Privacy Policy

Last updated: 2026-05-15

Nibbo is a personal recipe and meal-planning app. Nibbo is a personal project operated by Rowee Andrew Apor, based in the Philippines. Nibbo is not yet incorporated; references to "Nibbo", "we", or "us" in this policy refer to the operator personally. This policy explains what personal information we collect when you use Nibbo, why we collect it, who we share it with, and the choices you have.

1. Beta and product validation

Nibbo is currently in closed beta. A core purpose of the beta is to validate whether people who save recipes actually plan meals from them and shop from the resulting grocery list. To do that, we measure how you move through the core flow (saving recipes, adding them to a weekly plan, generating and checking off grocery items). These funnel events are pseudonymous — they are linked to your internal Nibbo user ID, not to your name, email, or device. We use the results to decide what to build next, not for advertising.

2. What we collect

Sign-in and identity

When you sign in with Apple or Google we receive and store:

A stable unique identifier from the provider (Apple sub or Google sub).
Your email address, if the provider shares it with us.
Your name, if you choose to share it (Apple) or if Google provides it.
Your Google profile picture URL, if Google provides it. We refresh this URL on each sign-in. We do not download or re-host the image itself.

Profile and preferences

Your timezone (defaults to Asia/Manila).
Your household size (used to scale recipe quantities).
Your preferred AI model for recipe extraction.
Onboarding answers you provide: typical cook time, primary recipe source, platform, a creator handle you follow, and the age range you select.

Content you create

Recipes you save: the source URL, the source platform (e.g. TikTok, Instagram), the post caption we captured at save time, the thumbnail URL, the recipe title, ingredients, step-by-step instructions, and any notes you add.
Meal plans and the recipes you place into them.
Grocery lists generated from your meal plans and the check-off state of each item.
Feedback you submit (subject and body).

Authentication and security

Hashed refresh tokens, so we can keep you signed in across sessions and revoke access if needed.
For Nibbo's internal admin web (not the iOS app): two HTTP-only cookies, nibbo_session and nibbo_refresh, marked secure and SameSite=Lax. These are only set if you sign in to /admin, which is restricted to authorized administrators.
When a non-admin Google account attempts to sign in to /admin, we log the attempted email, IP address, and user agent for abuse monitoring.

Operational telemetry

For each AI call we make on your behalf: which model was used, token counts, estimated cost in USD, latency, and whether the call succeeded. We do not store the prompt or response text in this telemetry — only metadata.
Funnel events in PostHog as described in section 1, identified by your Nibbo user ID.
Uncaught exceptions and crash reports sent to Sentry to help us diagnose issues.

Waitlists

If you join a Nibbo waitlist (for example, the Android waitlist on our landing page) we store your email address, which waitlist you joined, the source link or referral you arrived from, and your browser's user agent string.

What we don't collect

Nibbo does not access your location, contacts, camera, microphone, photo library, calendar, reminders, health data, or any other on-device data. The iOS app never requests those system permissions because no Nibbo feature uses them. Recipes are extracted from URLs you share with the app, not from photos or screenshots on your device. We also do not use mobile advertising identifiers (IDFA), do not perform cross-app tracking, and do not collect biometrics, fingerprinting signals, or precise device identifiers beyond what your sign-in provider gives us (Apple sub or Google sub).

3. Why we collect it

To provide the service: save and organize your recipes, generate meal plans and grocery lists.
To validate the product: measure whether the core flow works, per section 1.
To debug and improve: diagnose issues you report and improve the prompts we send to AI providers.
To keep accounts secure: sign-in, session management, and abuse detection.

4. Who we share it with

We do not sell your personal information. We do not share it with advertisers. We do share specific data with the following service providers because we need their service to run Nibbo:

Apple and Google — when you sign in, we ask their servers to verify the identity token your device sent. We receive the identifiers described in section 2.
Anthropic (Claude) and Google (Gemini) — when you extract a recipe from a saved post or ask Nibbo to consolidate a grocery list, we send the relevant content (typically the source URL, the source platform, and the captured caption; or, for image-based extraction, the thumbnail URL with a short hint) to whichever provider matches your preferredModel setting. Their terms and data-handling policies apply to that traffic.
PostHog — we send the pseudonymous funnel events described in section 1, identified by your Nibbo user ID. We do not send your email, name, or recipe content to PostHog.
Sentry — we send uncaught exceptions and crash reports. We do not deliberately attach personal data, but stack traces can incidentally include identifiers such as a recipe ID or your user ID.

5. Cookies

The Nibbo iOS app does not use cookies. Our marketing website does not set tracking cookies. The only cookies we set are nibbo_session and nibbo_refresh, described in section 2, and only when you sign in to /admin. They are HTTP-only, marked secure in production, and use SameSite=Lax.

6. How long we keep it

During the beta we retain your account data and the content you create for as long as your account is active. Operational telemetry (AI call metadata, funnel events, crash reports) is retained during the beta to plan capacity, improve prompts, and validate the product; we will publish a fixed retention schedule when Nibbo exits beta.

When you delete your account from the iOS app, we immediately sever your identity: we null your Apple and Google identifiers and your email, revoke every refresh token, and mark your account deleted. From that moment, you can no longer sign back in to that account. We then permanently delete your account record and all related rows — recipes, meal plans, grocery lists, feedback, AI-call metadata, refresh tokens — within 30 days. Deletion is irreversible.

7. Your rights under the Philippine Data Privacy Act (RA 10173)

If you are a data subject under Philippine law you have the right to be informed about how we use your data, to access the personal information we hold about you, to correct inaccurate information, to object to certain processing, and to request deletion. To exercise any of these rights, email us at [email protected] from the email address associated with your Nibbo account. We respond within 15 working days. You also have the right to lodge a complaint with the National Privacy Commission.

For step-by-step deletion instructions (including the in-app path and the email-fallback path), see our account-deletion page.

8. Children

Nibbo is intended for people 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created a Nibbo account, email us at [email protected] and we will delete the account and associated data.

9. International users

Nibbo is operated from the Philippines. Some of the service providers listed in section 4 are located in other countries, primarily the United States. If you use Nibbo from outside the Philippines, your information will be transferred to and processed in the Philippines and in the countries where these providers operate.

10. Changes to this policy

We may update this policy as the product evolves. The "last updated" date at the top reflects the most recent revision. For material changes we will surface a notice in the app the next time you sign in.

11. Contact

Questions, requests, or complaints? Email [email protected].