nosh User Privacy Policy

Last Updated: [Month], [Day], 2026

Introduction

The client application named “nosh” and other forms we may provide from time to time (collectively referred to as “nosh”) are legally owned and operated by Chaoshi Technology (Shanghai) Co., Ltd. and its affiliates (hereinafter referred to as “nosh” or “we”). Our registered address is Room C3201, Building C, West Block 1168, No. 1687 Changyang Road, Yangpu District, Shanghai. “Our” shall be construed accordingly. For the avoidance of doubt, we reserve all rights to adjust the name of nosh.

“User” or “you” refers to a user of nosh. “Your” shall be construed accordingly.

In this Policy, we describe our practices regarding the collection, use, and provision of personal information in accordance with applicable laws, regulations and technical specifications, and further elaborate on your rights related to your personal information.

This Policy is closely related to your use of our nosh services. When you download, install, launch, browse, register, log in to, or use our nosh services, we will process and protect your personal information in accordance with the provisions of this Policy. “nosh” has the meaning as defined in the nosh Terms of Service.

Please carefully and fully read this Policy before using or continuing to use our nosh services, and make appropriate choices in accordance with the guidelines of this Policy when necessary. If you do not provide us with specific personal information, it may result in our inability to provide you with nosh, restrict your use of nosh, or prevent us from achieving the intended service effects.

How We Collect and Use Your Personal Information
How We Share, Transfer and Publicly Disclose Your Personal Information
How We Store and Protect Your Personal Information
How You Manage Your Personal Information
How You Deactivate Your Account
Special Notes on Products and/or Services Provided by Third Parties
How We Use Cookies and Similar Technologies
Protection of Minors
How We Update the Privacy Policy
How to Contact Us
Miscellaneous

1. How We Collect and Use Your Personal Information

We will explain to you in this Policy the scope of personal information that may be collected, the purposes of collection, the methods of collection, and the consequences of not providing your personal information for each function of our products and/or services. Please note that when you do not provide the corresponding information necessary for the implementation of various functions, you may still use other functions of nosh.

We will collect and use personal information you voluntarily provide in the course of using our services or generated from your use of our products and/or services in compliance with the principles of legitimacy, lawfulness and necessity, for the following purposes set forth in this Policy. If we intend to use your personal information for other purposes not specified in this Policy, or use already collected information for other purposes based on specific purposes, we will notify you in a reasonable manner and obtain your consent again prior to such use. You may view details via the Personal Information Collection List.

1.1 Account Registration and Login

When you register for or log in to a nosh account, we will collect your mobile phone number, password or verification code to register and log you into your account. To assist you in completing the registration process, we will also collect your customized avatar and nickname to provide you with the initial nosh services. In addition, to ensure the security of your user account, if we identify a risk that the mobile phone number used for your account registration or login has been reissued, we will provide your mobile phone number and account registration/login time to telecommunications operators to verify whether it is a reissued number.

1.2 Provision of Products and/or Services to You

1.2.1 AI Food Recognition Function

When you use the AI food recognition function, we will collect photos you take or upload to provide you with food recognition services. If you refuse to allow us to collect such information, you may be unable to use this function, but this will not affect your use of other functions of nosh.

1.2.2 Notification Services

During our operation, we may send you one or more types of notifications via contact information you provide in the course of using our products or services, including message notifications, identity verification, security verification, and user experience surveys. We may also provide you with services, functions, activities and relevant commercial information that may interest you via SMS or telephone calls. If you do not wish to receive commercial advertisements sent by us, you may unsubscribe by replying to SMS prompts, via other methods we provide, or contact us directly to unsubscribe.

1.2.3 Clipboard Access

When you share or receive shared information or participate in activities, we need to access your clipboard and read information contained therein such as email addresses and links to implement functions or services including redirection, sharing and activity linkage for you.

