Privacy Policy | HeyOakley

Hey Oakley (“we,” “our,” or “us”) is a nutrition logging and goal-setting app designed to make daily food, water, weight, and activity tracking simple and enjoyable. Your privacy matters to us, and we want to be upfront and clear about what information we collect, why we collect it, and how we protect it.

This Privacy Policy (“Policy”) applies to the Hey Oakley mobile application available on the Apple App Store and Google Play Store, any associated website, and all related services we provide (collectively, the “Services”). This Policy forms part of our Terms and Conditions. By using Hey Oakley, you agree to the practices described here.

If anything is unclear, please contact us at team@heyoakley.app.

What do we collect? Account info, the meals/weight/activity you log, your nutrition goals and preferences, device and usage data, and information from connected health platforms. See Section 1.

How do we use it? To run the app, personalize your targets, track your achievements, serve and measure ads on the free plan, conduct anonymized research and product improvements, and send you personalized year-in-review summaries and trend insights. See Section 2.

Do we sell your data? No. We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. See Section 3.

Do we show ads? Yes. Free-plan users see ads, including personalized ads. Premium subscribers enjoy an ad-free experience. See Section 5.

What are my rights? You can access, correct, delete, export, and control your data. See Section 9.

1. What Information We Collect

1.1 Information You Provide Directly

Account information. Your email address, display name, and password when you create an account.

Profile and goal information. Your current weight, target weight, height, age, sex, activity level, and your chosen goal direction (lose, maintain, or gain). We use this to calculate personalized calorie and macro targets for you.

Food and Activity Diary Data. The meals, drinks, snacks, water intake, weight check-ins, workouts, and notes you enter through typing, voice dictation, or barcode scanning. This includes information about your dietary habits, calorie counts, macro breakdowns, body measurements (such as height, weight, and BMI), and any observations or reflections you add in notes. Food and Activity Diary Data may be considered sensitive personal information under certain privacy laws because it can indicate or allow someone to infer a health condition.

Nutrition preferences. Your selected eating style (classic balanced, keto, high-protein, or other presets), custom calorie targets, macro percentages (carbs, fats, protein), and daily water goals.

Photos and images. If we introduce food photo recognition features in the future, photos you choose to submit for nutritional analysis. We will update this Policy and notify you before launching any photo-based features. Photos submitted for food recognition will be used only to provide the nutritional estimate and to improve the accuracy of our AI models (in anonymized, aggregated form). We will not use your food photos for advertising, and they will not be shared with third parties for marketing purposes.

Communications. Any information you provide when you contact our support team, respond to surveys, provide feedback, or communicate with us through email or in-app channels.

Referral and invite information. If you use our referral or invite features to share trial access with friends, we may collect the name and email address of the person you refer, solely to send the invitation and track the referral. We will not use referred individuals’ contact information for any other purpose unless they create their own account.

Payment information. If you subscribe to Hey Oakley Premium, your payment is processed by Apple’s App Store or Google Play Store (“App Providers”). We do not directly collect, store, or have access to your credit card number, bank account details, or other financial account information.

1.2 Information Collected Automatically

Device and technical information. Your device type, manufacturer, model, operating system and version, app version, language and locale settings, time zone, general device identifiers, and IP address.

Usage information. Which features you use, how often you log, interaction patterns (such as whether you use voice logging, barcode scanning, or text entry), session duration, screens viewed, and general navigation behavior.

Advertising identifiers. Your mobile advertising identifier (such as Apple’s IDFA or Google’s Advertising ID), which may be used by our advertising partners to serve personalized ads on the free plan. You can reset or limit these identifiers through your device settings.

Crash and performance data. Diagnostic data including crash logs, error reports, and performance metrics to identify and fix bugs. This data is typically anonymized or aggregated.

Log data. Server logs that may include your IP address, access times, app features accessed, and other system activity for security monitoring and service reliability.

1.3 Tracking Technologies (SDKs, Cookies, and Similar Tools)

We and our service providers use software development kits (SDKs), analytics tools, pixels, cookies (on any associated web properties), and similar technologies to collect usage, device, and advertising data. These tools help us operate the app, understand performance, measure feature effectiveness, serve and optimize ads, and improve your experience.

