Noura.
Privacy Policy
Effective Date: 07/09/2025
Last Updated: 07/09/2025
Noura (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you how we collect, use, and safeguard your data when you use our services, including our AI-generated meal planning tool, website, and any other associated features (together, the “Service”).
⸻
Who We Are and How to Contact Us
Noura is a UK-based service offering personalised, AI-powered meal plans and nutritional guidance.
• Legal Entity Name: Noura (Sole Founder: Rufus Woodbridge)
• Contact Email: nourameals@outlook.com
• Contact Location: Bristol, United Kingdom
If you have any questions about this privacy policy or how we use your personal data, you can email us at the address above.
⸻
The Data We Collect
We may collect, use, store, and transfer the following categories of personal data:
Identity Data - First Name, Last Name (Optional)
Contact Data - Email Address
Profile Data - Diet Preferences, Allergies, Religious Restrictions, Fitness Goals, General Preferences, Height, Weight (from Tally form responses)
Usage Data - Interactions with the site, Form completion patterns
Communication Data - Emails, Feedback Messages, Form-based Comments
By submitting any health-related or religious dietary information, you explicitly consent to our processing of that Special Category Data for the purpose of generating your personalised meal plan in accordance with Article 9(2)(a) of UK GDPR.
⸻
How We Collect Your Data
We collect personal data through the following methods:
• Direct interactions: You provide data when you fill out the Noura intake form (via Tally), email us, or interact with features on our website.
• Automated technologies: Basic device and usage data may be collected automatically through cookies or tracking tools (if added in future).
⸻
How We Use Your Data
We use your personal data to:
• Generate tailored meal plans using OpenAI’s GPT model
• Customise and improve our Service
• Provide access to your personal meal plan on your Noura dashboard
• Send relevant updates or reminders via email
• Respond to enquiries or technical issues
• Fulfil our legal or contractual obligations
We do not use your data for profiling with legal or similarly significant effects. Meal plans are AI-generated based on your preferences, but no automated decisions are made beyond that.
⸻
Legal Bases for Processing
We rely on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):
To generate meal plans - Your consent (Article 6(1)(a))
To email you plans/updates - Consent or legitimate interest (Article 6(1)(a) or (f))
To manage user access (e.g. paid plans) - Performance of a contract (Article 6(1)(b))
To keep records or respond to legal requests - Legal obligation (Article 6(1)(c))
⸻
Disclosures and Third Parties
We only share your personal data with essential third parties (data processors) who help us run the Service:
OpenAI - To generate your personalised meal plan via GPT model
Make (Integromat) - To automate tasks like generating and sending plans
Google Sheets - To store your meal plan data securely
Tally.so - To collect your data via the intake form
Wix - To host your private meal plan dashboard
Email Provider (Outlook) - To send your meal plans and account-related communications
⸻
International Data Transfers
To provide Noura’s services, we may transfer and store your personal data outside the United Kingdom or European Economic Area (EEA), including to countries that may not have equivalent data protection laws. When we do this, we ensure that your data remains fully protected and compliant with applicable UK and EU data protection legislation.
We only transfer data to third parties located outside the UK or EEA where:
• The recipient country has been deemed to provide an adequate level of protection; or
• We have entered into Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office or the European Commission, which legally require recipients to protect your personal data to the same standards as under UK and EU law.
Our key international providers — including OpenAI, Google (Workspace and Sheets API), Make (Integromat), and others - have all implemented and operate under valid SCCs. These contractual safeguards ensure that your personal data is processed securely, lawfully, and in full compliance with the UK GDPR and EU GDPR frameworks.
If you would like more details on the SCCs we use or copies of the relevant clauses, you can contact us at nourameals@outlook.com.
⸻
Data Retention
We only keep your personal data for as long as is necessary:
Form responses and preferences - 12 months after last use
Email address and contact data - Retained for 18 months post last contact
Generated meal plans - Retained for 6 months unless requested otherwise
You can request earlier deletion at any time.
⸻
Your Legal Rights
You have rights under the UK GDPR, including:
• Right to access – See what personal data we hold
• Right to rectification – Fix incorrect or outdated information
• Right to erasure – Ask us to delete your data (“right to be forgotten”)
• Right to restrict processing – Limit how your data is used
• Right to data portability – Request a copy of your data
• Right to object – To certain uses (e.g. direct marketing)
• Right to withdraw consent – At any time, for any reason
To exercise your rights, please email: nourameals@outlook.com
⸻
Children’s Privacy
Noura is not intended for use by anyone under the age of 13. We do not knowingly collect, use, or store personal data from children under 13.
If we become aware that personal information has been submitted by or collected from a user under the age of 13 without verified parental consent, we will take immediate steps to delete that data and disable the associated account.
If you are a parent or legal guardian and believe that your child under 13 has provided personal information to Noura, please contact us at nourameals@outlook.com, and we will promptly investigate and remove the data where appropriate.
Users aged 13 to 17 may only use the service with the consent and supervision of a parent or guardian. By using Noura, you confirm that you meet these age requirements.
At this time, Noura does not have a formal mechanism to obtain verified parental consent. Therefore, individuals under 13 must not use the Service under any circumstance.
Noura may implement parental consent verification procedures in the future in accordance with Article 8 of UK GDPR.
⸻
Cookies and Tracking
Noura currently does not use cookies or similar tracking technologies. If this changes in the future, we will update this policy and provide a Cookie Notice.
⸻
Data Security
We take appropriate technical and organisational measures to protect your data from loss, misuse, or unauthorised access, including:
• Secure form submission (via Tally)
• API key and OAuth access controls (e.g. for Google Sheets)
• Secure automation via Make
• Role-based access to data
However, no system is 100% secure, and you should also take precautions when using any online service.
⸻
Data Breach Protocol
If a data breach occurs that may compromise your rights or freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected users as soon as possible.
⸻
Changes to This Policy
We may update this policy occasionally. When we do, we’ll update the “Last Updated” date and notify users via the site or email if appropriate.
⸻
Contact and Complaints
If you have concerns about how we handle your data, please contact us at:
You also have the right to lodge a complaint with the UK data protection authority:
Information Commissioner’s Office (ICO)
Telephone: 0303 123 1113
This document is governed by and interpreted in accordance with the laws of England and Wales.