Privacy Policy

Last updated: April 6, 2026

No Food Cravings ("we," "our," or "us") operates the No Food Cravings web application at nofoodcravings.com. This Privacy Policy explains how we collect, use, and protect your personal information.

Information We Collect

When you use No Food Cravings, we collect:

Account information: Your email address and password (encrypted) when you create an account.
Profile data: Age, height, weight, and activity level that you enter to calculate your personalized nutrition plan.
Tracking data: Daily food intake, water consumption, supplement usage, weight logs, and food craving scores that you voluntarily log in the app.
Payment information: Payment processing is handled entirely by Square. We do not store your credit card numbers, expiration dates, or CVV codes on our servers. Square stores your card on file for recurring subscription billing.
Google Calendar data: If you choose to connect Google Calendar, we access your calendar only to create, update, and delete events related to your daily plan. We do not read your existing calendar events or share your calendar data with third parties.

How We Use Your Information

To create and maintain your personalized nutrition protocol
To track your daily progress and display your trends over time
To send you account-related emails (verification, password reset, subscription confirmations)
To send onboarding and educational emails during your trial period
To process your subscription payments through Square
To sync your daily plan steps to Google Calendar (only if you opt in)
To respond to your feedback submissions

Data Storage and Security

Your data is stored securely in a PostgreSQL database hosted on Railway. Passwords are hashed using Argon2. All data transmission between your browser and our servers uses HTTPS encryption. Google Calendar OAuth tokens are stored in our database and are used solely to manage your calendar events.

Third-Party Services

We use the following third-party services:

Railway: Server hosting and database
Vercel: Frontend hosting
Square: Payment processing and subscription billing
Resend: Transactional email delivery
Google Calendar API: Optional calendar sync (only with your explicit consent)

These services have their own privacy policies governing how they handle your data.

Google Calendar Integration

No Food Cravings' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only request access to the calendar.events scope — the minimum needed to create, update, and delete your plan events.
We do not read, store, or share any of your existing calendar events.
Calendar access tokens are stored securely and used only for managing your No Food Cravings plan events.
You can disconnect Google Calendar at any time from the app, which revokes our access and deletes all stored tokens.

Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is retained for up to 1 year in case you choose to reactivate. If you request account deletion, we will permanently delete all your data within 30 days.

Your Rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your account and all associated data
Disconnect third-party integrations (Google Calendar) at any time
Export your tracking data

Children's Privacy

No Food Cravings is designed for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or your data, you can submit feedback through the app or contact us at the email address associated with your account.