Privacy Policy
Last updated: March 2026
This Privacy Policy describes how NoThinkList (“we,” “us,” “our”) collects, uses, and shares your information when you use the NoThinkList mobile application (currently iOS; Android coming soon) and the website at nothinklist.com (together, the “Service”). By using the Service, you agree to the practices described in this policy. If you do not agree, please stop using the Service.
Questions or concerns? Contact us at support@nothinklist.com.
1. Information We Collect
We collect the minimum data necessary to provide and improve the Service. We do not collect data beyond what is described below.
1.1 Account Information
- Email address (required for account creation, authentication, and support).
- Optional display name you choose to set.
1.2 Content You Create
- Grocery items, staple items, and lists you add or import.
- Recipes you import, photograph, or manually create.
- Feedback or messages you send through in-app forms or email.
1.3 Usage and Device Data
- Basic usage events such as feature usage (e.g., recipe import, list creation, settings changes).
- Device type, operating system version, app version, and crash or error logs.
If you use the voice input feature, your voice recording is transmitted to Google Gemini AI for processing. The recording is not stored by us after processing.
We do not collect precise location, contacts, or advertising identifiers.
1.4 Information We Do Not Collect
- Payment card or financial information. All purchases and subscriptions are processed by Apple through the App Store (iOS) or Google through the Google Play Store (Android). The applicable platform’s payment terms and privacy policy govern those transactions.
- We do not collect data from children. See Section 11 below.
2. How We Use Your Information
We use your information only for the following purposes:
- To provide the Service: creating your account, storing and syncing your lists and recipes, and enabling list sharing with people you invite.
- To power AI features: when you use AI-powered features, transmitting relevant content (such as recipe text, images, or voice recordings) to Google Gemini AI for processing. See Section 4.2 and Section 6.
- To improve the Service: understanding which features are used, diagnosing bugs, and improving parsing accuracy for recipes and ingredients.
- To communicate with you: responding to support requests, sending transactional emails (e.g., password resets), and sending occasional product updates if you have opted in.
- To ensure security: preventing fraud, abuse, and unauthorized access.
- To comply with law: meeting legal obligations, responding to lawful requests, and protecting our rights.
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Contract performance — To provide the Service you requested (account creation, list management, syncing).
- Legitimate interest — To improve the Service, prevent fraud, and maintain security, where those interests are not overridden by your rights.
- Consent — For non-essential analytics on our website (via cookie banner). You may withdraw consent at any time.
- Legal obligation — To comply with applicable laws and regulations.
4. Third-Party Services
We use the following third-party services to operate the Service. Each processes data only as necessary for its function and according to its own privacy policy. We require that each provides protection of your data equivalent to what we provide.
4.1 Backend and Infrastructure
- Firebase (Google) — Authentication, database (Firestore), cloud functions, and hosting. Google Privacy Policy
4.2 AI Services
AI-powered features (recipe analysis, ingredient parsing, and voice input) send relevant content to Google for processing. By using these features, you consent to that transmission. You can avoid this by not using AI-powered features; all core list and recipe functionality works without them.
- Google Gemini AI — AI-powered recipe analysis, ingredient parsing, and voice input processing. When you use these features, relevant content (recipe text, images, or voice recordings) is sent to Google for processing. Google Privacy Policy
NoThinkList does not use your personal data to train AI models. When your content is sent to Google Gemini AI for processing, it is processed under Google’s API terms. NoThinkList has no control over the AI provider’s data practices beyond what is specified in its API terms.
4.3 Subscriptions
- RevenueCat — Subscription management and purchase validation. RevenueCat Privacy Policy
4.4 Email
- Resend — Transactional email delivery. Resend Privacy Policy
4.5 Website Analytics
- Plausible Analytics — Privacy-focused, cookie-free website analytics. Plausible does not use cookies, does not collect personal data, and does not track users across sites. Plausible Privacy Policy
We do not share, sell, or rent your personal data to advertisers or data brokers. We share data with the services listed above only to the extent necessary for the Service to function.
5. Cookies and Tracking Technologies
Our website uses Plausible Analytics, which does not use cookies or track individual users. If we introduce cookies in the future, we will update this policy and provide a consent mechanism before setting non-essential cookies. For details on how we handle cookie preferences today, see our Cookie Policy.
The NoThinkList app (currently iOS; Android coming soon) does not use cookies or tracking pixels.
5.1 Global Privacy Control (GPC) and Do Not Track
We honor Global Privacy Control (GPC) signals transmitted by your browser. When we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal information under applicable state laws. We also respect Do Not Track (DNT) browser signals.