1.2.4 Secure Operation and Risk Control Verification

To ensure the secure operation of the software and services, prevent unauthorized access to your personal information, more accurately prevent fraud and protect account security, after you agree to this Privacy Policy, nosh or necessary security and risk-control SDKs will actively collect your device information through system interfaces. The collection method includes local reading and uploading to the server for processing during security verification scenarios such as app launch, login, switching to the background, or app restart; the collection scope includes:

device or hardware model, device name;
SIM card serial number such as ICCID, SIM card country or region, SIM carrier name or code, network carrier name or code, phone network type, and other cellular network and carrier information;
base station information or cellular cell information, including base station or cell identifier, Mobile Country Code (MCC), Mobile Network Code (MNC), Location Area Code (LAC), Tracking Area Code (TAC), cell ID (CID/CI/NCI), Physical Cell ID (PCI), network standard, registration status, signal strength, and similar information;
hardware or device serial number (SN), device MAC address, SSID, BSSID, device IP address (including local IPv4/IPv6 address) and other network device information;
Wi-Fi information and Wi-Fi scan results, including SSID, BSSID, signal strength, frequency band, channel, encryption method, connection status, scan time, and similar information of the currently connected or nearby available Wi-Fi networks;
network diagnostic information, including DNS server address, gateway address, network interface information, proxy information, network type, network subtype, network connection status, Wi-Fi status, and carrier information;
Bluetooth device information, including Bluetooth address and Bluetooth connection status;
device unique identifiers, including IMEI, IMSI, Android ID, IDFA, IDFV, OAID and MEID, locally generated device ID, SDK-generated security identifiers, login session identifier, and user ID;
overall operation status and frequency, crashes, installation and usage, performance data and source;
storage, including albums, media and other files, language settings, operating system, operating system version number and application version;
installed app list information, including installed applications' package names, app versions, installation status, and software usage records;
sensor information: gravity sensor.

The above information will be uploaded to the server for security risk control verification, device environment identification, fraud and attack prevention, abnormal login identification, network status assessment, Wi-Fi environment identification, issue diagnosis, and service stability. If you do not agree to our collection of the aforementioned information, risk control verification may not be completed. Please understand that to dynamically detect whether abnormal login occurs on your account, whether the device environment is abnormal, and whether the network connection is stable, we may read such information again each time you switch nosh to the background or restart the application, and we will control the reading frequency within a reasonable range.

1.2.5 Analytics, Attribution, and Service Improvement

To analyze the use of nosh, evaluate channel attribution effectiveness, improve product experience, and troubleshoot abnormal issues, we will collect and use event information such as app launch, registration, login, food recognition, saving food records, deleting records, recognition retry, page visits, button clicks, and abnormal errors. Such information may include event name, event time, page or module, operation result, error code, duration, channel source, deep link or attribution information, device identifier, user ID, noshID, locally generated device ID, app version, system version, network type, network subtype, and Wi-Fi status. We will not proactively upload your verification code, full mobile phone number, login token, original photo content, or similar sensitive business content in analytics events; if related information in logs needs to be processed for troubleshooting, we will do so within a reasonable and necessary scope.

A summary of the main device permissions we will invoke when providing nosh services is as follows. You may choose to disable part or all of the permissions in the settings function of your device. The display and disabling methods of permissions may vary across different devices; please refer to the instructions or guidelines of the device and system developer for details:

Device Permission	Corresponding Business Function	Functional Scenario Description	Whether It Can Be Disabled
Network Permission	Internet Access Function, Secure Operation and Risk Control Verification	Enable internet access, read and update service content, and read device IP address, network status, network type, network diagnostic information, Wi-Fi information, and Wi-Fi scan results during security verification, issue diagnosis and service stability scenarios	Yes. After disabling, nosh content cannot be read or updated in real time, and nosh cannot be used normally
Camera	AI Food Recognition	User photography and food recording	Yes. After disabling, only the corresponding function is affected, and other functions of nosh are not affected
Storage (Albums, Media and Other Files)	AI Food Recognition	Read or save food photos and process media information such as photo time and image orientation	Yes. After disabling, only the corresponding function is affected, and other functions of nosh are not affected
Phone Status (Including Device Information and Operating Status)	nosh Secure Operation and Risk Control Verification	Read device identifiers, cellular network, carrier, SIM card, base station information, or cellular cell information for secure operation and risk control verification, abnormal issue diagnosis, and service stability as described in Clause 1.2.4 of this Policy	Yes. After disabling, only the corresponding function is affected, and other functions of nosh are not affected
Bluetooth	nosh Secure Operation and Risk Control Verification	Read Bluetooth device information for device environment identification, security risk control verification, issue diagnosis, and service stability	Yes. After disabling, only the corresponding function is affected, and other functions of nosh are not affected

