Privacy Policy

Effective date: October 24, 2025

Niblu ("we", "us", "our") helps people scan restaurant menus to flag allergens, intolerances, and match dietary preferences so they can order with confidence. We operate under the nib.lu domain and related subdomains.

Summary

  • We collect account details, dietary preferences you provide, uploaded menus/images/PDFs, and in-app chat content to run the service.
  • We use Google Cloud Vision (OCR) and Translate to extract and translate menu text you submit.
  • We rely on vetted subprocessors for hosting, storage, uploads, email, rate-limiting, and observability.
  • You can request deletion of your data anytime at alex@nib.lu.

Data We Collect

1. Account data

Email, password (hashed) and session cookies used for authentication and to keep you signed in. Our auth uses cookie settings configured for the nib.lu domain.

2. Profile & preferences

The dietary preferences you choose to store (e.g., allergens, ingredients to avoid).

3. Uploads & content

Menus/images/PDFs/text you upload, plus messages you send in chats.

4. Technical data

Basic log data (e.g., device/browser information, timestamps) for security, performance, and abuse prevention (including rate-limiting).

How We Use Your Data

  • Provide the service. Scan menus, flag risky ingredients, and surface safer options based on your preferences.
  • OCR & translation. We send the content you submit to Google Cloud Vision for text extraction and Translate for language translation.
  • Menu retrieval. In some flows we programmatically fetch publicly available menu pages (e.g., via Firecrawl) to help you analyze them.
  • Security, debugging, and compliance. Prevent abuse, fix issues, and meet legal obligations.

Legal Bases (EEA/UK)

We process data as needed to perform the contract (provide the app), based on legitimate interests (security, service improvement), with consent where required (e.g., marketing), and to comply with legal obligations.

Sharing & Subprocessors

We share data with service providers strictly to run Niblu. These include hosting/database, file uploads, email delivery, rate-limiting/Redis, observability/monitoring, and Google Cloud APIs for OCR/translation. We do not sell your personal information.

Google User Data (OAuth)

If you choose to sign in with Google (when available), we receive your basic profile (name, email, Google account ID) for authentication only. We do not request access to your Gmail, Drive, Calendar, or Contacts content.

If we ever need broader Google scopes, we will request consent explicitly and use the data solely for the stated feature, adhering to Google's API Services User Data Policy (including Limited Use).

Data Retention

  • Account and profile data: kept until you delete your account or after a period of inactivity per our internal policy.
  • Uploaded content & chats: retained so you can revisit results; you may request deletion.
  • Logs: short, rolling retention for security and reliability.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or object to processing of your data. To exercise rights, contact alex@nib.lu.

International Transfers

We may process/store data in the EU and other countries via our providers, using appropriate safeguards (e.g., SCCs) where required.

Security

We use modern security practices, encrypted transport (HTTPS), and reputable vendors; no method is 100% secure.

Children

Niblu is not directed to children under 13 (or the age of digital consent where you live). Please contact us if a child's data was provided to us.

Data Deletion & Contact

To delete your account/data or ask questions, email alex@nib.lu. We aim to respond within 30 days.

Contact: Niblu — alex@nib.lu