Privacy

Last updated 2026-07-05 · Draft pending legal review

Litmus exists to give you clarity about your supplements, and that promise extends to how we treat your data. The short version: we collect only what the product needs, we sell nothing, we show no ads, and everything you give us leaves with you if you go. Litmus is made by Nomorro; questions go to hello@nomorro.com.

What the app collects

Apple Health

The Apple Health connection is write-only. With your permission, Litmus saves the supplement doses you log into Apple Health as nutrition records, so your record lives in your ecosystem, not our silo. Litmus does not request permission to read anything from Apple Health, and no data from Apple Health ever flows to our servers. What syncs is shown transparently in the app (Profile → Apple Health), and you can revoke access any time in iOS Settings.

What we never do

Who processes your data for us

Litmus runs on a small set of processors, each used only to provide the product: AWS (hosting, database, file storage, and AI processing via Bedrock, all in our environment), Apple and Google (sign-in), and RevenueCat (subscription management). This website uses PostHog for basic usage analytics (pages viewed, buttons clicked); the iOS app does not.

Retention and deletion

Your data is kept while your account exists. Deleting your account (Profile → Delete Account) immediately and permanently deletes your database records - profile, stacks, logs, check-ins, notes, and Ask Litmus conversations - removes your sign-in identity, and deletes the label photos and export files you generated from storage. Anything that cannot be removed in the moment is caught by storage that automatically expires objects within 180 days.

Your data is portable

You can export your data from the app (Profile → Export my data) as a machine-readable file, and doses write to Apple Health so your history lives in an open ecosystem. A user who leaves loses nothing they created.

Security and breach notification

Your data is encrypted in transit and at rest. As a consumer health app we follow the FTC Health Breach Notification Rule: if identifiable health information is ever acquired or disclosed without your authorization, we will notify you without unreasonable delay and within 60 days of discovery, by email (or by first-class mail on request), and notify the FTC as the rule requires.

Children

Litmus is not directed at children under 13, and we do not knowingly collect their data.

What we collect on this website

Changes and contact

If this policy changes materially we will say so plainly, on this page, with the date above updated. Questions, or requests about your data: hello@nomorro.com.