MyNutriLens · Legal

Privacy Policy

Last updated: 16 May 2026

This Privacy Notice for Misbau LLC (doing business as MyNutriLens) ("we", "us", or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Download and use our mobile application (MyNutriLens), or any other application of ours that links to this Privacy Notice
Use MyNutriLens. MyNutriLens is a personalised food safety mobile application that scans barcodes, ingredient labels, and meal images, then generates personalised verdicts ("Safe For You", "Use Caution", or "Not Recommended") based on the health profile you provide. The Service uses Anthropic's Claude AI to analyse product and meal data against your health profile, and the Open Food Facts database to look up product information by barcode. MyNutriLens is intended for personal informational use and is not a substitute for professional medical, dietary, allergy, or nutritional advice. Always consult a qualified medical professional before making decisions that affect your health.
Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@misbau.com.

Summary of Key Points

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. This includes a health profile you voluntarily provide so we can personalise our verdicts to you.

Do we process any sensitive personal information? Yes. Because MyNutriLens is a food safety tool, we process information about your health — including allergies, intolerances, medical conditions, dietary restrictions, and related preferences — that you voluntarily provide in your health profile. We process this information solely to provide the Service to you and only with your consent. We do not sell this information.

Do we collect any information from third parties? When you sign in with Apple, Apple provides us with a stable identifier for your account and, if you choose to share it, your name and email address. We may also receive product information from the Open Food Facts database when you scan a barcode, though this is product data and not personal information about you. We do not collect personal information about you from any other third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, generate personalised food and ingredient analyses, communicate with you, ensure security and prevent fraud, and to comply with law. We may also process your information for other purposes with your consent.

In what situations and with which parties do we share personal information? We share information only with the third-party processors who help us operate the Service — including Supabase (our database and authentication provider), Anthropic (our AI analysis provider), RevenueCat (our subscription provider), Apple (for Sign in with Apple, in-app purchases, and app distribution), and Open Food Facts (for barcode lookups). We do not sell your information.

How do we keep your information safe? We use industry-standard organisational and technical safeguards including encryption in transit and at rest, Row Level Security on our database, and the principle of least privilege for internal access. However, no system can be guaranteed 100% secure.

What are your rights? Depending on where you are located geographically, you may have rights including access, correction, deletion, portability, restriction, and withdrawal of consent. You can also delete your account directly from within the app, which permanently removes your personal data and revokes our access to your Apple Sign in credentials.

How do you exercise your rights? The easiest way is to use the in-app account deletion feature, or to email us at privacy@misbau.com.

Review the full Privacy Notice below for details.

What information do we collect?
How do we process your information?
What legal bases do we rely on to process your personal information?
When and with whom do we share your personal information?
Do we offer artificial intelligence-based products?
How do we handle your Sign in with Apple login?
Is your information transferred internationally?
How long do we keep your information?
How do we keep your information safe?
Do we collect information from minors?
What are your privacy rights?
Controls for Do-Not-Track features
Do United States residents have specific privacy rights?
Do other regions have specific privacy rights?
Do we make updates to this notice?
How can you contact us about this notice?
How can you review, update, or delete the data we collect from you?

1. What Information do we Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us, including health information necessary to personalise the Service.

We collect personal information that you voluntarily provide to us when you register on the Services, complete your health profile during onboarding, scan products or meals, save items, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise when you contact us.

Account and identity information. When you sign in with Apple, we receive: - A stable Apple user identifier (a unique alphanumeric string Apple provides to identify you within our app) - Your name, if you choose to share it with us on first sign-in - Your email address, which may be your real email address or a private relay address generated by Apple's "Hide My Email" feature

Health profile information. During onboarding and through the app's profile settings, you may voluntarily provide: - Allergies and food intolerances (including life-threatening allergies) - Dietary restrictions and preferences (including those based on religion, ethics, or lifestyle choices such as vegetarian, vegan, halal, kosher, or gluten-free) - Medical conditions relevant to food safety (such as diabetes, hypertension, coeliac disease, or food-related conditions you choose to disclose) - Health goals, challenges, and onboarding context - General demographic information you choose to provide

We use this information solely to personalise the verdicts and analyses MyNutriLens generates for you. We do not use it for marketing, profiling, or advertising.