We use tracking technologies for the following purposes:

Required and functional. To make the app work correctly, maintain security, prevent fraud, and remember your preferences.
Analytics. To understand how users interact with the app, measure feature usage, identify performance issues, and support product improvement research.
Advertising. To deliver, measure, and optimize ads shown to free-plan users. Advertising SDKs and partners may collect device information, advertising identifiers, and usage data to serve relevant ads. See Section 5 for details and your choices.

1.4 Information from Third-Party Sources

Apple HealthKit. If you grant permission, we may read and write health and fitness data (such as weight, active calories, workouts, and related metrics) through Apple HealthKit. Information received from HealthKit is used solely to provide and improve the core app experience. It is not used by Hey Oakley for advertising or marketing, and is not shared with third parties for advertising or marketing purposes. HealthKit data is governed by Apple’s Terms and Conditions and Privacy Policy.

Google Health Connect. If you grant permission, we may read and write health and fitness data through Google Health Connect. Information received from Health Connect is used solely to provide and improve the core app experience. It is not used by Hey Oakley for advertising or marketing, and is not shared with third parties for advertising or marketing purposes. Health Connect data is governed by Android’s Terms and Conditions and Privacy Policy.

Food and nutrition databases. We use publicly available food databases, including the USDA FoodData Central database and the Open Food Facts database, to provide nutritional information for foods you log or scan. Information from these databases is combined with our own data and AI processing to generate nutritional estimates.

Analytics and advertising partners. Our advertising and analytics partners may provide us with information about how ads perform, general demographic and interest data, and information about your interactions with advertisements.

We will always ask for your explicit permission before accessing any data from Apple HealthKit or Google Health Connect.

1.5 Aggregated, De-identified, and Anonymized Information

We may aggregate, de-identify, or anonymize information so that it can no longer be used to identify you. We use and may disclose de-identified and anonymized information for product improvement, research, trend analysis, and other lawful purposes. Once information has been de-identified, we will maintain and use it in de-identified form and will not attempt to re-identify it, except as required or permitted by law.

2. How We Use Your Information

To provide and operate the core app experience. Calculating your personalized nutrition plan, processing your daily log entries (whether typed, dictated via voice, or scanned via barcode), displaying your progress on the dashboard, powering AI-assisted food recognition and nutritional estimation, and syncing your data across your devices.

To personalize your targets and recommendations. Using your profile data to generate calorie, macro, and water recommendations tailored to you, including adjusting recommendations over time based on your logged data and progress.

To support achievements and motivation. Tracking your logging streaks, hydration consistency, macro adherence, weight check-in consistency, and other milestones so we can award badges and achievements.

To deliver personalized insights and summaries. Using your diary data to generate trend analysis, progress reports, and personalized year-in-review summaries that help you understand your patterns over time. These features use your data solely to benefit you and are not shared with third parties in identifiable form.

To serve and measure advertising. For free-plan users, we use device information, advertising identifiers, and general usage data to serve ads (including personalized ads) within the app and measure ad performance. Premium subscribers do not see ads. See Section 5.

To improve the app and conduct research. Understanding usage patterns, identifying bugs, and making the experience better for everyone. We use aggregated and anonymized data for product research and development, including training and improving our AI and machine learning food recognition and nutritional estimation systems.

To communicate with you. Sending important account-related messages, app update notifications, and (with your consent) optional motivational reminders, tips, and promotional communications.

To process payments. Facilitating subscription billing through the Apple App Store or Google Play Store.

To support referrals and invitations. Processing referral invitations, tracking invite redemptions, and managing referral rewards or affiliate program credits.

To maintain security and prevent fraud. Monitoring for unauthorized access, detecting fraudulent activity, and protecting the security of our systems and your account.

To comply with legal obligations. Responding to legally valid requests from law enforcement or regulatory authorities and complying with applicable laws.

To support business operations. Conducting financial, tax, and accounting functions, and evaluating potential business transactions such as mergers or acquisitions.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes.

Service providers. Trusted third-party companies that help us operate the app, including cloud hosting, AI and machine learning services, analytics platforms, crash reporting, customer support tools, and email delivery services. These providers access your data only as needed and are contractually required to protect it.

Food and nutrition data providers. We integrate with the USDA FoodData Central database and Open Food Facts. Barcode and food queries sent to these databases do not include your personal identity.

Advertising partners. For free-plan users, we share device information, advertising identifiers, and general usage data with advertising partners to deliver, measure, and optimize ads. We do not share your Food and Activity Diary Data, weight entries, health data, or HealthKit/Health Connect data with advertising partners.

