← Back to home

Privacy Policy

Last updated: April 2026

Who we are

Norma (“we,” “us,” or “our”) operates the website iamnorma.com and the Norma AI nutrition companion service. We are the data controller responsible for your personal information collected through this service. Questions about this policy can be directed to hello@iamnorma.com.

What we collect

When you create an account, we collect your email address and password (stored as a secure hash). During onboarding, you may provide additional information including your GLP-1 medication name and stage, weight and goals, dietary preferences and restrictions, cooking habits, schedule type, and exercise information. This information is entirely voluntary and can be deleted at any time.

We also store the messages you exchange with Norma and structured signals extracted from those conversations, such as mood indicators, behavioral patterns, and upcoming events you mention. We collect basic usage data such as session dates and activity streaks to provide personalized guidance.

How we use your data

Your data is used exclusively to provide the Norma service: generating personalized AI responses, maintaining conversation continuity across sessions, improving the relevance of Norma's guidance over time, and sending you service-related emails. We do not use your data for advertising, sell it to third parties, or share it for any purpose unrelated to providing this service.

How AI uses your data

Your profile and recent conversation history are sent to our AI provider (Google Gemini) to generate personalized responses. This data is used solely to provide contextually relevant nutrition guidance. We do not use your data to train AI models. Conversation content is processed in real time and is not retained by Google Gemini beyond the duration of the request, in accordance with Google's API data usage policies.

Email communications

By creating an account, you agree to receive service-related emails from Norma. These include account verification, password reset, trial status notifications, re-engagement messages, and weekly activity summaries. These emails are necessary to deliver the service you signed up for.

You may opt out of non-essential service emails (such as weekly summaries and re-engagement messages) at any time by clicking the unsubscribe link included in each email or by contacting us at hello@iamnorma.com. Transactional emails (account verification, password reset, billing notifications) cannot be disabled as they are essential to the service.

Third-party service providers

We share your data with the following trusted service providers solely to operate the Norma service:

  • Supabase — database and authentication hosting
  • Google Gemini — AI response generation (conversation context sent per request)
  • Resend — transactional and service email delivery
  • Stripe — payment processing and subscription management
  • Vercel — application hosting and infrastructure
  • Google Analytics 4 — anonymous usage analytics (see Cookies section)

Each provider is bound by their own privacy policies and data processing agreements. We do not permit these providers to use your data for their own marketing or unrelated purposes.

Cookies and analytics

We use the following types of cookies and tracking technologies:

  • Essential cookies: Authentication session cookies required to keep you logged in. These cannot be disabled without breaking the service.
  • Analytics cookies: We use Google Analytics 4 to understand how visitors interact with our marketing pages (page views, referral sources, and conversion events). This data is anonymized and aggregated. No personally identifiable information is shared with Google Analytics. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

Data storage and security

Your data is stored securely in our database hosted by Supabase. All connections are encrypted in transit using TLS and encrypted at rest. Access to your data is restricted by row-level security policies — only you can access your own records. Our administrative access to user data is limited to what is strictly necessary to operate and maintain the service.

Data retention and deletion

We retain your data for as long as your account is active. You can delete your account and all associated data at any time from the Settings panel. Deletion is permanent and includes your profile, all conversation history, daily logs, subscription records, and email history. We do not retain backups of deleted accounts.

Payment information

All payments are processed by Stripe. We never see, store, or have access to your credit card number or banking information. Stripe handles all payment data in compliance with PCI DSS Level 1 standards. Your billing email and subscription status are stored by us to manage your account.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate data through your profile settings.
  • Deletion: Delete your account and all associated data at any time from Settings.
  • Portability: Request an export of your data in a structured format.
  • Objection: Opt out of non-essential email communications at any time.

To exercise any of these rights, contact us at hello@iamnorma.com. We will respond within 30 days.

International data transfers

Norma is operated from the United States. If you access the service from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate. By using Norma, you consent to this transfer. We ensure that any such transfers are made in accordance with applicable data protection laws.

Children's privacy

Norma is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will delete that information promptly.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. Continued use of Norma after changes are posted constitutes your acceptance of the updated policy.

Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at hello@iamnorma.com. We are committed to resolving any privacy concerns promptly.