Privacy Policy

HeyOakley (“we,” “our,” or “us”) is a nutrition logging and goal-setting app designed to make daily food, water, weight, and activity tracking simple and enjoyable. Your privacy matters to us, and we want to be upfront and clear about what information we collect, why we collect it, and how we protect it.

This Privacy Policy (“Policy”) applies to the HeyOakley mobile application available on the Apple App Store and Google Play Store, any associated website, and all related services we provide (collectively, the “Services”). This Policy forms part of our Terms and Conditions. By using HeyOakley, you agree to the practices described here.

If anything is unclear, please contact us at team@heyoakley.app.

1. What Information We Collect

1.1 Information You Provide Directly

Account information. Your email address, display name, and password when you create an account.

Profile and goal information. Your current weight, target weight, height, age, sex, activity level, and your chosen goal direction (lose, maintain, or gain). We use this to calculate personalized calorie and macro targets for you.

Food and Activity Diary Data. The meals, drinks, snacks, water intake, weight check-ins, workouts, and notes you enter through typing, voice dictation, or barcode scanning. This includes information about your dietary habits, calorie counts, macro breakdowns, body measurements (such as height, weight, and BMI), and any observations or reflections you add in notes. Food and Activity Diary Data may be considered sensitive personal information under certain privacy laws because it can indicate or allow someone to infer a health condition.

Nutrition preferences. Your selected eating style (classic balanced, keto, high-protein, or other presets), custom calorie targets, macro percentages (carbs, fats, protein), and daily water goals.

Communications. Any information you provide when you contact our support team, respond to surveys, provide feedback, or communicate with us through email or in-app channels.

Referral and invite information. If you use our referral or invite features to share trial access with friends, we may collect the name and email address of the person you refer, solely to send the invitation and track the referral. We will not use referred individuals’ contact information for any other purpose unless they create their own account.

Payment information. If you subscribe to HeyOakley Premium, your payment is processed by Apple’s App Store or Google Play Store (“App Providers”). We do not directly collect, store, or have access to your credit card number, bank account details, or other financial account information.

1.2 Information Collected Automatically

Device and technical information. Your device type, manufacturer, model, operating system and version, app version, language and locale settings, time zone, general device identifiers, and IP address.

Usage information. Which features you use, how often you log, interaction patterns (such as whether you use voice logging, barcode scanning, or text entry), session duration, screens viewed, and general navigation behavior.

Advertising identifiers. Your mobile advertising identifier (such as Apple’s IDFA or Google’s Advertising ID), which may be used by our advertising partners to serve personalized ads on the free plan. You can reset or limit these identifiers through your device settings.

Crash and performance data. Diagnostic data including crash logs, error reports, and performance metrics to identify and fix bugs. This data is typically anonymized or aggregated.

Log data. Server logs that may include your IP address, access times, app features accessed, and other system activity for security monitoring and service reliability.

1.3 Tracking Technologies (SDKs, Cookies, and Similar Tools)

We and our service providers use software development kits (SDKs), analytics tools, pixels, cookies (on any associated web properties), and similar technologies to collect usage, device, and advertising data. These tools help us operate the app, understand performance, measure feature effectiveness, serve and optimize ads, and improve your experience.

We use tracking technologies for the following purposes:

• Required and functional. To make the app work correctly, maintain security, prevent fraud, and remember your preferences.
• Analytics. To understand how users interact with the app, measure feature usage, identify performance issues, and support product improvement research.
• Advertising. To deliver, measure, and optimize ads shown to free-plan users. Advertising SDKs and partners may collect device information, advertising identifiers, and usage data to serve relevant ads. See Section 5 for details and your choices.

1.4 Information from Third-Party Sources

Apple HealthKit. If you grant permission, we may read and write health and fitness data (such as weight, active calories, workouts, and related metrics) through Apple HealthKit. Information received from HealthKit is used solely to provide and improve the core app experience. It is not used by HeyOakley for advertising or marketing, and is not shared with third parties for advertising or marketing purposes. HealthKit data is governed by Apple’s Terms and Conditions and Privacy Policy.

Google Health Connect. If you grant permission, we may read and write health and fitness data through Google Health Connect. Information received from Health Connect is used solely to provide and improve the core app experience. It is not used by HeyOakley for advertising or marketing, and is not shared with third parties for advertising or marketing purposes. Health Connect data is governed by Android’s Terms and Conditions and Privacy Policy.

Food and nutrition databases. We use publicly available food databases, including the USDA FoodData Central database and the Open Food Facts database, to provide nutritional information for foods you log or scan. Information from these databases is combined with our own data and AI processing to generate nutritional estimates.