Analytics providers. We share device and usage information with analytics providers to understand how the app is used and improve the product.

Payment platforms. When you subscribe to Premium, your payment is processed by Apple or Google. We do not see or store your full payment details.

Legal requirements. We may share information if required by law, regulation, subpoena, court order, or enforceable government request.

Safety and rights protection. We may share information to protect the rights, property, or safety of Hey Oakley, our users, or the public, and to detect, prevent, or investigate fraud or security issues.

Business transfers. If Hey Oakley is acquired, merged with another company, or has its assets transferred, your information may be among the assets transferred. We will notify you before your data becomes subject to a materially different privacy policy.

Referral recipients. If you use our invite or referral features, we will share your name or display name with the person you are inviting.

With your consent. We may share information in other ways if you specifically direct us to or give us clear permission.

Important note for California and other US state residents: While Hey Oakley does not expressly “sell” your information, certain uses of advertising SDKs and tracking technologies to collect, use, and share information for targeted advertising purposes may constitute a “sale” or “sharing” of personal information under some state privacy laws (such as the California Consumer Privacy Act). See Section 5 and Section 9 for details and your choices.

4. Health and Nutrition Data

We understand that your food logs, weight entries, nutrition goals, and health metrics are sensitive and personal. We treat this data with extra care:

Your daily logs, weight history, and nutrition preferences are used to deliver the app’s core features, generate your personalized insights and trend analysis, and produce your year-in-review summaries.
We do not share your individual, identifiable Food and Activity Diary Data with advertisers or data brokers. Advertising partners receive only device identifiers, general usage data, and demographic information — never your specific food logs, weight entries, or health data.
Data received from Apple HealthKit or Google Health Connect is used solely for app functionality. It is never used for advertising or marketing, and is never shared with third parties for advertising or marketing purposes.
Aggregated and fully anonymized data (with no way to identify you) may be used to improve our food recognition accuracy, nutritional estimation models, default recommendations, and product features.
Your diary data may be used to generate personalized features for you, such as year-in-review summaries, trend reports, and progress insights. Your identifiable data is not shared with third parties for these purposes.
If you delete your account, your personal health and nutrition data will be deleted in accordance with Section 7.

5. Advertising, Marketing, and Your Choices

5.1 Advertising on the Free Plan

Hey Oakley offers a free plan that is supported by advertising. If you use the free plan, you will see ads within the app, including ads displayed after log entries and at other points during your experience. Some of these ads may be personalized based on information collected about you.

5.2 How Personalized Advertising Works

We and our advertising partners may use your device information, advertising identifiers (such as Apple’s IDFA or Google’s Advertising ID), general usage patterns, and demographic information to serve ads that are more relevant to your interests. This is sometimes called “targeted advertising” or “interest-based advertising.”

We do not use your Food and Activity Diary Data, weight entries, HealthKit data, Health Connect data, or specific health information to target ads. Advertising personalization is based on device-level identifiers and general behavioral signals, not your nutrition logs.

5.3 Premium: Ad-Free Experience

Hey Oakley Premium subscribers enjoy an ad-free experience. Upgrading to Premium is the simplest way to eliminate ads entirely.

5.4 Managing Your Advertising Preferences

On iOS: Go to Settings > Privacy & Security > Tracking, and turn off “Allow Apps to Request to Track.” You can also reset your Advertising Identifier in Settings > Privacy & Security > Apple Advertising.
On Android: Go to Settings > Privacy > Ads, and select “Opt out of Ads Personalization” or “Delete advertising ID.”
Industry opt-out tools: Visit the Network Advertising Initiative, the Digital Advertising Alliance, or the European Interactive Digital Advertising Alliance.

Opting out of personalized ads does not remove ads from the free plan. You will still see ads, but they may be less relevant to your interests.

5.5 Marketing Communications

With your consent (where required by law), we may send you promotional emails, push notifications, or in-app messages about Hey Oakley features, tips, or offerings. You can manage these at any time:

Email: Unsubscribe using the link at the bottom of any promotional email.
Push notifications: Turn off in your device settings or in the Hey Oakley app settings.
In-app messages: Adjust communication preferences in the Hey Oakley app settings.

6. Data Storage and Security

We store your data using industry-standard cloud infrastructure with encryption in transit (TLS/SSL) and at rest. We implement reasonable technical, organizational, and administrative safeguards designed to protect your information against unauthorized access, loss, misuse, disclosure, alteration, and destruction.