Product, meal, and consumption data. As you use MyNutriLens, we collect data generated by your activity: - Barcodes you scan and the product information returned - Photographs of ingredient labels or meals that you submit for analysis - Text extracted from images via optical character recognition (OCR) - The verdicts and analyses generated for you - Products you save, mark as consumed, or add to grocery lists - Meal ideas, plate scans, and plate estimation feedback you provide - Food preferences and consumption intent

Subscription and payment data. If you purchase a MyNutriLens Pro subscription, payment is processed entirely by Apple and our subscription manager RevenueCat. We do not receive or store your full payment instrument details. We receive only the transaction status, the subscription product, and an anonymised customer identifier that allows us to verify your entitlement. Apple's privacy notice is available at https://www.apple.com/legal/privacy/en-ww/ and RevenueCat's at https://www.revenuecat.com/privacy/.

Sensitive Information. As described above, we process sensitive personal information in the form of health data. We do so only when you provide it voluntarily, only for the purpose of operating the Service, and only with your consent. You may delete this information at any time by editing your profile or deleting your account. We do not process any other categories of sensitive information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and device characteristics — is collected automatically when you visit our Services.

Application Data. If you use our application, we also may collect the following information if you choose to provide us with access or permission:

Camera and photo data. MyNutriLens requires access to your camera to scan barcodes, ingredient labels, and meal images. We process these images to identify products and extract ingredient information. Images are processed in real time and we do not retain raw images beyond what is necessary to generate and store the resulting analysis. You can revoke camera permission at any time in your iOS settings, though this will prevent scanning features from working.
Mobile Device Data. We automatically collect basic technical information including device model and manufacturer, operating system version, application identification numbers, hardware model, mobile carrier, and Internet Protocol (IP) address. This is used to maintain the security and operation of the application, troubleshoot issues, and for our internal analytics and reporting.
Push notification data. With your permission, we may send you notifications about your account or relevant Service updates. You can disable notifications at any time in your iOS settings.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes. Inaccurate health information may lead to inaccurate Service output, which can have real consequences for your safety — please keep your health profile up to date.

2. How do we Process your Information?

In Short: We process your information to provide, personalise, and administer our Services, communicate with you, ensure security, and comply with law.

We process your personal information for the following purposes:

To facilitate account creation and authentication. We use your Apple-issued identifier to create and maintain your account.
To generate personalised food and meal analyses. We send the contents of your scans, together with relevant fields from your health profile, to our AI analysis provider (Anthropic) to produce verdicts and explanations specific to you. This is the core function of the Service.
To maintain your scan history, saved items, and grocery lists. So you can return to your activity across sessions.
To process subscriptions and manage entitlements. Through Apple and RevenueCat.
To respond to your inquiries and offer support. When you contact us.
To send administrative information. Such as material changes to this Privacy Notice, our terms, or critical Service updates.
To protect our Services. Including fraud monitoring, abuse prevention, and security incident response.
To improve the Service. Such as identifying common scanning failures or analytical inaccuracies — wherever possible, using aggregated or anonymised data.
To comply with our legal obligations. Including responding to lawful requests from regulatory or law enforcement bodies.

We do not use your information for advertising, behavioural profiling, or sale to third parties.

3. What Legal Bases do we Rely on to Process your Information?

In Short: We only process your personal information when we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, the General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on. These are:

Consent. We rely on your explicit consent to process your health data and other sensitive information (under GDPR Article 9). You may withdraw this consent at any time by deleting the relevant information from your profile or by deleting your account.
Performance of a Contract. We process the personal information necessary to provide the Service you have signed up for.
Legitimate Interests. We may process your information where it is reasonably necessary to operate our business — for example, to prevent fraud, secure our infrastructure, or improve the Service — provided those interests do not override your fundamental rights and freedoms.
Legal Obligations. Where we are required to process information to comply with applicable law.
Vital Interests. Where processing is necessary to protect someone's life or safety.

If you are located in Canada, we may process your information based on your express or implied consent. You may withdraw your consent at any time. In limited exceptional cases we may be permitted under PIPEDA to process information without consent — for example, in fraud investigations, where consent cannot be obtained in a timely way and processing is clearly in your interests, or where required by law.

