Privacy Policy

Effective date: 10 April 2026 · Last updated: 12 April 2026

Noosh (“we”, “us”, “our”) operates the Noosh mobile application and the website at nooshapp.com. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.

1. Data We Collect

a) Account information

When you sign in with Google, we receive your name, email address, and profile photo from your Google account. We use this to create and display your Noosh profile. We do not receive or store your Google password.

b) Dinner and dish information

Content you create within the app — dinner titles, descriptions, dates, locations, dish slot names, slot claims, and guest notes — is stored so that you and your guests can coordinate meals.

c) Photos

If you grant camera or photo library access, you can upload images as dinner cover photos or memory gallery photos. These images are stored in our cloud storage. We only access your camera or photo library when you actively choose to upload.

d) Contacts

If you grant contacts access, we read your device contacts solely to help you find friends to invite to dinners. We do not upload, store, or share your contact list with anyone. Contact data is used on-device only.

e) Calendar

If you grant calendar access, we can add dinner events to your device calendar. We do not read or collect any existing calendar data.

f) Push notification tokens

If you enable notifications, we store a device token to send you updates about your dinners (e.g. when a guest claims a slot, a dinner is approaching, or a host sends a nudge).

g) Invites and referral tracking

When you create named invites or share trackable invite links, we store the invited name, email address (if provided), and invite status. If a guest claims a slot via a shared link, we record a referral attribution so you can see who brought whom. This data is visible only to the dinner host and co-hosts.

h) Co-hosting

If you are added as a co-host to a dinner, we store your co-host assignment. Hosts can also invite co-hosts by email — in that case the email address is stored until the invite is accepted or the dinner ends.

i) Web guests

Guests who view and claim a dinner slot via the web preview (without downloading the app) provide a name and dish name. They may optionally provide an email address to link their claim to a future account. No account or authentication is required for web guests.

j) Reports and moderation

If you report content or a user, we store the report details (reason and optional description) along with your user ID. If a host removes a guest from a dinner, we record that action. If you block another user, we store that relationship. Block records are deleted if either user deletes their account.

k) Badges and milestones

We track milestones such as the number of dinners you've hosted or attended, and award badges based on your activity. This data is used solely for in-app celebration features.

l) Local storage

The app caches dinner data on your device using local storage (MMKV) for faster loading. This data stays on your device and is cleared if you sign out or delete your account.

m) Waitlist

If you sign up for our waitlist on the landing page, we collect your email address to notify you when Noosh is available.

2. How We Use Your Data

  • Provide the service: Display your profile, create and share dinners, coordinate dish slots, manage invites and co-hosts, deliver notifications, and track badges and milestones.
  • Improve Noosh: Understand usage patterns (e.g. how many dinners are created) to improve the product. We do not sell or share personal data for advertising.
  • Safety and moderation: Process reports, enforce blocks, manage guest removals, and enforce our terms of service.
  • Transactional emails: Send you your data export when requested, or notify guests if a dinner is cancelled due to account deletion.

3. Third-Party Services

We use the following third-party services:

  • Supabase (database, authentication, file storage, edge functions) — hosted in the EU. Supabase processes your account data and dinner content on our behalf. See Supabase's Privacy Policy.
  • Google OAuth (authentication) — handles sign-in only. See Google's Privacy Policy.
  • Expo / EAS (push notifications, app builds) — delivers push notifications to your device. See Expo's Privacy Policy.
  • Resend (email delivery) — sends transactional emails such as data export downloads and dinner cancellation notices. Resend processes the recipient email address on our behalf. See Resend's Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties.

4. Data Retention

We retain your data for as long as your account is active. Past dinner data is kept so you can revisit your dinner memories.

If you delete your account (see Section 6), your personal data is processed as follows within 30 days:

  • Your profile is deleted and your name is replaced with “Deleted User” wherever it appears in other users' dinner records.
  • Your slot claims on others' dinners are anonymised (shown as “Deleted User”) so the dinner record remains intact for the host.
  • Past dinners you hosted are preserved with anonymised host information so that guests can still view their history.
  • Active or future dinners you hosted are cancelled, and guests are notified by email where possible.
  • Photos you uploaded, reports you submitted, block records, and export request logs are permanently deleted.

5. Data Security

All data is transmitted over TLS encryption. Data at rest is encrypted using AES-256. Access to the database is controlled by row-level security policies, meaning users can only access their own data and dinners they are participating in.

6. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you.
  • Export your data in a portable format. You can request a full data export from your profile screen — we'll email you a download link (valid for 7 days). Exports are limited to one per 24 hours.
  • Correct inaccurate data (you can edit your profile at any time within the app).
  • Delete your account and all associated data. You can do this from your profile screen under “Delete Account”. Deletion requires re-authentication for security. See Section 4 for details on how your data is handled.
  • Withdraw consent for optional features (notifications, contacts, calendar, camera) at any time via your device settings.

To exercise any of these rights, use the in-app options or contact us at the address below.

7. Children's Privacy

Noosh is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by updating the date at the top of this page. Continued use of Noosh after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

privacy@nooshapp.com

← Back to nooshapp.com