NouriLoop Health Data Privacy Notice

Effective date: June 9, 2026 · Last updated: June 9, 2026

This notice explains how John Houser (“NouriLoop,” “we”) handles the health and wellness information you provide. Please read it before uploading health metrics.

1. What this covers

Health and wellness data you choose to add to NouriLoop, including:

• Health metrics you import (e.g., weight, body fat, blood glucose, blood pressure, heart rate, sleep) via CSV or Apple Health export;
• Meals (photos you upload) and the nutrition data derived from them;
• Account info (email, display name) and notification preferences/phone number.

2. How we use it

• To display your dashboards, trends, and 7-day nutrient-gap / supplement insights;
• To run the food-photo analysis that estimates nutrition;
• To send the notifications you have opted in to (all notifications are off by default);
• To operate, secure, and maintain the service.

3. Who we share it with (service providers only)

We do not sell your health data and do not share it for advertising. We share the minimum necessary with processors that operate the service on our behalf:

• Anthropic (Claude API) — your meal photos and food details are sent for nutrition analysis.
• Twilio — your mobile number and message text, only if you enable SMS.
• IONOS — to deliver email notifications and password resets.
• Disclosures required by law, or to protect rights and safety.

4. Storage, security, and location

Your data is stored in our database on servers located in the United States. We use reasonable administrative and technical safeguards — encrypted transport (HTTPS/TLS), authentication, and access controls. No system is perfectly secure, and we cannot guarantee absolute security.

5. Data retention

We keep your data while your account is active and as needed to provide the service. You may request deletion at any time (see Your rights); we delete or de-identify it subject to any legal retention obligations.

6. Your rights

Depending on where you live, you may have rights to access, export, correct, or delete your personal/health information (e.g., under the CCPA/CPRA or GDPR). To exercise them, contact us at john@johnchouser.com. You can also delete individual meals in the app and turn off any notification at any time.

7. HIPAA

HIPAA applies to “covered entities” (health plans, healthcare providers, clearinghouses) and their business associates. NouriLoop is a direct-to-consumer wellness tool: the data here is information you voluntarily provide about yourself, so NouriLoop is not acting as a HIPAA covered entity, and this notice is not a HIPAA Notice of Privacy Practices. If you received NouriLoop through, or use it on behalf of, a healthcare provider or health plan, that organization’s HIPAA notice governs your information with them.

8. Children

NouriLoop is not directed to children under 13, and we do not knowingly collect their information.

9. Changes & contact

We may update this notice and will revise the “Last updated” date. Questions: John Houser, 225 Alameda Ave, Apt 2, Astoria OR 97103, john@johnchouser.com.