If you are located in the United Arab Emirates, we process your personal information in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) and any related implementing regulations. Our lawful bases mirror those listed above: your consent, contractual necessity, legitimate interests, legal obligations, and vital interests.

In Short: We share information only with the third-party processors who help us operate the Service. We do not sell your information.

We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We have contracts or terms of service in place with each of them, which are designed to safeguard your personal information.

The third parties we share personal information with are:

Authentication and Identity Verification: Apple Inc. — for Sign in with Apple.
Database, Storage, and Backend Infrastructure: Supabase — for storing your account data, health profile, scan history, and other Service data. Supabase operates on infrastructure including Amazon Web Services. Their privacy notice is available at https://supabase.com/privacy.
AI Service Provider: Anthropic — for the AI-driven analysis of products, ingredients, and meals against your health profile. Their privacy notice is available at https://www.anthropic.com/privacy.
Product Database: Open Food Facts — a public, crowdsourced food product database used for barcode lookups. We send barcodes (not personal information) to look up product information. Their terms are available at https://world.openfoodfacts.org/terms-of-use.
Subscription Management: RevenueCat — for managing subscription entitlements.
Payment Processing: Apple Inc. — all in-app purchases are processed exclusively through Apple. We never see or store your full payment details.
App Distribution: Apple Inc. — through the iOS App Store.

We may also disclose your information in the following situations:

Business Transfers. In connection with a merger, sale of assets, financing, or acquisition.
Legal Obligations. Where required by law, valid legal process, or to protect our rights, safety, or property — or that of our users or the public.

We have not sold any personal information in the preceding twelve (12) months, and we do not intend to.

5. do we Offer Artificial Intelligence-based Products?

In Short: Yes. The personalised verdicts and analyses MyNutriLens generates are produced by an AI model.

The core function of MyNutriLens is to evaluate scanned products and meals against your personal health profile using artificial intelligence. We provide this through Anthropic's Claude AI ("our AI Service Provider"). The terms in this Privacy Notice govern your use of these AI features.

What data we send to Anthropic

When you perform a scan, we send the following information to Anthropic for analysis: - The product or meal data (ingredient list, nutritional information, OCR-extracted text, or image-derived data) - The relevant fields from your health profile needed to evaluate that scan (such as your allergies, restrictions, and conditions)

We do not send your name, email address, Apple identifier, payment information, or scan history to Anthropic.

How Anthropic processes this data

Anthropic processes our API requests in accordance with its commercial terms. Anthropic does not use API inputs or outputs to train its models under its commercial API terms. Anthropic's privacy notice is available at https://www.anthropic.com/privacy.

Important limitations of AI output

The verdicts and analyses MyNutriLens generates are informational only and are not medical or dietary advice. AI systems can make errors, miss nuances, or fail to account for individual circumstances. You must not rely on MyNutriLens output for life-critical decisions — particularly if you have severe allergies or medical conditions. Always verify ingredient information against the original product packaging, and consult a qualified medical professional before making significant dietary decisions.

In Short: MyNutriLens uses Sign in with Apple as its primary authentication method. We receive a minimal set of identifiers from Apple and use them only to operate your account.

What Apple shares with us

When you sign in with Apple, Apple provides us with: - A stable user identifier (an alphanumeric string unique to MyNutriLens) that we use to recognise your account - Your name, but only if you choose to share it on first sign-in - Your email address — either your real address or a private relay address that Apple manages on your behalf if you select Hide My Email

We use this information solely to create, identify, and operate your MyNutriLens account, and to send you account-related communications.

Hide My Email

If you use Apple's "Hide My Email" feature, we receive a relay email address (typically ending in @privaterelay.appleid.com) that forwards to your real address through Apple. We treat this relay address with the same care as a real email address. If you stop sharing the relay address with us via your Apple settings, we may lose the ability to contact you about your account.

