Last updated: May 7, 2026
Privacy Policy
Your privacy matters to us. This Privacy Policy explains what data we collect when you use Olea, how we use it, and your rights regarding that data.
1. Who We Are
Olea is a calorie and nutrition tracking application. For the purposes of data protection law, we are the data controller. You can reach us at contact@olea.plus.
2. Data We Collect
We collect the following categories of data:
Account Information
- Email address (used for authentication via magic link)
- Name and profile picture (if you sign in with Apple or Google)
- Account creation date and last login
Profile & Health Data
- Date of birth, gender, height, current weight, and target weight
- Activity level, diet type, and nutrition goals (calories, protein, carbs, fat)
- Rollover calorie preferences and goal speed settings
Food & Nutrition Logs
- Meal entries including food name, calories, macros, meal type, and date
- Food photos uploaded for AI analysis (temporarily processed, then stored in Cloudinary)
- Barcode scan history
- Water and weight logs
Device & Usage Data
- Device type, operating system, and app version
- App usage events (screens viewed, features used) — used only for improving the app
- Crash reports and error logs
- IP address (used for security and fraud prevention)
Payment Data
We do not collect or store your payment card information. Subscription billing is handled entirely by Apple (App Store) or Google (Play Store). We only receive confirmation of your subscription status from RevenueCat.
3. How We Use Your Data
- Provide the service: Authenticate your account, display your food logs, calculate your macro progress, and personalize your nutrition goals.
- AI food analysis: Food photos you submit are sent to Anthropic's Claude API for ingredient recognition and nutrition estimation. Photos are not used to train AI models.
- Email communication: We use Resend to send magic link authentication emails. We do not send marketing emails without your explicit consent.
- Subscription management: We use RevenueCat to verify your subscription status and unlock premium features.
- App improvement: Aggregated, anonymized usage data helps us improve features and fix bugs.
- Security: We monitor for suspicious activity and unauthorized access to protect your account.
4. Third-Party Services
We work with the following third parties who may process your data:
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude AI) | AI food photo analysis | Food photos (no personal identifiers) |
| RevenueCat | Subscription management | User ID, subscription status |
| Cloudinary | Food photo storage | Food photos |
| Resend | Transactional email delivery | Email address, magic link token |
| Railway | Backend hosting & database | All account and log data (encrypted at rest) |
| Open Food Facts | Barcode food database | Barcode number only (no personal data) |
| Apple / Google | OAuth sign-in, billing | Governed by their own privacy policies |
We do not sell your personal data to third parties.
5. Data Retention
- Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
- Food logs: Retained indefinitely while your account is active to provide historical insights. Deleted with your account.
- Food photos: Stored in Cloudinary and retained until you delete the associated log entry or request deletion.
- Magic link tokens: Expire after 15 minutes and are deleted immediately upon use.
- Crash & error logs: Retained for 90 days for debugging purposes.
6. Data Security
We take security seriously and implement the following measures:
- Data encrypted in transit using TLS 1.2+
- Data encrypted at rest on Railway's managed PostgreSQL
- Authentication tokens stored using secure storage (Expo SecureStore) on-device
- No passwords stored — we use magic link and OAuth only
- JWT tokens with short expiry and refresh token rotation
Despite these measures, no system is completely secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
7. Your Rights (GDPR — EU Users)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal obligations.
- Right to data portability: Receive your data in a structured, machine-readable format (JSON).
- Right to restriction: Request that we limit processing of your data in certain circumstances.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
Our legal basis for processing your health and nutrition data is your explicit consent, provided at sign-up. You may withdraw consent by deleting your account.
To exercise any of these rights, contact us at contact@olea.plus. We will respond within 5 business days.
8. Your Rights (CCPA — California Users)
If you are a California resident, under the California Consumer Privacy Act (CCPA) you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell your data)
- Non-discrimination for exercising your CCPA rights
To make a CCPA request, contact us at contact@olea.plus.
9. Children's Privacy
Olea is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will delete that information.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where our service providers are based. We ensure appropriate safeguards are in place (such as standard contractual clauses) to protect your data in accordance with applicable law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification before the changes take effect. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
For any privacy questions, data requests, or complaints, please contact:
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK).