Noba

Privacy statement

Noba Health AS
Grensen 17, 0159 Oslo, Norway
Organization number: NO 921671202
E-mail: info@noba.app

Last updated: 10 January 2023

Noba Health AS (hereinafter referred to as "Noba", "the app", "we" or "our") is committed to maintaining the trust and privacy of our users. This privacy policy contains information on how Noba ensures this, with regard to Personal User Data that is collected via the app. Personal User Data is data that can be linked to an identified person and which is therefore protected under the Personal Data Act.

1. Noba is a data processor and is responsible for the processing of its users.

Noba is a data processor under the EU's personal data protection regulation (also called GDPR - General Data Protection Regulation). The users of Noba own their Personal Data, and consequently decide for themselves how the data is used. By using Noba, the user chooses which information is left in the service.

This Privacy Policy describes how Noba Health AS processes Personal Data in order to be able to offer the service to its users.

2. Personal Data covered by this privacy policy

Personal Data includes both Personal User Data and Personal Health Data, both described below. Personal User Data means the following:

  • Name
  • Contact information (email)
  • Use of the service, for example which products have been scanned or opened, favorite products, favorite recipes and search text.

Personal health data means the following:

  • Logged symptoms (abdominal pain, stool pattern, bloating, etc.)
  • Logged food intake

When you use the website https://noba.app and/or the Noba app and create an account, you typically provide some information. When you log into the service through Apple or Facebook, we will obtain contact information from them to create an account. This contact information includes name, email address and public profile picture, and is collected with your consent.

To give you access to premium content, we collect information from Apple, Google and Stripe about which subscription you have. We do not collect payment information, such as card number, invoicing information and payment method. This information is only with Apple, Google or Stripe.

3. The information collected

Noba collects Personal User Data to be able to create a user profile in the app and to be able to deliver the service as agreed and expected. By using our services, we need to collect some information to provide you with a good user experience. We store the following data:

  • Technical information, such as which device you use, which operating system is running, when you log in and out of the account, whether you use wifi/mobile data, how you click and navigate on the platform.
  • Service information, which includes information about how you use our service: Which products you click on, which products you search for, which products you scan. In addition, we collect crash data, which is linked to you as a user. We use this data to correct errors in our services.
  • User data, which involves data that you yourself actively generate in the service: Which products and recipes are your favourites, which symptoms and food intake you log, etc.

4. How we use the information

Here are the most important purposes for which we use the information:

  • To establish and manage your customer relationship. For this purpose, we typically use contact information, subscription information and communications. The legal basis is that the processing of the information is necessary to fulfill our agreement with you and to fulfill our legal obligations (such as the Money Laundering Act and the Bookkeeping Act).
  • To be able to deliver our services.
    For this purpose, we typically use technical information and user information. The legal basis is that the processing of the information is necessary to fulfill our agreement with you and to fulfill our legal obligations (such as the Money Laundering Act and the Bookkeeping Act).
  • To analyze and improve our services and your user experience.
    For this purpose, we typically use technical information and service information. The legal basis is our legitimate interest in conducting product development.
  • To market our products and services. For this purpose, we typically use contact information, technical information and service information. The legal basis is our legitimate interest in communicating offers to you, or your consent, which is further described under Marketing.

We may also process personal data for other purposes that are not incompatible with those mentioned above, such as bookkeeping purposes or to handle any claims, complaints and disputes that may arise. The legal basis will be the fulfillment of legal obligations or our legitimate interest in establishing, defending or establishing legal claims.

5. Marketing

We will at all times conduct our marketing in accordance with the applicable law. Here is an overview of how we typically conduct marketing:

By e-mail: We can send you newsletters, offers, invitations to events and other marketing if we have an existing customer relationship with you and so far the marketing applies to goods and services corresponding to our customer relationship.

On websites/social media: We may show you advertisements, invitations to events and other marketing on our websites, other people's websites and on social media, as long as we have given you good information about it and given you the opportunity to say no.

6. Sharing of your information

Information about popular products, most scanned products, etc. can be offered in Noba from information obtained about all users. This anonymised information can also be shared with third parties such as manufacturers or the grocery industry. The information we may share with third parties will not contain data that can be traced back to you.

It may become possible for you to share your logged health data with a professional, but this will only happen at your initiative.

7. Use of third parties

Authentication: Firebase by Google

Firebase is used to authenticate users. For more information, see their Privacy Policy: https://firebase.google.com/support/privacy

Statistics and user behaviour: Mixpanel

We use Mixpanel to collect anonymous statistics on the use of the app so that we can improve the service. We do not send health data or personal information to Mixpanel, but Mixpanel collects information about geolocation (city, region and country), based on your IP address. The IP address itself is not sent. For more information, see their Privacy Policy: https://mixpanel.com/legal/mixpanel-gdpr/

8. How long do we store the information

We store your personal data for as long as is necessary to fulfill the purposes described in this privacy policy. We store contact information as long as you have a user with us.

You have the right to deletion ("right to be forgotten") according to the Personal Data Act. If you choose to delete your account in the app, your account will be deleted immediately. It will not be possible to restore a deleted user. As a security measure, we have separated user information (account information) from user data generated in the app. Data you have generated in the app will therefore be anonymised when the account is deleted, so that it will not be possible to trace this back to an identifiable person.

Read more about the Personal Data Act here: https://lovdata.no/dokument/NL/lov/2018-06-15-38/KAPITTEL_gdpr-3-3#gdpr/a17

9. Right to data portability

You have the right to control your own personal data. The right applies to information you yourself have provided to us, such as logging data, and states that you can have this data handed over in a machine-readable and commonly used file format for further use. You have the right to have the data handed over as quickly as possible and within one month at the latest. To exercise this right, contact us by email at info@noba.app.

Read more about your right to data portability at the Norwegian Data Protection Authority: https://www.datatilsynet.no/rettigheter-og-plikter/den-registrertes-rettigheter/rett-til-dataportabilitet/

10. Cookies

The website https://noba.app and the Noba app use cookies. The cookies are used to enable us to remember you and offer you the agreed service. In the app, we use the following cookies:

  • Cookies for authentication: Used by us to save your login. Without this, you will have to log into the service every time you enter a new user session.
  • Cookies for functionality: Used by us to remember which choices and settings you have made. The reason for this storage is to give you a better and more personal experience, and to avoid you having to answer the same question several times or see the same information every time you open the app.
  • Cookies for tracking and performance: These are used to track information about traffic in the service and how users use the service. The purpose is to better understand our users so that we can further develop the service better adapted to our users. Such cookies can indirectly identify you as an individual visitor. This is typically done by the collected information including a pseudonymous identifier associated with the device on which you use the app.

On the website, we use third-party cookies in relation to payment and use of the site:

  • For payment, Stripe is used as payment provider. Stripe is only loaded when a user pays for a subscription. In the context of a payment process, Stripe may use cookies on the website to detect and monitor potential harmful and illegal use of the service. Link to Stripe Cookie Policy: https://stripe.com/docs/js/appendix/cookies
  • We use Google Analytics to collect usage data. In connection with the collection, Google Analytics uses cookies to identify unique users on the website. Link to the Google Analytics Cookie Policy: https://policies.google.com/technologies/cookies?hl=en-US

Cookies are text files that the service stores on your computer. The files can only be read by Noba Health AS and by yourself.

You can prevent cookies from being stored on your computer by changing the settings in your browser. However, this may affect the functionality and quality of the services.

If you wish to avoid cookies from other parties without affecting the functionality of our website, it is possible in most browsers to only allow cookies from certain domains.

Noba