Apple refresh tokens

When you sign in with Apple, we store an Apple-issued refresh token associated with your account. This token is stored solely so that we can call Apple's revocation endpoint to invalidate your Apple Sign in with our app when you delete your account, as required by Apple App Store Review Guideline 5.1.1(v). The refresh token is stored encrypted at rest and is accessible only to our deletion service. It is not shared with any third party and is not used for any purpose other than revocation.

What happens when you delete your account

When you delete your MyNutriLens account from within the app, we: 1. Call Apple's revocation endpoint to invalidate your Apple Sign in association with MyNutriLens 2. Delete your account record and all associated profile, scan, and consumption data from our systems 3. Delete the stored refresh token

After deletion, if you sign in with Apple to MyNutriLens again in future, Apple will present you with the full first-time consent prompt, confirming that the revocation took effect.

We do not control how Apple processes your data on its side. Please review Apple's privacy notice at https://www.apple.com/legal/privacy/en-ww/ for details on how Apple handles Sign in with Apple data.

For a limited period during pre-launch testing, MyNutriLens may continue to support email-based sign-in as an alternative to Apple. If used, this method processes only the email address and password (hashed) you provide.

7. is your Information Transferred Internationally?

In Short: Yes. Your information may be transferred to, stored by, and processed in countries other than your own.

We are based in the United Arab Emirates. Our processors (Supabase, Anthropic, Apple, RevenueCat, Open Food Facts) operate infrastructure in the United States and the European Economic Area, among others. Regardless of your location, your information may be transferred to, stored by, and processed in any of these jurisdictions.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, these countries may not necessarily have data protection laws as comprehensive as those in your jurisdiction. However, we take measures to protect your personal information in accordance with this Privacy Notice and applicable law.

Standard Contractual Clauses. Where personal information is transferred from the EEA, UK, or Switzerland to a country not deemed adequate by the European Commission, we rely on the European Commission's Standard Contractual Clauses, or the UK International Data Transfer Addendum where applicable. Copies are available upon request.

8. How Long do we Keep your Information?

In Short: We keep your information only as long as necessary to fulfil the purposes set out in this Privacy Notice, unless otherwise required by law.

We retain your account and health profile information for as long as you have an account with us. Scan history and consumption logs are retained for the duration of your account so you can return to them. We may retain anonymised or aggregated data indefinitely for analytical purposes.

When you delete your account, we delete or anonymise your personal information promptly, except where a longer retention period is required by law (for example, tax records relating to subscription payments, which we retain only via Apple's records).

9. How do we Keep your Information Safe?

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

Our security measures include:

Encryption in transit using TLS for all client-server communication
Encryption at rest for stored data through our database provider
Row Level Security policies that restrict access to personal data to the user who owns it
Server-side credentials (such as Apple refresh tokens) accessible only to designated server-side functions, not to users
The principle of least privilege for internal access
Industry-standard authentication via Apple Sign in
Logging and monitoring of administrative actions

However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

10. do we Collect Information from Minors?

In Short: We do not knowingly collect data from children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age. Given that MyNutriLens collects health information, parents and guardians should be especially cautious about minors using the Service.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to delete such data promptly. If you become aware of any data we may have collected from a minor, please contact us at privacy@misbau.com.

11. What Are your Privacy Rights?

In Short: You may review, change, or terminate your account at any time, and depending on your jurisdiction you have additional rights.

Depending on your location, you may have the right to: - Access the personal information we hold about you - Receive a copy of your personal information in a portable format - Request correction of inaccurate information - Request deletion of your information - Restrict or object to certain processing - Withdraw consent at any time where processing is based on consent - Lodge a complaint with a supervisory authority

You can exercise most of these rights directly within the app: - View and edit your health profile in the Profile screen - Delete your account permanently from the Profile screen, which removes all your personal data and revokes our Apple Sign in association

For all other requests, please contact us at privacy@misbau.com. We will respond in accordance with applicable law.

Withdrawing your consent. If we are relying on your consent (for example, to process your health information), you may withdraw it at any time by editing or deleting the relevant profile information, or by deleting your account. Withdrawal does not affect the lawfulness of processing before the withdrawal.

EU/UK complaints. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority (EU Member State) or the UK Information Commissioner's Office.

Swiss complaints. Contact the Federal Data Protection and Information Commissioner.

