Skip to content
Legal · Privacy

Privacy
policy.

Plain-English summary of what OhOats collects, why, and how to take it back. We collect as little as possible and never sell what’s on your shelf.

Last updated ·

01The short version

  • We collect the minimum needed to make OhOats work for you.
  • Grocery and fridge photos are processed on your device wherever possible.
  • Household sync is end-to-end encrypted between members.
  • We don’t sell your data. We don’t run third-party ad trackers.
  • You can export or delete everything from inside the app at any time.

02What we collect

Account

Email address, display name, password hash. If you sign in with Apple or Google, we receive the identifier and email they share — nothing else.

Pantry & recipes

Items you add (manually, by snap, or by photo), the recipes you save and cook, your taste preferences and household members.

Camera & photos

When you snap groceries or open the fridge, the image is analyzed on your device when your hardware supports it. If a cloud step is needed, the image is sent over TLS, processed, and discarded — never stored beyond the request.

Diagnostics

Crash reports and anonymous usage counters (no advertising IDs, no cross-app tracking). You can turn this off in Settings.

03How we use it

  • To run your pantry, weekly menu and grocery list.
  • To keep your household in sync across devices.
  • To improve the app — bug fixes, performance, accuracy of detection.
  • To answer support emails when you write to us.

That’s the whole list. No advertising, no profiling, no data brokers.

04Sharing & processors

OhOats uses a small number of vetted processors:

  • Cloud hosting — to run the sync layer and APIs.
  • Crash reporting — to catch and fix what breaks.
  • Email — to reply when you write to support.

None of them receive your photos or pantry contents for their own use. We sign data-processing agreements with each.

05Storage & retention

Account and pantry data lives on encrypted servers in the EU. Backups are encrypted at rest. We keep your data while your account is active. When you delete the account, everything is removed within thirty days, except where law requires otherwise.

06Your rights

You can, at any time:

  • Export everything as a single archive.
  • Delete your account and all linked data.
  • Correct anything that looks wrong.
  • Withdraw consent for diagnostics.
  • Lodge a complaint with your local data-protection authority.

For EU/UK residents these are GDPR rights. For California residents these are CCPA rights. For everyone else, we apply the same standard.

07Children

OhOats is not directed at children under 13. If you believe a child has created an account, write to us and we will remove it.

08Changes

If we change this policy in a meaningful way, we’ll tell you in the app and over email before it takes effect. Small editorial fixes — typos, phrasing — happen quietly with a new “last updated” date.

09Contact

Privacy questions, deletion requests, or anything else: hello@ohoats.com. We answer within five working days.

This document is provided as a clear, plain-language summary. For binding legal text, see your jurisdiction’s data-protection law and the full processor list available on request.