Analytics and advertising partners. Our advertising and analytics partners may provide us with information about how ads perform, general demographic and interest data, and information about your interactions with advertisements.

We will always ask for your explicit permission before accessing any data from Apple HealthKit or Google Health Connect.

1.5 Aggregated, De-identified, and Anonymized Information

We may aggregate, de-identify, or anonymize information so that it can no longer be used to identify you. We use and may disclose de-identified and anonymized information for product improvement, research, trend analysis, and other lawful purposes. Once information has been de-identified, we will maintain and use it in de-identified form and will not attempt to re-identify it, except as required or permitted by law.

2. How We Use Your Information

To provide and operate the core app experience. Calculating your personalized nutrition plan, processing your daily log entries (whether typed, dictated via voice, or scanned via barcode), displaying your progress on the dashboard, and syncing your data across your devices.

To personalize your targets and recommendations. Using your profile data to generate calorie, macro, and water recommendations tailored to you, including adjusting recommendations over time based on your logged data and progress.

To support achievements and motivation. Tracking your logging streaks, hydration consistency, macro adherence, weight check-in consistency, and other milestones so we can award badges and achievements.

To deliver personalized insights and summaries. Using your diary data to generate trend analysis, progress reports, and, where available, personalized summaries that help you understand your patterns over time. These features use your data solely to benefit you and are not shared with third parties in identifiable form.

To serve and measure advertising. For free-plan users, we use device information, advertising identifiers, and general usage data to serve ads (including personalized ads) within the app and measure ad performance. Premium subscribers do not see ads. See Section 5.

To improve the app and conduct research. Understanding usage patterns, identifying bugs, and making the experience better for everyone. We may use aggregated, de-identified, or anonymized information for product improvement, analytics, research, and development.

To communicate with you. Sending important account-related messages, app update notifications, and (with your consent) optional motivational reminders, tips, and promotional communications.

To process payments. Facilitating subscription billing through the Apple App Store or Google Play Store.

To support referrals and invitations. Processing referral invitations, tracking invite redemptions, and managing referral rewards, if offered.

To maintain security and prevent fraud. Monitoring for unauthorized access, detecting fraudulent activity, and protecting the security of our systems and your account.

To comply with legal obligations. Responding to legally valid requests from law enforcement or regulatory authorities and complying with applicable laws.

To support business operations. Conducting financial, tax, and accounting functions, and evaluating potential business transactions such as mergers or acquisitions.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes.

Service providers. Trusted third-party companies that help us operate the app, including cloud hosting, AI and machine learning services, analytics platforms, crash reporting, customer support tools, and email delivery services. These providers access your data only as needed and are contractually required to protect it.

Food and nutrition data providers. We integrate with the USDA FoodData Central database and Open Food Facts. Barcode and food queries sent to these databases do not include your personal identity.

Advertising partners. For free-plan users, we share device information, advertising identifiers, and general usage data with advertising partners to deliver, measure, and optimize ads. We do not share your Food and Activity Diary Data, weight entries, health data, or HealthKit/Health Connect data with advertising partners.

Analytics providers. We share device and usage information with analytics providers to understand how the app is used and improve the product.

Payment platforms. When you subscribe to Premium, your payment is processed by Apple or Google. We do not see or store your full payment details.

Legal requirements. We may share information if required by law, regulation, subpoena, court order, or enforceable government request.

Safety and rights protection. We may share information to protect the rights, property, or safety of HeyOakley, our users, or the public, and to detect, prevent, or investigate fraud or security issues.

Business transfers. If HeyOakley is acquired, merged with another company, or has its assets transferred, your information may be among the assets transferred. We will notify you before your data becomes subject to a materially different privacy policy.

Referral recipients. If you use our invite or referral features, we will share your name or display name with the person you are inviting.

With your consent. We may share information in other ways if you specifically direct us to or give us clear permission.

4. Health and Nutrition Data

We understand that your food logs, weight entries, nutrition goals, and health metrics are sensitive and personal. We treat this data with extra care:

• Your daily logs, weight history, and nutrition preferences are used to deliver the app’s core features, generate your personalized insights and trend analysis, and produce summaries and insights made available in the app.
• We do not share your individual, identifiable Food and Activity Diary Data with advertisers or data brokers. Advertising partners receive only device identifiers, general usage data, and demographic information — never your specific food logs, weight entries, or health data.
• Data received from Apple HealthKit or Google Health Connect is used solely for app functionality. It is never used for advertising or marketing, and is never shared with third parties for advertising or marketing purposes.
• Aggregated and fully anonymized data (with no way to identify you) may be used to improve our product features, nutritional estimation systems, default recommendations, and analytics.
• Your diary data may be used to generate personalized features for you, such as trend reports, progress insights, and, where available, other summaries. Your identifiable data is not shared with third parties for these purposes.
• If you delete your account, your personal health and nutrition data will be deleted in accordance with Section 7.

