Privacy Policy

Effective date: April 11, 2026 · Version 2.0

NutriSense AI ("the Extension") is a Chrome browser extension that provides Indian food nutrition intelligence — letting you look up nutritional information for any dish, classify food images, and track what you eat. This policy explains what data we collect, how we use it, and what controls you have.

1. Data We Collect

We collect only what is necessary to provide the service:

Account information — your email address and display name when you sign in via Google or email/password. Stored in Firebase Authentication.
Food queries — text you type into the lookup field (e.g., "Dal Makhani") and food images you upload for classification. These are sent to our backend to generate nutrition results.
Like / dislike interactions — which results you found helpful. Stored against your account in our database.
Authentication tokens — short-lived JWT access token and refresh token, stored locally in chrome.storage.local on your device only.
API URL preference — if you customise the backend URL in Options, it is stored in chrome.storage.sync (synced across your Chrome profile).
Rate-limit counter — a per-session request counter stored locally to prevent API abuse. Never transmitted.

We do not collect: browsing history, page content, keystrokes, clipboard data, or any information from pages you visit beyond what you explicitly submit to the extension.

2. How We Use Your Data

To authenticate you and maintain your session across browser restarts.
To query our nutrition database and AI model and return results to you.
To personalise your experience (liked/disliked items influence recommendations).
To enforce fair-use rate limits (20 requests per 60 seconds).

We do not sell, rent, or share your personal data with third parties for advertising purposes.

3. Third-Party Services

Services used

Firebase

Google Firebase Authentication handles sign-in. Your email and UID are stored in Firebase. Firebase is subject to Google's Privacy Policy.

Google OAuth

Used only if you choose "Continue with Google." We receive your email, name, and profile photo from Google. No offline access is requested.

NutriSense Backend

Our API (hosted on Microsoft Azure, Southeast Asia region) processes queries and images. Food text and images you submit are sent here. Images are not stored permanently — they are processed in-memory and discarded.

Neo4j (Graph DB)

Stores your account profile and interaction history (likes/dislikes) against your Firebase UID. No personally identifiable food queries are stored.

4. Permissions Explained

Chrome permissions requested

contextMenus

Adds "Look up nutrition" and "Classify food image" options to the right-click context menu on any page, so you can analyse selected text or images without opening the popup.

storage

Stores your authentication tokens, session state, and preferences locally on your device. No data in storage is transmitted to third parties.

scripting

Injects the nutrition results panel into the current page when triggered via the context menu. The panel is built with Shadow DOM to prevent interference with the host page's styles.

identity

Used exclusively to launch Google's OAuth sign-in flow when you choose "Continue with Google." Not used to access any Google account data beyond your basic profile.

host_permissions
<all_urls>

Required so the nutrition results panel and context menus work on any website — for example, classifying a food image on a recipe blog or Zomato. The extension only reads data you explicitly select or submit; it does not read page content passively.

5. Data Retention

Auth tokens — stored locally on your device; deleted immediately on sign-out.
Account data — retained in Firebase and our database while your account is active. You may request deletion at any time (see Section 7).
Food images — processed in-memory; not stored on our servers.
Queries — not logged or stored on our servers.

6. Security

Authentication tokens are stored in chrome.storage.local, which is encrypted by Chrome using your OS profile credentials. All communication between the extension and our backend uses HTTPS. Firebase tokens are verified server-side before any data is returned.

7. Your Rights

Access — you can see your account data at any time by signing into the NutriSense app.
Deletion — to delete your account and all associated data, contact us at the email below. We will process requests within 30 days.
Sign-out — signing out via the extension immediately removes all locally stored tokens.

8. Children's Privacy

NutriSense AI is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as the extension evolves. The effective date at the top of this page will reflect the latest revision. Continued use of the extension after changes constitutes acceptance of the revised policy.

10. Contact

Questions or data deletion requests: kashyapk1305@gmail.com