6. Your Grocery and Recipe Data
Your grocery lists and recipes exist to help you shop and cook. We use this data to:
- Build, display, and sync your lists across devices.
- Improve ingredient parsing accuracy.
- Diagnose and fix bugs.
We do not use your lists or recipes to serve ads, build advertising profiles, or sell to third parties.
AI features: When you use AI-powered features (recipe scanning, ingredient parsing, voice input), relevant content is sent to Google Gemini AI for processing. You can avoid this by not using these features. See Section 4.2 for details.
List sharing: When you share a grocery list, only the people you explicitly invite can view and edit that list. Sharing is private and does not expose your recipes, account details, or other lists.
Recipes: Recipes you import, photograph, or create are private to your account. NoThinkList does not have a recipe-sharing feature.
7. When We Share Information
We share your information only in the following circumstances:
- With the third-party service providers listed in Section 4, solely to operate the Service.
- With law enforcement or government authorities when required by law, subpoena, or court order, or when necessary to protect our rights, safety, or property.
- In connection with a merger, acquisition, or sale of assets, in which case you will be notified.
We do not sell or share your personal information for cross-context behavioral advertising.
8. International Data Transfers
Your data may be processed and stored outside your country of residence, including in the United States, where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Compliance with applicable data protection laws in each jurisdiction.
- Service provider certifications such as the EU-U.S. Data Privacy Framework, where applicable.
9. Data Retention
- Account data — Retained while your account is active. Deleted within 30 days of account deletion, except where retention is required by law.
- Grocery lists and recipes — Retained until you delete them or delete your account.
- Email addresses (mailing list) — Retained until you unsubscribe or request deletion.
- Support communications — Retained for up to 3 years after last contact.
- Website analytics — Aggregated and anonymized; retained for up to 2 years.
- Error and crash logs — Retained for 90 days.
- Backups — May retain deleted data for up to 90 days before permanent deletion.
10. Your Privacy Rights
Depending on your jurisdiction, you may have some or all of the following rights:
10.1 Rights Under GDPR (EEA, UK, Switzerland)
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate or incomplete data.
- Erasure — Request deletion of your personal data.
- Restriction — Request that we limit how we process your data.
- Portability — Receive your data in a machine-readable format (JSON or CSV).
- Object — Object to processing based on legitimate interests.
- Withdraw consent — Withdraw consent at any time where consent is the legal basis.
10.2 Rights Under U.S. State Privacy Laws
If you are a resident of a state with a comprehensive consumer privacy law, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, or Virginia, you have rights that may include:
- Right to know / access — Know what personal information we collect, use, and disclose.
- Right to delete — Request deletion of your personal information.
- Right to correct — Request correction of inaccurate data.
- Right to opt out — Opt out of the sale or sharing of personal information. (We do not sell or share personal information for advertising, but you may still exercise this right.)
- Right to non-discrimination — We will not discriminate against you for exercising your rights.
- Right to portability — Where applicable, receive your data in a portable format.
California-specific disclosures (CCPA/CPRA): We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use automated decision-making technology that produces legal or similarly significant effects on consumers. If this changes, we will provide notice and an opt-out mechanism.
We honor GPC signals as valid opt-out requests.
Categories of personal information collected: Identifiers (email address); commercial information (subscription status); internet or electronic network activity (usage events, device info); and other information you provide (grocery lists, recipes, feedback).
10.3 How to Exercise Your Rights
Email us at support@nothinklist.com with the subject line “Privacy Request.” Include the email address associated with your account so we can verify your identity. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.
You may also delete your account and associated data directly within the app by going to Settings > Account > Delete Account.
11. Children’s Privacy
NoThinkList is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us at support@nothinklist.com and we will delete it promptly.
12. Data Security and Breach Notification
We use commercially reasonable technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews.
In the event of a data breach affecting your personal information, we will notify relevant authorities within 72 hours as required by GDPR and notify affected users without undue delay if the breach poses a high risk to your rights. Notifications will be sent via email or in-app notice.
Limitation of Remedies. In the event of a data breach or unauthorized disclosure of your personal information, your sole and exclusive remedy is as set forth in the Limitation of Liability section of our Terms of Use. To the fullest extent permitted by applicable law, NoThinkList and its owners, officers, employees, and agents shall not be liable for any unauthorized access to, or alteration, theft, or destruction of, your data resulting from circumstances beyond our reasonable control.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and notify you via email or in-app notice at least 14 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact
For questions, privacy requests, or concerns about how we handle your data:
NoThinkList
Email: support@nothinklist.com (subject line: “Privacy Request” or “Data Protection Inquiry”)
Web: nothinklist.com/contact
We aim to respond to all privacy inquiries within 30 days.