1.3 Exceptions to Obtaining Consent

In accordance with relevant laws and regulations, we may collect and use necessary personal information without obtaining your authorized consent under the following circumstances:

Necessary for the conclusion or performance of a contract in which a natural person is a party;
Necessary for the performance of statutory duties or obligations;
Necessary to respond to public health emergencies or protect the life, health and property safety of natural persons in emergency situations;
Processing personal information within a reasonable scope for news reporting, public opinion supervision and other acts for public interests;
Processing personal information that has been voluntarily disclosed by the individual or otherwise lawfully disclosed within a reasonable scope in accordance with the Personal Information Protection Law;
Other circumstances prescribed by laws and regulations.

2. How We Share, Transfer and Publicly Disclose Your Personal Information

2.1 Sharing

We will not share your personal information with any company, organization or individual, except under one or more of the following circumstances:

We have obtained your prior authorization;
You voluntarily request it;
Sharing personal information with commercial partners is necessary.

You understand and acknowledge that to provide you with more complete and high-quality products and services, we will authorize commercial partners to provide part of the services for you. In such cases, we may share certain of your personal information with partners to provide better customer service and user experience. Please note that we will only share your personal information for lawful, legitimate, necessary, specific and explicit purposes, and only share the personal information necessary for providing services. We will conduct security assessment and processing on the output form, circulation and use of information data to protect data security. Meanwhile, we will conduct strict supervision and management over partners. Once we find that they process personal information in violation of regulations, we will immediately terminate cooperation and pursue their legal liabilities.

At present, our partners include the following types; for details, please refer to the Third-Party Information Sharing List:

Third-party SDK service providers: When you use functions provided by third parties in nosh, we may integrate software development kits (SDKs) provided by third parties to implement relevant functions. In such cases, third-party SDK service providers may collect your relevant personal information. We will exercise due diligence and conduct strict security monitoring on the aforementioned third-party SDKs to protect personal information security.
Message push services: To provide you with message pushes, third-party push service providers may obtain your device information and network information to push messages such as diet reminders and daily diet reports for you.

2.2 Transfer

Transfer means transferring the control right over your personal information to another company, organization or individual. We will not transfer your personal information to any company, organization or individual without your explicit consent, except for the following circumstances:

We have obtained your prior consent;
You voluntarily request it;
If the company undergoes a merger, division, dissolution or is declared bankrupt, it may involve the transfer of personal information. In such cases, we will notify you of the name and contact information of the recipient and require the new company or organization holding your personal information to continue to be bound by this Policy. If the recipient changes the purpose or method of processing personal information, we will require it to obtain your explicit consent again;
Other circumstances prescribed by laws and regulations.

2.3 Public Disclosure

Public disclosure means releasing information to the public or unspecified groups. In principle, we will not publicly disclose your personal information, except for the following situations:

Displaying necessary desensitized relevant information when announcing account winning or penalty notices;
After obtaining your explicit consent.

2.4 Exceptions to Consent for Sharing, Transfer and Public Disclosure of Personal Information

In accordance with relevant laws and regulations, we may share, transfer or publicly disclose your personal information without obtaining your prior authorized consent under the following circumstances:

Necessary for the conclusion or performance of a contract in which a natural person is a party;
Necessary for the performance of statutory duties or obligations;
Necessary to respond to public health emergencies or protect the life, health and property safety of natural persons in emergency situations;
Processing personal information within a reasonable scope for news reporting, public opinion supervision and other acts for public interests;
Processing personal information that has been voluntarily disclosed by the individual or otherwise lawfully disclosed within a reasonable scope in accordance with the Personal Information Protection Law;
Other circumstances prescribed by laws and regulations.

