Privacy Policy

Last updated: April 2026 Effective date: April 2026

Quick summary

Nuriish helps you pursue nutrition and wellness goals. To do that, we collect account information, health and wellness information you share, payment details (processed by our payment partners), and basic device/usage data. We use it to run and improve the Services, provide personalized recommendations, and — with your consent where required — send marketing. We don't sell your health data, and we offer you strong controls: you can access, correct, delete, export, and limit how we use your information. Full detail follows.

1. Who we are

This Policy is issued by Nuriish Wellness ("Nuriish," "we," "us," or "our"), operator of Nuriish.com and related mobile and web services (collectively, the "Services").

  • Registered address: 2108 N ST, Sacramento, CA 95816

  • Privacy contact: hello@nuriish.com

  • General contact: hello@nuriish.com

Where applicable:

  • EU Representative (GDPR Art. 27)

  • UK Representative (UK GDPR Art. 27)

  • Data Protection Officer

For purposes of the EU/UK GDPR, Nuriish is the controller of personal data processed under this Policy. For purposes of US state privacy laws, Nuriish is the business or controller.

Important note on HIPAA. Nuriish is a consumer wellness service and is not a HIPAA-covered entity or business associate. Information you share with us is generally not protected health information ("PHI") under HIPAA, though it may be protected under other laws (see Sections 5 and 16). [Confirm this statement is accurate for your operations before publishing.]

2. Scope

This Policy applies to personal information we collect through:

  • The Nuriish.com website and any Nuriish subdomains

  • Any Nuriish mobile application

  • Account creation, purchases, customer support, and marketing

  • Social media pages we operate and communications we send

It does not apply to third-party websites, apps, or services we link to or integrate with. Their practices are governed by their own policies.

3. Information we collect

3.1 Information you provide

  • Account data: name, email, password (stored hashed), username, country/region, date of birth, gender (if provided).

  • Profile, wellness and health data: height, weight, body measurements, dietary preferences and allergies, wellness and nutrition goals, activity level, medical conditions you choose to disclose, menstrual/reproductive information (if provided), sleep, mood, symptoms, and similar inputs.

  • User-generated content: food logs, meal photos, journal entries, notes, recipes you save, reviews.

  • Order and billing information: items purchased, order history, billing and shipping address, tax information.

  • Payment information: payment card or bank details are collected and processed directly by our payment processors (Stripe and/or Shopify Payments). Nuriish receives a transaction token and limited metadata (e.g., last four digits, brand, expiry) — we do not store full card numbers on our servers.

  • Communications: emails, chat messages, phone calls, survey answers, feedback, testimonials.

  • Marketing preferences and consents: your email/SMS subscriptions and cookie choices.

3.2 Information collected automatically

  • Device and connection data: IP address, device type and model, operating system and version, browser type and language, time zone, crash data, referring URL.

  • Usage data: pages and screens viewed, buttons clicked, features used, session duration, search queries inside the Services.

  • Approximate location derived from IP address.

  • Cookies, pixels, SDKs and similar technologies (see Section 7).

3.3 Information from third parties

  • Social login providers (e.g., Google, Apple, Facebook) — we receive the profile fields you authorize.

  • Payment processors — confirmation of payment, chargeback, and fraud signals.

  • Analytics and advertising partners — aggregate audience and measurement data.

  • Referrals — if another user refers you, we receive your email or phone number.

  • Publicly available sources and service providers (e.g., fraud prevention, address verification).

4. How we use your information — purposes and legal bases

The table below explains why we use your information and, for users in the EEA, UK, and Switzerland, the legal basis we rely on under Articles 6 and 9 of the GDPR/UK GDPR.