Our security measures include access controls, regular security assessments, and monitoring for unauthorized activity. We require our service providers to maintain appropriate security measures as well.

No method of electronic transmission or storage is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security. We encourage you to use a strong, unique password, keep your device software up to date, and notify us immediately at team@heyoakley.app if you suspect unauthorized access.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services, unless a longer retention period is required or permitted by law.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it; whether we can achieve those purposes through other means; and applicable legal requirements.

If you delete your account, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain certain information longer. Some information may persist in encrypted backups for a limited period after deletion, but it will not be actively used or accessible.

Anonymized and aggregated data that cannot be linked back to you may be retained indefinitely for product improvement, research, and trend analysis.

If we de-identify information, we will maintain and use it in de-identified form and will not attempt to re-identify it, except as required or permitted by law.

8. International Data Transfers

Hey Oakley is operated by Hey Oakley, LTD, based in the United States. Our servers and service providers are located in the United States and may be located in other countries. If you use the app from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country of residence. When we transfer your personal information internationally, we do so in accordance with applicable law and implement appropriate safeguards, including standard contractual clauses approved by the European Commission or other recognized mechanisms.

By using Hey Oakley, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Policy.

9. Your Rights and Choices

9.1 Rights Available to All Users

Access and portability. Request a copy of the personal data we hold about you in a portable, commonly used format.
Correction. Update or correct your profile information directly in the app. For corrections to other data, contact us.
Deletion. Delete your account in the app or by contacting us. We will delete your personal data within 30 days, subject to legal retention requirements.
Opt out of marketing. Unsubscribe from promotional emails, turn off push notifications, and manage communication preferences in the app.
Withdraw consent. Where we rely on your consent (such as for marketing or HealthKit access), withdraw it at any time through the app or device settings.
Manage advertising preferences. Limit personalized advertising through your device settings as described in Section 5.

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know. Request disclosure of the categories and specific pieces of personal information we collected, the sources, the business purposes, and the categories of third parties with whom we shared it.
Right to delete. Request deletion of your personal information, subject to certain legal exceptions.
Right to correct. Request that we correct inaccurate personal information.
Right to opt out of “sale” or “sharing.” Certain uses of advertising technologies in our free plan may constitute a “sale” or “sharing” under the CCPA. Opt out by adjusting your device’s advertising settings, contacting us at team@heyoakley.app, or using any in-app privacy controls we make available.
Right to limit use of sensitive personal information. Request that we limit use of sensitive personal information to only what is necessary to provide the Services.
Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.
Right to appeal. Appeal a decision on a privacy request by contacting us at team@heyoakley.app with “APPEAL” in the subject line.

The following table summarizes the categories of personal information we collect, consistent with CCPA disclosure requirements:

Category	Examples	Sources & Sharing
Personal identifiers	Name, email, IP address, device identifiers, advertising ID	From you directly and automatically. Shared with service providers, analytics providers, and advertising partners.
Health and biometric data	Food logs, weight, activity, body measurements, HealthKit/Health Connect data	From you directly and from connected platforms. Shared with service providers only. Not shared with advertisers.
Commercial information	Subscription history, payment status	From App Providers. Shared with payment processors and service providers.
Usage and device data	App interactions, feature usage, session data, crash logs	Collected automatically. Shared with analytics providers and service providers.
Geolocation (general)	Country, region, or city inferred from IP address	Collected automatically. Shared with analytics providers.
Inferences	Nutrition trends, adherence patterns, goal progress	Generated internally. Used for personalized features. Not shared externally in identifiable form.

9.3 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, the following applies under the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection.

Data Controller. The controller of your personal data is Hey Oakley, LTD, 752 North State Street #104, Westerville, OH 43082, United States. Contact: team@heyoakley.app.

EEA Representative. In accordance with Article 27 of the GDPR, we are in the process of appointing a designated representative in the European Economic Area. We will update this section with the representative’s name, address, and contact information once the appointment is confirmed. In the meantime, you may direct any data protection inquiries to our primary contact at team@heyoakley.app.

