Privacy

What we store

• Your name and email address (so we know who you are and where to send sign-in links)
• Your password, if you’ve set one (stored hashed — we can’t see it ourselves)
• Your health profile if you’ve filled one in: any conditions you’ve told us about (cardiac, stoma, diabetic), allergens, and dietary targets your medical team has given you
• The recipes you’ve planned, cooked, or skipped
• A session cookie that keeps you signed in

Where it lives

• Your data is in a Postgres database hosted by Railway in the EU
• Sign-in emails go through Postmark, who deliver the email but don’t see anything else
• The app itself runs on Vercel
• Bot-protection on sign-up uses Cloudflare Turnstile, which sees your IP for the verification check and nothing else

Who can see it

Just me. I’m the only person with access to the database. I don’t share your data with anyone, I don’t sell it, and I don’t use it to train any models. The app has no analytics, no tracking pixels, and no third-party advertising.

How long we keep it

For as long as your account exists. If you ask me to delete it, I will — usually within a few days. If you stop using the app and want me to clear out your data anyway, just say.

Your rights

You can ask me to show you what we’ve got, correct it, or delete the lot. The easiest way is to email hello@nommily.com and I’ll sort it.

Cookies

One cookie, used for keeping you signed in. No analytics cookies, no advertising cookies, no third-party cookies.

Changes to this page

If anything changes — particularly when the app opens up beyond family — I’ll update this page and tell you in advance.

Contact

Questions about any of this: hello@nommily.com.