UAE complaints. Contact the UAE Data Office in accordance with Federal Decree-Law No. 45 of 2021.

12. Controls for Do-not-track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate. MyNutriLens does not currently respond to DNT signals because no uniform technology standard for recognising and implementing them has been finalised. If a standard is adopted in future that applies to us, we will update this Privacy Notice accordingly.

California law requires us to disclose how we respond to web browser DNT signals. Because there is no industry or legal standard for honouring DNT signals, we do not respond to them at this time.

13. do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific privacy rights under applicable state law.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months.

Category	Examples	Collected
A. Identifiers	Apple user identifier, email address (or relay address), name (if shared), IP address	YES
B. Personal information as defined in the California Customer Records statute	Name, contact information	YES
C. Protected classification characteristics under state or federal law	Information about medical conditions and dietary practices voluntarily provided in your health profile, which may relate to religion or disability	YES
D. Commercial information	Subscription status and purchase history (held primarily by Apple and RevenueCat)	YES
E. Biometric information	—	NO
F. Internet or other similar network activity	Browsing history, search history, online behaviour	NO
G. Geolocation data	Precise device location	NO
H. Audio, electronic, sensory, or similar information	Photographs of ingredient labels and meals that you submit for scanning	YES
I. Professional or employment-related information	—	NO
J. Education Information	—	NO
K. Inferences drawn from collected personal information	Personalised food safety verdicts derived from your health profile and scan inputs	YES
L. Sensitive personal Information	Health information (allergies, intolerances, medical conditions, dietary restrictions) voluntarily provided	YES

We use and retain the collected personal information as long as you have an account with us, and only for the purposes described in this Privacy Notice.

Will your information be shared with anyone else?

We may disclose your personal information with the service providers listed in section 4, pursuant to written contracts or applicable terms of service. We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

Your Rights

You have rights under certain US state data protection laws. These rights are not absolute, and in certain cases we may decline a request as permitted by law. These rights include: - Right to know whether we are processing your personal data - Right to access your personal data - Right to correct inaccuracies in your personal data - Right to request deletion of your personal data - Right to obtain a copy of the personal data you previously shared with us - Right to non-discrimination for exercising your rights - Right to opt out of the processing of your personal data if it is used for targeted advertising, sale, or profiling. Note: we do not engage in any of these activities.

Depending on the state where you live, you may also have rights to limit use and disclosure of sensitive personal data, to obtain a list of categories of third parties to whom we have disclosed personal data, and similar.

How to Exercise Your Rights

To exercise these rights, please email us at privacy@misbau.com.

Request Verification

Upon receiving your request, we will need to verify your identity. We will only use personal information provided in your request to verify your identity or authority to make the request.

Appeals

If we decline to take action regarding your request, you may appeal by emailing privacy@misbau.com. We will inform you in writing of the outcome.

California "Shine The Light" Law

California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing purposes.

14. do Other Regions Have Specific Privacy Rights?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. This Privacy Notice satisfies the notice requirements defined in both. You have the right to request access to or correction of your personal information by contacting privacy@misbau.com.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of the New Zealand Privacy Commissioner.

Republic of South Africa

You have the right to request access to or correction of your personal information by contacting privacy@misbau.com. If you are unsatisfied with our handling of any complaint, you may contact The Information Regulator (South Africa) at enquiries@inforegulator.org.za.

United Arab Emirates

We process personal information in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. You may contact the UAE Data Office for complaints relating to our processing of your information.

15. do we Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top. If we make material changes, we may notify you either by prominently posting a notice within the app or by directly sending you a notification. We encourage you to review this Privacy Notice frequently.

16. How Can you Contact US About This Notice?

If you have questions or comments about this notice, you may email us at privacy@misbau.com, or contact us by post at:

Misbau LLC
Sharjah Media City
Sharjah, Sharjah P.O. Box 130130
United Arab Emirates

17. How Can you Review, Update, or Delete the Data we Collect from You?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

The easiest way to do this is from within the MyNutriLens app: - Edit your health profile in the Profile screen - Delete your account from the Profile screen — this permanently removes all personal data we hold about you and revokes our Apple Sign in association

For all other requests, please email privacy@misbau.com.