Please understand that in accordance with current laws and regulatory requirements, sharing or transferring anonymized personal information where the data recipient cannot restore or re-identify the personal information subject does not require separate notification to you or obtaining your consent.

3. How We Store and Protect Your Personal Information

3.1 Storage

Storage Location: We store personal information obtained from operating nosh within the territory of the People's Republic of China. We will provide your personal information to entities outside the People's Republic of China only after fulfilling obligations prescribed by law under the following circumstances:

Explicit provisions under applicable laws;
Obtaining your explicit authorization.

For the above circumstances, we will ensure that your personal information is protected to a level no lower than that stipulated in this Policy by means of contracts and other forms.

Storage Period: We undertake to store your personal information only for a reasonably necessary period in accordance with legal provisions. Upon expiration of the aforementioned period, we will delete your personal information or anonymize it.

If we cease operations, we will promptly cease collecting your personal information, attempt to notify you of the cessation of operations by individual delivery or public announcement, and delete or anonymize the personal information we hold about you.

3.2 Protection

To protect the security of your personal information, we will endeavor to adopt various security measures in line with industry standards to protect your personal information and minimize the risk of your personal information being damaged, stolen, leaked, accessed without authorization, used, disclosed or altered. We will actively establish a data classification and grading system, data security management specifications and data security development specifications to regulate the storage and use of personal information, ensuring that we do not collect personal information irrelevant to the services we provide.

All your accounts are equipped with security protection functions. Please properly keep your account and password information. We will ensure that your information is not lost, abused or altered through backup to other servers, encryption of user passwords and relevant security measures. Notwithstanding the aforementioned security measures, please note that there are no “perfect information security measures”. To assist in preventing security incidents, we have established an early warning mechanism and emergency response plans in accordance with the provisions of laws and regulations. If a security incident does occur, we will promptly notify you of relevant information by email, letter, telephone, push notification and other methods required by law. If it is difficult to notify each personal information subject individually, we will issue a public announcement in a reasonable and effective manner. Meanwhile, we will take the initiative to report the handling of personal information security incidents in accordance with the requirements of regulatory authorities and closely cooperate with government agencies.

When our products or services cease operations, we will promptly cease further collection of personal information. We will attempt to notify you of the aforementioned changes via push notifications, public announcements and other relevant forms, and delete or anonymize your personal information within a reasonable period.

4. How You Manage Your Personal Information

We attach great importance to and endeavor to protect your rights related to your own personal information.

4.1 Independent Decision on Receiving Information

Content will be displayed based on account information you voluntarily choose to follow in the follow section, and you may independently choose to follow or unfollow accounts as needed.

4.2 Access, Obtain, Correct and Delete Personal Information Copies

Through the design of the interactive interface, we provide you with channels to independently access, obtain, correct and delete relevant personal information. You may make settings through the following methods:

Access, obtain and correct your personal data including mobile phone number and noshID, and delete account information via [Settings - Account and Security].

In addition to the above, we will take the initiative to delete your personal information under any of the following circumstances, and you also have the right to request us to delete it:

The processing purpose has been achieved, cannot be achieved, or is no longer necessary for achieving the processing purpose;
We have ceased providing products or services, or the storage period has expired;
You have explicitly withdrawn your consent;
You have sufficient reasons to believe that we have processed your personal information in violation of laws, administrative regulations or agreements;
Other circumstances prescribed by laws and administrative regulations.

4.3 Change or Withdraw Authorization Scope

You may change or withdraw your authorization for device permissions through the operating system of the device itself. Functions may vary across different device models. We will collect personal information in accordance with your settings for changing or withdrawing authorization. If you withdraw authorization, we will no longer collect information related to such permissions; however, please note that this may result in the unavailability of part or all functions. Meanwhile, your decision to change or withdraw authorization will not affect our processing of personal information previously conducted based on your authorization.

4.4 Conditional Right to Personal Information Portability

If you need to transfer your personal information to other platforms, enterprises or organizations, you may contact us through the contact methods disclosed in this Privacy Policy. We will review your request, and provide you with channels to transfer corresponding personal information when the conditions prescribed by China's cyberspace authorities are met.