PurposeLegal basisCreate, maintain, and secure your accountPerformance of contract; our legitimate interests in account securityProvide personalized nutrition and wellness featuresPerformance of contract; explicit consent for health data (Art. 9(2)(a))Process orders, deliver products, manage returnsPerformance of contract; legal obligationProcess payments and prevent fraudPerformance of contract; legal obligation; legitimate interestsProvide customer supportPerformance of contract; legitimate interestsSend transactional and service messagesPerformance of contractSend marketing emails/texts and show adsConsent (where required) or our legitimate interests (where permitted, with opt-out)Conduct analytics and measure performanceConsent for non-essential cookies; otherwise legitimate interestsImprove, debug, and develop the ServicesLegitimate interestsPersonalize content and recommendationsConsent (for health data) or legitimate interestsComply with law, respond to legal processLegal obligation; legitimate interestsEstablish, exercise or defend legal claimsLegitimate interests; legal obligationConduct aggregated or de-identified researchLegitimate interests

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. Sensitive and health data

Because Nuriish is a wellness service, some of the information you share is treated as sensitive under multiple laws:

  • EU/UK GDPR: data concerning your health is a special category of personal data. We process it only with your explicit consent (or another Article 9 basis, such as substantial public interest or the establishment of legal claims).

  • CCPA/CPRA and similar US state laws: health, biometric, and account credentials are sensitive personal information. You may request that we limit our use of sensitive personal information (see Section 11).

  • Washington's My Health My Data Act (MHMDA) and Nevada SB 370: this information is consumer health data. See Section 16 for our dedicated consumer health data notice.

We do not use your health or wellness information for targeted advertising or sell it.

6. How we share information

We share personal information only in the categories below.

6.1 Service providers (processors)

Vendors that help operate the Services under written contracts requiring confidentiality, security, and purpose-limited processing. Categories include:

  • Cloud hosting and infrastructure (e.g., [Hostinger, AWS / Google Cloud / Vercel])

  • Payment processing (Stripe, Shopify)

  • Email, SMS, and push messaging (e.g., [Klaviyo / SendGrid / Twilio])

  • Customer support platforms (e.g., [Zendesk / Intercom])

  • Analytics (e.g., Google Analytics, [Mixpanel / Amplitude])

  • Advertising and measurement partners (e.g., Meta / Facebook Pixel, [Google Ads, TikTok, Pinterest]) — see Section 7

  • Fraud prevention and security

  • Professional advisors (auditors, lawyers, insurers)

6.2 Advertising partners

If you consent (where required) or do not opt out, we share limited identifiers and usage signals with advertising partners to measure campaigns and show you relevant ads on third-party platforms. This activity may be considered a "sale" or "sharing" under some US state laws — you can opt out as described in Section 11.

6.3 Corporate transactions

If Nuriish is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its assets, personal information may be transferred as part of that transaction, subject to this Policy and applicable law.

6.4 Legal and safety

We may disclose information where we believe in good faith it is required to: comply with law or legal process; enforce our terms; protect the rights, property, or safety of Nuriish, our users, or others; or detect and prevent fraud or security incidents.

6.5 With your direction or consent

For example, when you connect a third-party app, share content publicly, or ask us to share information with a partner.

6.6 Aggregated or de-identified information

We may create and share information that has been aggregated or de-identified so it cannot reasonably be used to identify you.

We do not sell health or sensitive personal information for money.

7. Cookies and similar technologies

We and our partners use cookies, SDKs, pixels, tags, and local storage to:

  • Keep you signed in and remember your preferences

  • Secure the Services and detect fraud

  • Measure how the Services are used (e.g., Google Analytics)

  • Deliver and measure advertising on third-party platforms (e.g., Meta Pixel, Google Ads)

Categories we use:

  • Strictly necessary — required to deliver the Services; no consent needed.

  • Functionality / preferences — remember choices like language.

  • Performance / analytics — understand usage to improve the Services.

  • Advertising / targeting — measure and personalize ads on other platforms.

How to control cookies. Use our on-site Cookie Preferences tool, your browser settings, or device controls. In the EEA, UK, and Switzerland, non-essential cookies fire only after you consent. We honor Global Privacy Control (GPC) signals as an opt-out of "sale" and "sharing" under applicable US state laws.

Our Cookie Notice provides a full list of cookies in use, their purpose, provider, and duration.

8. International data transfers

Nuriish is based in [the United States / your country] and our service providers may be located in the US and other countries. When we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards, including:

  • The European Commission's Standard Contractual Clauses (SCCs)

  • The UK International Data Transfer Addendum or UK IDTA

  • The Swiss FDPIC-approved SCCs

  • The EU–US Data Privacy Framework and its UK Extension and Swiss Extension, where our recipients are certified

You can request a copy of the safeguards in place by emailing hello@nuriish.com.

9. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy, including legal, accounting, or reporting requirements.

Typical retention periods:

  • Active account data — while your account is open, plus up to [12–24] months after closure for dispute resolution and legal-compliance reasons.

  • Health and wellness entries — until you delete them or close your account.

  • Transaction and tax records — generally 7 years (US/UK accounting).

  • Marketing data — until you unsubscribe, plus reasonable suppression records so we don't contact you again.

  • Customer support records3 years after the last contact.

  • Server and security logs — up to 12 months.

  • Backups — rotated on a standard cycle, after which copies are overwritten.

When information is no longer needed, we delete or irreversibly de-identify it.

10. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • TLS encryption in transit and encryption at rest for sensitive data

  • Access controls and principle-of-least-privilege

  • Secure software development and code review

  • Logging, monitoring, and intrusion detection

  • Vendor due diligence and contractual protections

  • Staff training and confidentiality obligations

No system is perfectly secure. Please keep your password confidential and notify us immediately at: hello@nuriish.com if you suspect unauthorized use of your account.

11. Your privacy rights

11.1 Everyone

Regardless of where you live, you can:

  • Access and update core account information in your profile settings.

  • Delete your account at any time from settings or by emailing us.

  • Opt out of marketing emails via the unsubscribe link in any marketing email, and SMS by replying STOP.

  • Contact us at hello@nuriish.com for any privacy question or request.

11.2 EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

You have the right to:

  • Access a copy of the personal data we hold about you

  • Correct inaccurate or incomplete data

  • Erase your data ("right to be forgotten")

  • Restrict or object to certain processing

  • Receive your data in a portable format and transmit it to another controller

  • Withdraw consent at any time

  • Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (see Section 13)

  • Lodge a complaint with a supervisory authority — for example, your local EU DPA, the UK Information Commissioner's Office (ICO) at ico.org.uk, or the Swiss FDPIC at edoeb.admin.ch

11.3 California (CCPA / CPRA)

As a California resident you have the right to:

  • Know what personal information we collect, use, disclose, sell, or share

  • Access and receive a copy (portability) of your personal information

  • Correct inaccurate personal information

  • Delete personal information we collect or maintain

  • Opt out of sale or sharing of your personal information

  • Limit the use and disclosure of sensitive personal information

  • Non-discrimination for exercising your rights

To opt out, use the "Do Not Sell or Share My Personal Information" link in our website footer, or enable Global Privacy Control in your browser.

Categories of personal information (CCPA Notice at Collection) collected in the last 12 months: identifiers (name, email, IP, device IDs); customer records (contact, billing); characteristics of protected classifications (age, gender, if provided); commercial information (purchases); internet activity; geolocation (approximate); sensory data (photos you upload); professional information (if provided); inferences; and sensitive personal information (account credentials, precise wellness/health information you provide).

Categories disclosed for a business purpose: all of the above, to the service-provider categories in Section 6. Categories "sold" or "shared" (for cross-context behavioral advertising): identifiers, internet activity, and inferences, with advertising partners such as Meta and Google. We do not knowingly sell or share the personal information of consumers under 16.

Authorized agents may submit requests on your behalf with written authorization; we will verify both the agent and you.

11.4 Other US states

If you live in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia (and others as laws take effect), you have rights similar to those above — including access, correction, deletion, portability, and opt-out of targeted advertising, sale, and certain profiling — as well as the right to appeal our response. To appeal, reply to our response or email hello@nuriish.com.

