Encrypted Sessions

Last Updated: April 29, 2026

Nutrition guidance can get personal quickly. This page explains—in plain language—how Nucurate keeps sessions secure, why Face ID is part of that story, and what you should expect when you use chat, Smart Routines, and Smart Planner.

1. Face ID and your secure session

We use Face ID (or the equivalent biometric sign-in on your device) for a simple reason: we need to know it is really you, on your own device, before we open a sensitive guidance session. That is safer than relying on taps alone.

What happens when you verify

When you confirm with Face ID, your device proves you are present. That step allows the app to create a session token—a short-lived credential that authorizes access for that session. Your face is not re-sent with every message; the token represents “this user already verified on this device,” so the experience stays smooth while staying locked to you.

One moment when you start a chat

Face ID is requested when you initiate a secured chat—the moment you start the chat flow that needs a verified session. You do that once to open the session, not again for every new chat or every reply while the session remains active.

The same session carries into Smart Routines and Smart Planner

After that single verification, your session continues across related features. Smart Routines and Smart Planner use the same authorized session, so you are not asked to verify again just because you switched tools inside the app.

When you will be asked again

For your safety, a session does not last forever. If you fully close the app or the session reaches its time limit, the next time you start a secured chat you will verify again. That is intentional: it keeps access tied to a fresh “yes, it is still me” moment on your device.

Fewer prompts, on purpose

We took extra care to avoid excessive Face ID prompts. Once a session is started, you should not see Face ID before every chat or every screen—only at the start of a new secured session when the app needs to confirm you again.

Exact timing and labels may vary slightly by platform and app version. This page describes the experience we intend, not a low-level technical specification.

2. What “encrypted session” means here

A session is the period when you are actively using Nucurate with an authorized token—for example, chat guidance, Smart Routines, or Smart Planner. “Encrypted” refers to protections on data in transit and to how we design processing so sensitive context is not handled casually.

This document is descriptive, not a cryptographic specification. Implementation details may evolve as the product matures.

3. Data in transit

We use modern transport security between your device and our services so session payloads are not sent in clear text over the public internet. You should keep your device OS and browser or app build reasonably up to date so those protections remain effective.

4. Nitro Lattice and protected workflows

Nucurate markets Nitro Lattice Protection as part of our security story: encrypted transport and secure processing paths for sensitive guidance workflows. Features described on the marketing site reflect product direction; availability and exact behavior may vary by platform, region, and release channel.

Marketing language is not a warranty of a specific threat model. No software can guarantee perfect confidentiality or immunity from attack.

5. Homomorphic encryption (plain English)

Homomorphic encryption is a family of techniques that allow certain operations to be prepared or performed on ciphertext so that sensitive payloads are less exposed during parts of a processing pipeline. Where Nucurate references homomorphic encryption, it is describing a privacy-oriented engineering approach—not a claim that every field or every workflow is homomorphically encrypted end to end unless we say so explicitly in product documentation.

6. What you control

  • Account credentials, device passcodes, and Face ID or other biometric settings on your hardware.
  • Whether you share screenshots, exports, or session details outside Nucurate.
  • Browser or OS privacy settings that affect cookies, analytics, and notifications.

7. Logging, reliability, and abuse prevention

Like most cloud services, we may generate technical logs needed to operate the platform, fix defects, measure reliability, and investigate abuse. We aim to minimize sensitive content in logs and to apply retention limits consistent with our Privacy Policy.

8. Relationship to other policies

This page supplements the Privacy Policy and Terms of Service. If anything here conflicts with a binding agreement or a more specific product notice, the more specific document governs.

9. Changes

We may update this page as our architecture and regulatory expectations evolve. Material changes will be reflected in the “Last Updated” date at the top.

10. Contact

For security or encryption questions, contact security@nucurate.com.

For privacy requests, contact privacy@nucurate.com.