Legal

Privacy Policy

Last updated . Also see our Terms of Service.

1. Information We Collect

Account Information

  • Email address and authentication credentials
  • Profile information (name, company, role)
  • Account preferences and settings

Usage Data

  • Formulation projects and ingredient data
  • AI interaction logs and feedback
  • Platform usage analytics
  • Device and browser information

2. How We Use Your Information

  • Provide and improve our AI formulation services
  • Personalize your experience and recommendations
  • Communicate updates and support messages
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

3. Data Storage and Security

Your data is stored securely using Supabase PostgreSQL with row-level security and encrypted cloud infrastructure. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Regular security audits and monitoring
  • Access controls and authentication via Clerk
  • Data backup and recovery procedures

4. Data Sharing

We do not sell your personal information. We may share data only in these circumstances:

  • With your explicit consent
  • To comply with legal requirements
  • With trusted service providers (under strict confidentiality)
  • To protect our rights and prevent fraud

5. AI Training and Improvement

We may use anonymized and aggregated data to improve our AI models and services. Personal information is never used directly for training purposes without explicit consent.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal claims). Anonymized and aggregated data may be retained indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to or restrict certain processing activities
  • Lodge a complaint with your national supervisory authority. EEA/UK users can find their DPA via the EDPB members list. French residents can contact the CNIL.

8. GDPR Compliance (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Contract performance — to provide the services you requested
  • Legitimate interests — to improve our platform and prevent fraud
  • Consent — for optional analytics and marketing communications
  • Legal obligation — to comply with applicable laws

For cross-border data transfers outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission. We have not appointed a formal Data Protection Officer at this time; privacy queries are handled directly by the founding team at privacy@nextbite360.com.

9. CCPA Compliance (California Users)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising your privacy rights

10. Cookies and Tracking

We use essential cookies for authentication and platform functionality. Analytics cookies help us improve our services. You can manage cookie preferences in your browser settings.

11. Third-Party Integrations

Our platform integrates with third-party services including Supabase, Clerk authentication, and AI processing services (Google, OpenAI, Anthropic). These integrations are governed by their respective privacy policies.

12. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

13. Changes to Privacy Policy

We may update this privacy policy periodically. We will notify users of significant changes via email or platform notifications.

14. Contact Us

For privacy-related questions or to exercise your rights, email privacy@nextbite360.com. We respond to verified requests within 30 days (or the statutory period applicable in your jurisdiction).