Legal Bases for Processing:

Processing Activity	Legal Basis
Account management; core features (logging, dashboard, scanning, voice)	Performance of contract (Art. 6(1)(b))
Personalized calorie and macro targets	Performance of contract (Art. 6(1)(b))
Processing Food and Activity Diary Data, including AI food recognition	Performance of contract (Art. 6(1)(b)); Explicit consent (Art. 9(2)(a)) where data constitutes health data
Apple HealthKit / Google Health Connect integration	Explicit consent (Art. 6(1)(a) and Art. 9(2)(a))
Year-in-review summaries, trend analysis, progress insights	Performance of contract (Art. 6(1)(b)); Explicit consent (Art. 9(2)(a)) where health data is involved
Badges and achievement tracking	Performance of contract (Art. 6(1)(b))
Subscription payments via Apple/Google	Performance of contract (Art. 6(1)(b))
Personalized advertising on the free plan	Consent (Art. 6(1)(a))
Analytics and product improvement (anonymized data)	Legitimate interests (Art. 6(1)(f))
AI model training and improvement	Legitimate interests (Art. 6(1)(f)) using anonymized data; Explicit consent (Art. 9(2)(a)) if identifiable health data is processed
Promotional emails and feature announcements	Consent (Art. 6(1)(a))
Transactional communications (password resets, billing, policy updates)	Performance of contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Security, fraud prevention, Terms enforcement	Legitimate interests (Art. 6(1)(f))
Legal compliance (tax, regulatory, law enforcement)	Legal obligation (Art. 6(1)(c))
Referral invitations and affiliate program	Legitimate interests (Art. 6(1)(f)) and consent of the referred individual

Automated Decision-Making. Hey Oakley uses AI and machine learning to process your food entries and generate nutritional estimates. These automated processes assist you in tracking — they do not produce legal or similarly significant effects on you. You can always review, edit, and override any AI-generated estimate. Contact us at team@heyoakley.app with concerns about automated processing.

Your GDPR Rights:

Right of access (Art. 15) — confirm whether we process your data and obtain a copy.
Right to rectification (Art. 16) — have inaccurate data corrected.
Right to erasure (Art. 17) — request deletion, subject to certain exceptions.
Right to restriction of processing (Art. 18) — restrict processing in certain circumstances.
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interests.
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
Right to lodge a complaint — with your local data protection supervisory authority.

International Transfers. Your data may be transferred to the United States. We implement appropriate safeguards, including standard contractual clauses approved by the European Commission. Contact us for a copy of these safeguards.

Data Provision. You are not obligated to provide your personal data. However, refusing to provide certain information may limit our ability to deliver some or all of the Services.

French Residents — Digital Legacy. If you are located in France, you have the right to set out instructions regarding what happens to your personal data after your death. Contact team@heyoakley.app to set or update these instructions.

9.4 Additional Rights for Other Jurisdictions

Residents of Washington state (My Health My Data Act), Colorado, Connecticut, Virginia, Brazil (LGPD), Canada (PIPEDA), South Korea (PIPA), and other jurisdictions may have additional privacy rights. Contact team@heyoakley.app and we will respond in accordance with applicable law.

9.5 How to Exercise Your Rights

Contact us at team@heyoakley.app. Include enough information for us to verify your identity and specify which rights you are exercising. We will respond within the timeframe required by applicable law (typically 30–45 days).

Where legally permitted, you may submit requests through an authorized agent. We will need to verify the agent’s identity and your authorization.

10. Children’s Privacy

Hey Oakley is not intended for children under 13 (or the applicable minimum age in your country, such as 16 in certain EU member states). We do not knowingly collect personal information from children under the applicable minimum age. We implement technical measures to prevent individuals under the minimum age from creating an account.

If we learn that we have collected data from a child under the applicable minimum age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at team@heyoakley.app.

11. Third-Party Links and Services

The app may contain links to third-party websites or services, such as nutrition resources, the USDA FoodData Central website, Open Food Facts, our social media pages, or advertising content. These services have their own terms and privacy policies, and we are not responsible for their practices.

Your interactions with third-party advertisements displayed in the app are governed by the advertiser’s terms and privacy policy, not ours.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as we add features, as our practices evolve, or as laws change. When we make material changes, we will notify you through the app (such as an in-app banner or prompt), by email, or both, before the changes take effect. The “Effective Date” at the top will always reflect the most recent version.

Your continued use of Hey Oakley after an updated Policy takes effect means you accept the changes. If you do not agree, you can stop using the app and delete your account.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Hey Oakley, LTD
ATTN: Privacy / Legal
752 North State Street #104
Westerville, OH 43082
United States

Email: team@heyoakley.app

We are committed to addressing your concerns and will do our best to resolve any issues promptly. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

↑ Back to top