5. Advertising, Marketing, and Your Choices

5.1 Advertising on the Free Plan

HeyOakley offers a free plan that is supported by advertising. If you use the free plan, you may see ads within the app. Depending on the advertising services we use, your device settings, permissions, and applicable law, some of these ads may be contextual and some may be personalized.

5.2 How Personalized Advertising Works

We and our advertising partners may use device information, advertising identifiers, and general usage information to support advertising, measurement, fraud prevention, frequency capping, and, where permitted, ad personalization. The exact data used and whether ads are personalized may depend on the advertising services we use, your device settings, permissions, and applicable law.

We do not use your Food and Activity Diary Data, weight entries, HealthKit data, Health Connect data, or other health data to personalize ads.

5.3 Premium: Ad-Free Experience

HeyOakley Premium subscribers enjoy an ad-free experience. Upgrading to Premium is the simplest way to eliminate ads entirely.

5.4 Managing Your Advertising Preferences

• On iOS: You can manage whether apps may request permission to track in Settings. If you do not grant permission where required, personalized advertising and cross-app tracking may be limited. You can also reset your Advertising Identifier in Settings > Privacy & Security > Apple Advertising.
• On Android: Go to Settings > Privacy > Ads, and select “Opt out of Ads Personalization” or “Delete advertising ID.”
• Industry opt-out tools: Visit the Network Advertising Initiative, the Digital Advertising Alliance, or the European Interactive Digital Advertising Alliance.

Opting out of personalized ads does not remove ads from the free plan. You will still see ads, but they may be less relevant to your interests.

5.5 Marketing Communications

With your consent (where required by law), we may send you promotional emails, push notifications, or in-app messages about HeyOakley features, tips, or offerings. You can manage these at any time:

• Email: Unsubscribe using the link at the bottom of any promotional email.
• Push notifications: Turn off in your device settings or in the HeyOakley app settings.
• In-app messages: Adjust communication preferences in the HeyOakley app settings.

6. Data Storage and Security

We store your data using industry-standard cloud infrastructure with encryption in transit (TLS/SSL) and at rest. We implement reasonable technical, organizational, and administrative safeguards designed to protect your information against unauthorized access, loss, misuse, disclosure, alteration, and destruction.

Our security measures include access controls, regular security assessments, and monitoring for unauthorized activity. We require our service providers to maintain appropriate security measures as well.

No method of electronic transmission or storage is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security. We encourage you to use a strong, unique password, keep your device software up to date, and notify us immediately at team@heyoakley.app if you suspect unauthorized access.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services, unless a longer retention period is required or permitted by law.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it; whether we can achieve those purposes through other means; and applicable legal requirements.

If you request deletion of your account, we will process that request in accordance with applicable law and our retention practices. Some information may be deleted immediately, while certain data may be retained for a reasonable period as required or permitted by law, for security and fraud prevention, billing and tax recordkeeping, dispute resolution, enforcement of our agreements, and backup or archival purposes.

Anonymized and aggregated data that cannot be linked back to you may be retained indefinitely for product improvement, research, and trend analysis.

If we de-identify information, we will maintain and use it in de-identified form and will not attempt to re-identify it, except as required or permitted by law.

8. International Data Transfers

HeyOakley is operated by HeyOakley, LTD, based in the United States. Our servers and service providers are located in the United States and may be located in other countries. If you use the app from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country of residence. When we transfer personal information internationally, we do so in accordance with applicable law and use appropriate safeguards where required.

By using HeyOakley, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Policy.

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, such as the right to request access to, correction of, deletion of, or restriction of certain data, or to receive a portable copy of your data.

Self-service options. You can download a copy of your account data or delete your account through:

• Website: our Your Data portal at heyoakley.app/data-privacy, where you sign in securely and choose export or delete;
• Mobile app: Settings > Privacy & data (wording may vary by version), when available in your build; or
• Email: team@heyoakley.app.

We may need to verify your identity before processing certain requests. We will review and respond to requests in accordance with applicable law. Deleting your account does not automatically cancel App Store or Google Play subscriptions—you must cancel billing separately through your App Provider.

Please note that some information may be retained as required or permitted by law, for security and fraud prevention, to complete transactions, to comply with legal obligations, or as part of backup and recordkeeping processes.

The addenda below summarize certain rights and disclosures for California residents and for individuals in the EEA, United Kingdom, and Switzerland. They supplement the general statements above and apply only to the extent required by applicable law.