11.5 How to submit a request

Email privacy@nuriish.com with the subject "Privacy Rights Request" and tell us which right you want to exercise. We may need to verify your identity using information already associated with your account. We respond within the period required by applicable law (typically 30–45 days, extendable where permitted).

We will not discriminate against you for exercising any of these rights.

12. Children's privacy

Nuriish is not directed to children under 16, and we do not knowingly collect personal information from them. In the United States, we comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child has provided us personal information, please email hello@nuriish.com and we will delete it promptly.

13. Automated decision-making and profiling

We may use algorithms to personalize your nutrition and wellness experience — for example, suggesting meals or content based on the goals you share. These processes do not produce legal or similarly significant effects about you. Where required by law, you may request human review of, express your point of view on, or contest an automated decision by contacting hello@nuriish.com.

14. Marketing communications

With your consent or as otherwise permitted by law, we may send marketing emails and, if you opt in, SMS messages. You can opt out at any time by:

  • Clicking "unsubscribe" in any marketing email

  • Replying STOP to any marketing text

  • Updating preferences in your account settings

  • Emailing hello@nuriish.com

We may still send transactional and service messages (order confirmations, security alerts, policy updates) as long as you have an account or active transaction with us.

15. Do Not Track and Global Privacy Control

Because there is no common industry standard for Do Not Track (DNT) signals, our Services do not currently respond to them. We do honor Global Privacy Control (GPC) signals as a valid opt-out of the "sale" or "sharing" of personal information under the CCPA/CPRA and other US state privacy laws that recognize it.

16. Consumer Health Data Privacy Notice (Washington, Nevada, and Connecticut)

This section supplements this Policy for Washington residents (under the My Health My Data Act), Nevada residents (under SB 370), and Connecticut residents (regarding consumer health data under the CTDPA).

Categories of consumer health data we collect: health and wellness profile information (height, weight, measurements); dietary information and restrictions; exercise and activity information; sleep; mood; menstrual or reproductive information (if provided); symptoms you log; wellness goals; biometric data from connected devices (if you connect them); and inferences drawn from this information.

Sources: directly from you; from connected apps or devices you authorize; and from integrations or referrals where applicable.

Purposes for processing consumer health data:

  • Provide the Services and personalized features you request

  • Maintain and secure your account

  • Communicate with you about the Services

  • Improve, debug, and develop the Services (using de-identified or minimized data where feasible)

  • Comply with law and defend legal claims

Sharing of consumer health data. We share consumer health data only with:

  • Processors/service providers bound by contract to protect it and use it only for the purposes we specify (e.g., hosting, customer support, email delivery for transactional messages)

  • Affiliates under this Policy

  • Law enforcement or other parties when required by law

  • Third parties you direct us to share with

We do not sell consumer health data. We do not share consumer health data with advertising partners and do not use it for targeted advertising without your separate, valid authorization.

Your rights regarding consumer health data:

  • Confirm whether we are collecting, sharing, or selling your consumer health data and access it

  • Withdraw consent to collection and sharing at any time

  • Delete your consumer health data

  • Appeal any denial of a request (see Section 11.4)

How to exercise: email privacy@nuriish.com. Appeals: email appeals@nuriish.com. Washington residents may also file a complaint with the Washington Attorney General at atg.wa.gov; Nevada residents may contact the Nevada Attorney General at ag.nv.gov.

17. Third-party links and integrations

The Services may link to or integrate with third-party websites, apps, or services we do not control. Their privacy practices are governed by their own policies. We encourage you to review them before sharing information.

18. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. If we make material changes, we will post a prominent notice on the Services and, where required, obtain your consent or provide advance notice. The "Last updated" date at the top reflects the most recent revision.

19. Contact us

  • General Support: hello@nuriish.com

  • Mailing address: Nuriish Wellness LLC, 2108 N ST, Sacramento, CA, 95816, USA