google Sign-In).
10 · Changes
When this policy changes, the "Last updated" date at the top changes and significant changes are announced in-app. Effective on the day the new version ships.
11 · Contact
For privacy questions, correction requests, or data deletion:
Email: hello@appnor.io
Web: nebu.appnor.io