Last updated: June 1, 2026
Effective date: June 1, 2026
NoroMeal is meal-planning software. We do not provide medical advice, diagnosis, or treatment. Information in the app is for informational and educational purposes only.
1. Introduction
This Privacy Policy ("Policy") describes how NoroMeal ("NoroMeal," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information when you visit our website at https://www.noromeal.com, use our mobile-responsive web application, or otherwise interact with our meal-planning services (collectively, the "Service").
By accessing or using the Service, creating an account, or submitting information to us, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Service.
This Policy applies to all users of the Service, including visitors, registered account holders, and subscribers. It does not apply to third-party websites, applications, or services that may be linked from the Service.
2. Data Controller
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and the Serbian Law on Personal Data Protection, UNIT01 doo (trading as NoroMeal) is the data controller responsible for your personal information processed through the Service.
75 Vodovodska street, 11030 Belgrade, Serbia
Tax ID (PIB): 107955125
Contact: contact page
Website: https://www.noromeal.com
For privacy-related requests, please reach us through our contact page. We will respond within the timeframes required by applicable law.
3. Important Service Disclaimers
Not medical advice. NoroMeal provides general nutrition and meal-planning information for informational and educational purposes only. The Service is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before starting any diet, nutrition program, or exercise regimen, especially if you have a medical condition, are pregnant or nursing, or take medication.
Minimum age. The Service is intended for individuals aged sixteen (16) years or older. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, reach us immediately through our contact page and we will take steps to delete it.
4. Information We Collect
We collect personal information in the categories below, depending on how you use the Service.
4.1 Account and identity information
- Email address
- Password (stored in hashed form by our authentication provider)
- Name and profile picture (if you sign in with Google or another supported OAuth provider)
- Account identifiers and authentication tokens
- Preferred language and locale settings
4.1.1 Sign in with Google
If you choose Sign in with Google, Google authenticates you and shares limited profile information with us through Supabase Auth, typically including your name, email address, and profile picture. We use this information only to create and secure your NoroMeal account and to communicate with you about the Service.
We do not receive your Google password. Google's use of your information is governed by Google's Privacy Policy. You can revoke NoroMeal's access to your Google account through your Google Account permissions or by contacting us through our contact page.
4.2 Nutrition and wellness profile information
When you complete onboarding or update your profile, we collect information you provide, which may include:
- Sex assigned at birth (as selected by you)
- Age
- Height and weight
- Fitness or nutrition goal (e.g., lose, maintain, or gain weight)
- Activity level
- Preferred number of meals per day
- Time zone
This information is used to calculate calorie and macro targets and to generate personalized meal plans. While not clinical health records, this data may be considered sensitive in some jurisdictions because it relates to your physical characteristics and wellness goals.
4.3 Meal plan and usage data
- Generated meal plans, including daily calories, macros, and meals
- Historical archived meal plans
- Recipe preferences (favorites and avoided meals)
- Engagement data such as activity streaks and last active date
- Actions you take in the Service (e.g., regenerating a plan)
4.4 Payment and subscription information
Subscriptions are processed by Lemon Squeezy, which acts as our payment processor and merchant of record. We do not store your full payment card number or CVV on our servers.
We may receive and store:
- Subscription status, plan type, and billing period
- Customer identifiers assigned by the payment processor
- Limited billing metadata necessary to manage your subscription
Payment processing is subject to Lemon Squeezy's privacy policy and terms. We encourage you to review their documentation when subscribing.
4.5 Communications
- Messages you send through our contact form (name, email, message content)
- Email correspondence with our support team and transactional emails (e.g., account confirmations, password resets, billing notifications)
4.6 Technical and device information
- IP address
- Browser type and version
- Device type and operating system
- Referring URLs and pages viewed within the Service
- Date and time of access
- Cookie identifiers and similar technologies (see Section 12)
- Error logs and diagnostic data
4.7 Information we do not intentionally collect
We do not intentionally collect:
- Government-issued identification numbers
- Full payment card details
- Precise geolocation via GPS
- Biometric data
- Contents of private communications outside the Service
5. How We Collect Information
We collect information through:
- Direct input — when you register, complete onboarding, update settings, contact us, or manage recipes
- Automated technologies — cookies, session storage, and server logs when you use the Service
- Authentication providers — when you use Google or other OAuth sign-in options enabled in your account
- Payment processor — subscription and billing events from Lemon Squeezy via webhooks and API responses
- Service providers — hosting, database, and email infrastructure that process data on our behalf
6. How We Use Your Information
We use personal information to:
- Create, authenticate, and manage your account
- Generate and deliver personalized meal plans and nutrition targets
- Store your preferences, favorites, and plan history
- Process subscriptions and manage billing access
- Enforce subscription-based access to premium features
- Send transactional emails and respond to support requests
- Maintain security, prevent fraud and abuse, and enforce our terms
- Monitor performance, troubleshoot errors, and improve the Service
- Comply with legal obligations and respond to lawful requests
- Send marketing communications only where permitted by law and, where required, with your consent (you may opt out at any time through our contact page)
We do not use your nutrition profile to make decisions that produce legal or similarly significant effects about you. Meal plan generation is an automated recommendation based on inputs you provide; you remain responsible for evaluating whether any plan is appropriate for you.
7. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)
Where GDPR or equivalent laws apply, we process personal information on the following bases:
- Contract performance — to provide the Service you request, including account creation, meal plan generation, and subscription management
- Legitimate interests — to secure and improve the Service, prevent misuse, analyze aggregated usage, and communicate about your account, balanced against your rights
- Consent — where required for optional cookies, marketing emails, or other processing you can withdraw at any time
- Legal obligation — where we must retain or disclose information to comply with applicable law
For wellness-related data you provide voluntarily to receive personalized plans, our primary basis is performance of our contract with you and, where applicable, your explicit consent by submitting that information through onboarding.
8. How We Share Information
We do not sell your personal information. We do not share it for cross-context behavioral advertising. We disclose information only as described below.
8.1 Service providers (processors)
We use trusted third parties that process data on our behalf under contractual obligations to protect your information and use it only for the services they provide to us:
- Supabase — database hosting, authentication, and backend infrastructure
- Vercel — website and application hosting
- Lemon Squeezy — payment processing, subscription management, and tax compliance as merchant of record
- Resend — transactional and contact-form email delivery
- Google— OAuth authentication when you choose "Sign in with Google"
8.2 Legal and safety disclosures
We may disclose information if we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or government request
- Enforce our Terms of Service or other agreements
- Protect the rights, property, or safety of NoroMeal, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
8.3 Business transfers
If NoroMeal is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information, as required by law.
8.4 Aggregated and de-identified data
We may use aggregated or de-identified information that cannot reasonably be used to identify you for analytics, research, and service improvement.
9. International Data Transfers
NoroMeal is operated from Serbia. Our service providers may process personal information in Serbia, the European Union, the United States, and other countries where they or their subprocessors maintain facilities.
Where required, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms. You may request more information through our contact page.
10. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
- Account data — retained while your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and comply with legal obligations
- Nutrition profiles and meal plans — retained while your account is active; archived plan history may be retained for analytics and user history until account deletion
- Billing records — retained as required for tax, accounting, and legal compliance (typically up to seven years where applicable)
- Contact form submissions — retained as long as needed to respond and maintain support records
- Server logs — retained for a limited period for security and troubleshooting
When information is no longer needed, we delete or anonymize it in accordance with our retention practices and applicable law.
11. Security
We implement administrative, technical, and organizational measures designed to protect personal information, including:
- Encryption in transit (HTTPS/TLS)
- Access controls and row-level security on database tables
- Hashed password storage via our authentication provider
- Restricted access to production systems on a need-to-know basis
- Monitoring for unauthorized access and abuse
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
If we become aware of a data breach affecting your personal information that requires notification under applicable law, we will notify you and relevant authorities as required.
12. Cookies and Similar Technologies
We use cookies, local storage, and similar technologies to operate the Service. These may include:
- Strictly necessary cookies — required for authentication, session management, security, and core functionality
- Preference cookies — such as language/locale and cookie consent status
- Analytics cookies — only if enabled and, where required, with your consent
Where required by law, we display a cookie banner allowing you to accept or reject non-essential cookies. You can also control cookies through your browser settings. Disabling certain cookies may limit functionality of the Service.
13. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — request a copy of personal information we hold about you
- Rectification — request correction of inaccurate or incomplete information
- Erasure — request deletion of your information, subject to legal exceptions
- Restriction — request that we limit processing in certain circumstances
- Portability — receive your information in a structured, commonly used, machine-readable format where applicable
- Objection — object to processing based on legitimate interests or for direct marketing
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing
- Opt out of marketing — unsubscribe using the link in marketing emails or use our contact page
13.1 How to exercise your rights
Visit our contact pagewith the subject line "Privacy Request" and describe your request. We may need to verify your identity before processing it. We will respond within the timeframe required by applicable law (generally within 30 days under GDPR).
You may also update certain information directly in your account settings within the Service.
13.2 Account deletion
You may request deletion of your account through our contact page. Upon verified request, we will delete or anonymize personal information associated with your account, except where retention is required for legal, tax, fraud prevention, or legitimate business purposes.
13.3 EEA/UK users — supervisory authority
If you are in the European Economic Area or United Kingdom, you have the right to lodge a complaint with your local data protection authority. A list of EU authorities is available from the European Data Protection Board. UK residents may contact the Information Commissioner's Office (ICO).
13.4 Serbian users
If you are in Serbia, you may contact the Commissioner for Information of Public Importance and Personal Data Protection (www.poverenik.rs) regarding concerns about how we handle your personal data.
13.5 California residents (CCPA/CPRA)
If you are a California resident, you may have additional rights, including the right to know what personal information we collect, the right to delete personal information (subject to exceptions), and the right to correct inaccurate information. We do not sell or share personal information for cross-context behavioral advertising as defined under California law. To exercise California privacy rights, use our contact page.
14. Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services (such as Google sign-in or payment checkout pages). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information to them.
15. Automated Processing
Meal plans are generated automatically based on the inputs you provide (such as age, weight, height, goal, and activity level) and available recipe data. This automated processing is intended to provide personalized recommendations only. It does not produce legal effects or similarly significant effects, and it is not a substitute for professional nutritional or medical guidance.
16. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will post the updated Policy on this page and update the "Last updated" date. Where required by law, we will provide additional notice (such as by email or a prominent notice in the Service) before changes take effect.
Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the revised Policy, except where further consent is required by law.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please use our contact page:
NoroMeal — Privacy
75 Vodovodska street, 11030 Belgrade, Serbia
Tax ID (PIB): 107955125
Contact us
Website: https://www.noromeal.com
We aim to resolve privacy concerns promptly and in good faith. Please include sufficient detail in your request so we can identify you and respond effectively.
