NomStash

Privacy Policy

Last updated: 3 March 2026

NomStash is a product name from TraitSpan .

Who We Are

NomStash is a product from TraitSpan. This Privacy Policy explains how we handle personal data on:

  • our marketing website at nomstash.com
  • our app at app.nomstash.com

We are based in the United Kingdom and aim to process personal data in line with UK GDPR, EU GDPR (where applicable), and other applicable privacy laws.

Privacy At A Glance

  • We use optional analytics on both the marketing site and app.
  • We use required technologies for authentication, security, and core app operation.
  • We do not sell personal data.
  • You can accept or reject optional analytics in the consent banner.

Data We Collect

Information you provide

  • Account details such as name and email address.
  • Registration preferences, including terms acceptance and email marketing preference.
  • Content you create in the app, such as recipes, meal plans, shopping lists, freezer inventory, and settings.
  • Images you upload, for example photographs of freezer labels for text recognition.
  • Messages you send us (for example, support emails).

Authentication and security data

  • Sign-in uses one-time codes sent to your email through Amazon Cognito/SES.
  • Session and token data needed to keep you signed in and protect your account.
  • Kiosk mode stores session token data in browser local storage for kiosk continuity.

Third-party account connections

If you choose to connect a third-party account (for example, Google Calendar), we receive limited access tokens and the specific data needed to provide the feature (such as calendar event times to help plan meals around busy days). We only request the minimum permissions required, and you can disconnect at any time from your account settings.

Usage and technical data

We use a first-party analytics setup (PostHog via NomStash domains) to understand performance and product usage. Analytics collection is consent-based. Depending on your choice, this may include page views, interaction events, diagnostics, and session recording. Session recording is disabled unless analytics consent is accepted.

How We Use Data

  • Provide, secure, and maintain the service.
  • Authenticate users and manage account access.
  • Operate core app features and sync your data.
  • Process images you upload to extract text (for example, reading freezer label text).
  • Use AI services to help extract and structure recipe data you import from external sources.
  • Send automated service emails such as defrost reminders, account invitations, and one-time sign-in codes.
  • Improve reliability, performance, and usability.
  • Send marketing emails only where you have opted in.

Legal Bases We Rely On

  • Contract: to provide the service you request.
  • Legitimate interests: for security, fraud prevention, and service improvement.
  • Consent: for optional analytics and marketing emails (where required by law).
  • Legal obligations: where we must retain or disclose data by law.

Cookies and Similar Technologies

We use cookies and local storage for consent, authentication, analytics, and kiosk session continuity. See our Cookie Policy for details, including cookie names and durations.

How We Share Data

We share data with service providers only where needed to operate NomStash, such as:

  • AWS services (including Cognito, DynamoDB, SES, S3, Rekognition, and IoT) for account management, storage, authentication, image processing, and device communication.
  • OpenAI for AI-assisted recipe extraction and ingredient matching. Recipe text you import may be sent to OpenAI for processing. OpenAI's data usage is governed by their own policies.
  • Google (if you connect Google Calendar) for calendar-aware meal planning. We request read-only calendar access and store OAuth tokens securely.
  • Cloudinary for image hosting and processing related to label images.
  • PostHog for analytics (consent-based).

We do not sell personal data or share it for third-party advertising profiles.

Shared Accounts

NomStash supports multi-user accounts (for example, household members). When you join a shared account, other members of that account can see shared content such as recipes, inventory items, meal plans, and shopping lists. The account lead can invite or remove members. Your name and email are visible to other members of your account.

Physical Labels and QR Codes

NomStash uses physical label stickers with QR codes to track freezer inventory. Each label contains a short code linked to your account. Scanning a label retrieves the associated inventory item within your account. Label codes do not contain personal information, but they are associated with your account data within the app.

International Transfers

Your data may be processed in the UK, EEA, and other countries where our providers operate. Where required, we use contractual or legal safeguards for international transfers.

Data Retention

We keep personal data only as long as necessary for service delivery, legal obligations, dispute resolution, and legitimate business needs. Cookie lifetimes are listed in the Cookie Policy.

Your Rights

Depending on your location, you may have rights to:

  • access a copy of your personal data
  • correct inaccurate data
  • request deletion of your data
  • restrict or object to certain processing
  • withdraw consent for optional analytics or marketing
  • lodge a complaint with a relevant supervisory authority

Security

We use technical and organizational measures designed to protect personal data. No method of transmission or storage is completely secure, but we continuously work to protect service data and account access.

Children

NomStash is not intended for children under 13. If you believe a child has provided personal data, contact us and we will review and remove data where appropriate.

Changes To This Policy

We may update this Privacy Policy from time to time. We will post the latest version on this page.

Contact Us

For privacy requests or questions, email privacy@nomstash.com.