9.1 Addendum — California residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), may provide you with additional rights regarding your personal information, including the rights to know what we collect and how we use and disclose it, to request deletion or correction, to opt out of certain “sales” or “sharing” of personal information (including for cross-context behavioral advertising, where applicable), to limit certain uses of sensitive personal information, and to not receive discriminatory treatment for exercising these rights.

How to submit requests. You may submit privacy requests through our Your Data portal at heyoakley.app/data-privacy, through in-app privacy settings when available, or by emailing team@heyoakley.app. We may need to verify your identity before responding.

Sales and sharing. We do not sell your personal information for monetary or other valuable consideration in the conventional sense. However, as explained in Section 3 and Section 5, certain uses of advertising and analytics technologies on the free plan may be treated as a “sale” or “sharing” of personal information under the CCPA. You may opt out of such uses by adjusting your device’s advertising and tracking settings (see Section 5), by contacting us, or through any opt-out tools we make available.

Appeals. If we deny your request in whole or in part, you may appeal by contacting us at team@heyoakley.app with “Appeal” in the subject line and describing your request.

Categories of personal information (12-month lookback). The table below summarizes categories of personal information we may collect, as described more fully in Section 1. We retain each category only as long as reasonably necessary for the purposes described in this Policy, subject to Section 7.

We collect and use sensitive personal information only as permitted by the CCPA and this Policy, including to provide the Services as reasonably expected and for other disclosed business purposes.

9.2 Addendum — EEA, United Kingdom, and Switzerland (GDPR)

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the following applies to the extent the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, or the Swiss Federal Act on Data Protection applies to our processing of your personal data.

Controller. The controller of your personal data is HeyOakley, LTD, 752 North State Street #104, Westerville, OH 43082, United States. You may contact us at team@heyoakley.app.

Representative. Where we are required to appoint a representative in the EEA or UK under Article 27 GDPR (or the UK equivalent), we will identify that representative in this Policy. Until then, you may direct data protection inquiries to team@heyoakley.app.

Legal bases. We process personal data only where we have a valid legal basis, which may include: performance of a contract with you (providing the app and core features); your consent (where we ask for it, such as for certain integrations, marketing, or optional analytics or advertising); legitimate interests (such as security, fraud prevention, product improvement using aggregated or de-identified data, and internal analytics), balanced against your rights; and legal obligation (where the law requires processing). Health-related data that qualifies as special category data under Article 9 GDPR is processed only as permitted by law, including where necessary for the provision of health-related services you request, or with your explicit consent where required.

International transfers. Your data may be processed in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland to countries not subject to an adequacy decision, we use appropriate safeguards as required by applicable law (such as standard contractual clauses or other approved mechanisms). You may contact us for more information about these safeguards.

Your rights. Subject to conditions and exceptions in applicable law, you may have the right to: request access to your personal data; request rectification or erasure; request restriction of processing; object to processing based on legitimate interests; request data portability; withdraw consent where processing is based on consent; and lodge a complaint with a supervisory authority in your country of residence.

How to exercise rights. Submit requests through our Your Data portal at heyoakley.app/data-privacy, through in-app privacy settings when available, or by emailing team@heyoakley.app. We may need to verify your identity.

Automated processing. HeyOakley uses automated technologies (including AI-assisted features) to help interpret food entries and produce estimates. These processes support your logging and do not produce legal or similarly significant effects solely by automated means; you can review and correct outputs in the app.

France — digital legacy. If you are in France, you may provide instructions regarding the fate of your personal data after death by contacting team@heyoakley.app.

10. Children’s Privacy

HeyOakley is not intended for children under 13 (or the applicable minimum age in your country, such as 16 in certain EU member states). We do not knowingly collect personal information from children under the applicable minimum age. We implement technical measures to prevent individuals under the minimum age from creating an account.

If we learn that we have collected data from a child under the applicable minimum age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at team@heyoakley.app.

11. Third-Party Links and Services

The app may contain links to third-party websites or services, such as nutrition resources, the USDA FoodData Central website, Open Food Facts, our social media pages, or advertising content. These services have their own terms and privacy policies, and we are not responsible for their practices.

Your interactions with third-party advertisements displayed in the app are governed by the advertiser’s terms and privacy policy, not ours.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as we add features, as our practices evolve, or as laws change. When we make material changes, we will notify you through the app (such as an in-app banner or prompt), by email, or both, before the changes take effect. The “Effective Date” at the top will always reflect the most recent version.

Your continued use of HeyOakley after an updated Policy takes effect means you accept the changes. If you do not agree, you can stop using the app and delete your account.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

We are committed to addressing your concerns and will do our best to resolve any issues promptly. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.