4.5 Exercise of Rights by Close Relatives

Subject to compliance with relevant legal requirements, your close relatives may exercise the above rights including access, copy, correction and deletion of your relevant personal information, unless you have made other arrangements.

4.6 Contact Us for Management

For security and identity verification purposes, you may not be able to directly access, correct or delete certain information through nosh's interactive interface. If you truly need to access, modify or legally request deletion of such information, please send your questions to the designated contact email address in accordance with the contact methods provided in Article 10 of this Policy. We will review the relevant issues as soon as possible and respond promptly after verifying your user identity.

5. How You Deactivate Your Account

You may deactivate your account via [Homepage - Calendar - Settings - Account and Security - Delete Account]. We will process your request as soon as possible within seven working days after receiving your deactivation application and verifying your user identity. After account deactivation, your personal information will be removed from nosh, except for personal information that we are required by law to retain.

6. Special Notes on Products and/or Services Provided by Third Parties

nosh may include third-party products and/or services or links to information and/or services provided by third parties. Before using such third-party products and/or services, you need to redirect to the corresponding mini-program or third-party page. Your use of such third-party services, including any personal information you provide to such third parties, shall be governed by the service terms and privacy policies of such third parties, not this Policy. You need to carefully read their terms and decide whether to accept them on your own. Please properly protect your personal information and only provide it to others when necessary. This Policy only applies to information we collect, store, use, share and disclose, and does not apply to any services provided by third parties or third-party rules on information use. Third parties shall be solely responsible for their acts when using your information.

7. How We Use Cookies and Similar Technologies

If you accept cookies, nosh will set or access cookies on your computer and relevant mobile devices so that you can log in to or use nosh services that rely on cookies. The use of cookies by nosh can provide you with more considerate services, including promotional services.
You have the right to choose to accept or reject cookies. You may set to reject cookies by modifying browser settings or settings on your mobile device. However, if you choose to reject cookies, you may be unable to log in to or use nosh services that rely on cookies.
Relevant information obtained through cookies set by nosh shall be subject to this Policy.

8. Protection of Minors

If you are a minor, please ask your guardian to read this Policy together with you, and seek guidance from your guardian before using our products and services or submitting personal information. If you are under the age of fourteen, please use our products and services and submit personal information only after obtaining the explicit consent of your guardian.
We attach importance to the protection of minors' personal information. Minor users are requested to enhance personal protection awareness and act cautiously when filling in personal information, and use nosh services correctly under the guidance of their guardians.
We will protect the confidentiality and security of minor users' information in accordance with applicable laws and regulations and the provisions of this Policy. Meanwhile, we have established strict rules on the collection and use of minors' information to protect the security of minors' personal information. You may learn more specific content by reading the nosh Children/Adolescents Personal Information Protection Rules. If you are the guardian of a minor and have any questions regarding the use of our services by the minor under your guardianship or the user information they provide to us, please contact us promptly through the contact methods provided in this Policy.

9. How We Update the Privacy Policy

To provide you with better services, we will update the terms of this Policy in accordance with product updates and relevant requirements of laws and regulations, and such updates shall form part of this Policy. We will not reduce the rights you are entitled to under the currently effective Policy without your explicit consent.
In the event of an update to this Policy, we will notify you via nosh client push notifications or other reasonable methods so that you can promptly learn about the latest version of this Policy.

10. How to Contact Us

If you have any complaints, suggestions or questions regarding personal information protection, or any questions regarding this Policy, you may contact us through the following methods. We will review the relevant issues as soon as possible and respond within fifteen working days after verifying your user identity: noshAppHQ@gmail.com

11. Miscellaneous

Any dispute arising out of this Policy or our processing of your personal information may be submitted to the People's Court of Huangpu District, Shanghai for litigation.
If you believe that our personal information processing activities have infringed upon your legitimate rights and interests, you may also report the matter to relevant government authorities.

In the event of any inconsistency between the English version and the Chinese version of this Agreement, the Chinese version shall prevail.