NomStash

Privacy Policy

Last updated: 13 February 2026

NomStash is a product name from TraitSpan .

Who We Are

NomStash is a product from TraitSpan. This Privacy Policy explains how we handle personal data on:

  • our marketing website at nomstash.com
  • our app at app.nomstash.com

We are based in the United Kingdom and aim to process personal data in line with UK GDPR, EU GDPR (where applicable), and other applicable privacy laws.

Privacy At A Glance

  • We use optional analytics on both the marketing site and app.
  • We use required technologies for authentication, security, and core app operation.
  • We do not sell personal data.
  • You can accept or reject optional analytics in the consent banner.

Data We Collect

Information you provide

  • Account details such as name and email address.
  • Registration preferences, including terms acceptance and email marketing preference.
  • Content you create in the app, such as recipes, meal plans, shopping lists, freezer inventory, and settings.
  • Messages you send us (for example, support emails).

Authentication and security data

  • Sign-in uses one-time codes sent to your email through Amazon Cognito/SES.
  • Session and token data needed to keep you signed in and protect your account.
  • Kiosk mode stores session token data in browser local storage for kiosk continuity.

Usage and technical data

We use a first-party analytics setup (PostHog via NomStash domains) to understand performance and product usage. Analytics collection is consent-based. Depending on your choice, this may include page views, interaction events, diagnostics, and session recording. Session recording is disabled unless analytics consent is accepted.

How We Use Data

  • Provide, secure, and maintain the service.
  • Authenticate users and manage account access.
  • Operate core app features and sync your data.
  • Improve reliability, performance, and usability.
  • Send service and account communications.
  • Send marketing emails only where you have opted in.

Legal Bases We Rely On

  • Contract: to provide the service you request.
  • Legitimate interests: for security, fraud prevention, and service improvement.
  • Consent: for optional analytics and marketing emails (where required by law).
  • Legal obligations: where we must retain or disclose data by law.

Cookies and Similar Technologies

We use cookies and local storage for consent, authentication, analytics, and kiosk session continuity. See our Cookie Policy for details, including cookie names and durations.

How We Share Data

We share data with service providers only where needed to operate NomStash, such as:

  • AWS services (including Cognito, DynamoDB, and SES) for account, storage, and authentication.
  • PostHog for analytics (consent-based).
  • Other infrastructure and support providers needed to run the service.

We do not sell personal data or share it for third-party advertising profiles.

International Transfers

Your data may be processed in the UK, EEA, and other countries where our providers operate. Where required, we use contractual or legal safeguards for international transfers.

Data Retention

We keep personal data only as long as necessary for service delivery, legal obligations, dispute resolution, and legitimate business needs. Cookie lifetimes are listed in the Cookie Policy.

Your Rights

Depending on your location, you may have rights to:

  • access a copy of your personal data
  • correct inaccurate data
  • request deletion of your data
  • restrict or object to certain processing
  • withdraw consent for optional analytics or marketing
  • lodge a complaint with a relevant supervisory authority

Security

We use technical and organizational measures designed to protect personal data. No method of transmission or storage is completely secure, but we continuously work to protect service data and account access.

Children

NomStash is not intended for children under 13. If you believe a child has provided personal data, contact us and we will review and remove data where appropriate.

Changes To This Policy

We may update this Privacy Policy from time to time. We will post the latest version on this page.

Contact Us

For privacy requests or questions, email privacy@nomstash.com.