Last updated: May 7, 2026
Privacy Policy
Your privacy matters to us. This Privacy Policy explains what data we collect when you use Olea, how we use it, and your rights regarding that data.
1. Definitions
The following terms, when capitalized in this document, have the meanings set out below:
- Account: the unique profile created for you to access the Service.
- Application / App: the Olea mobile application available on iOS and Android.
- Company / We / Us / Our: Olea, operated by MMT Momentum Labs FZCO, registered in Dubai, UAE.
- Device: any electronic device through which you access the Service.
- Personal Data: any information that identifies or can reasonably be linked to an individual, including identifiable health information.
- Health Data: information you provide relating to your physical characteristics, health, nutrition, goals, or activity, including weight, height, food logs, and body composition data.
- Usage Data: data collected automatically through use of the Service, including device information, activity logs, and analytics data.
- User Content: photos, images, text, food entries, and other inputs you upload or submit through the Service.
- Website: olea.plus.
- You / User: any individual who downloads, accesses, or uses the App.
2. Who We Are
Olea is a calorie and nutrition tracking application operated by MMT Momentum Labs FZCO, a company registered in Dubai, UAE. For the purposes of data protection law, MMT Momentum Labs FZCO is the data controller. You can reach us at contact@olea.plus.
3. Data We Collect
We collect the following categories of data:
Account Information
- Email address (used for authentication via magic link)
- Name and profile picture (if you sign in with Apple or Google)
- Account creation date and last login
Profile & Health Data
- Date of birth, gender, height, current weight, and target weight
- Activity level, diet type, and nutrition goals (calories, protein, carbs, fat)
- Rollover calorie preferences and goal speed settings
Food & Nutrition Logs
- Meal entries including food name, calories, macros, meal type, and date
- Food photos uploaded for AI analysis (temporarily processed, then stored in Cloudinary)
- Barcode scan history
- Water and weight logs
Device & Usage Data
- Device type, operating system, and app version
- App usage events (screens viewed, features used), used only for improving the app
- Crash reports and error logs
- IP address (used for security and fraud prevention)
Payment Data
We do not collect or store your payment card information. Subscription billing is handled entirely by Apple (App Store) or Google (Play Store). We only receive confirmation of your subscription status from RevenueCat.
Cookies and Tracking Technologies
Our Website uses cookies, tags, and similar technologies for analytics, functionality, and security purposes. The App may use mobile device identifiers (such as advertising IDs) for analytics and performance measurement. You may control cookie preferences through your browser settings; however, disabling certain cookies may affect Website functionality.
4. How We Use Your Data
- Provide the service: Authenticate your account, display your food logs, calculate your macro progress, and personalize your nutrition goals.
- AI food analysis: Food photos you submit are sent to Anthropic's Claude API for ingredient recognition and nutrition estimation. Photos are not used to train AI models without anonymization.
- Email communication: We use Resend to send magic link authentication emails and service-related notifications.
- Marketing (optional): We may send you promotional emails about new features or offers. You can opt out at any time by clicking "Unsubscribe" in any marketing email or contacting us directly.
- Subscription management: We use RevenueCat to verify your subscription status and unlock premium features.
- App improvement: Aggregated, anonymized usage data helps us improve features and fix bugs.
- Security and fraud prevention: We monitor for suspicious activity, unauthorized access, and fraudulent behavior to protect your account and our systems.
- Legal and compliance: We may use your data to comply with applicable laws, respond to lawful requests from public authorities, and enforce our Terms and Conditions.
- Business transfers: If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.
5. Legal Bases for Processing (GDPR)
Where the General Data Protection Regulation (GDPR) applies, we process your Personal Data on the following legal bases:
- Consent: For Health Data and any optional processing (e.g., marketing emails). You may withdraw consent at any time by deleting your account or contacting us.
- Contract performance: To provide the Service you have signed up for, including account management and subscription processing.
- Legitimate interests: For analytics, security monitoring, fraud prevention, and improving the Service, where these interests are not overridden by your rights.
- Legal obligations: Where we are required to process data to comply with applicable law.
6. Third-Party Services
We work with the following third parties who may process your data:
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude AI) | AI food photo analysis | Food photos (no personal identifiers) |
| RevenueCat | Subscription management | User ID, subscription status |
| Cloudinary | Food photo storage | Food photos |
| Resend | Transactional email delivery | Email address, magic link token |
| Railway | Backend hosting & database | All account and log data (encrypted at rest) |
| Open Food Facts | Barcode food database | Barcode number only (no personal data) |
| Apple / Google | OAuth sign-in, billing | Governed by their own privacy policies |
We do not sell your personal data to third parties.
7. User Content and License Rights
By submitting User Content through the App, you grant MMT Momentum Labs FZCO a worldwide, royalty-free, sublicensable license to use, store, process, reproduce, and analyze your User Content solely to operate, maintain, and improve the Service, including internal AI model improvement.
We may use anonymized or aggregated food images to improve our nutrition recognition models and algorithms. We do not associate such images with your identity when used for internal development.
Progress photos are never used for AI model training.
We do not publicly display your photos or User Content without your express consent.
8. Data Retention
- Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
- Food logs: Retained indefinitely while your account is active to provide historical insights. Deleted with your account.
- Food photos: Stored in Cloudinary and retained until you delete the associated log entry or request deletion.
- Magic link tokens: Expire after 15 minutes and are deleted immediately upon use.
- Crash & error logs: Retained for 90 days for debugging purposes.
We delete or anonymize data when it is no longer needed, unless we are legally required to retain it for a longer period.
9. Deleting Your Personal Data
You have the right to request deletion of your personal data. You may request deletion of:
- Your entire account and associated profile
- Food photos stored in Cloudinary
- Food and nutrition logs
- Health and body data (weight, height, goals)
- Progress photos
To request deletion, send an email to contact@olea.plus with the subject line "Account Deletion Request." We will process your request within 30 days. You may also delete your account directly from within the App once that feature is available.
Please note that some data may be retained where legally required (e.g., for tax, fraud prevention, or regulatory compliance purposes). Aggregated or anonymized data that cannot be linked to you may also be retained.
10. Data Security
We take security seriously and implement the following measures:
- Data encrypted in transit using TLS 1.2+
- Data encrypted at rest on Railway's managed PostgreSQL
- Authentication tokens stored using secure storage (Expo SecureStore) on-device
- No passwords stored; we use magic link and OAuth only
- JWT tokens with short expiry and refresh token rotation
Despite these measures, no system is completely secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
11. Your Rights (GDPR, EU Users)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal obligations.
- Right to data portability: Receive your data in a structured, machine-readable format (JSON).
- Right to restriction: Request that we limit processing of your data in certain circumstances.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
Our legal basis for processing your health and nutrition data is your explicit consent, provided at sign-up. You may withdraw consent by deleting your account.
To exercise any of these rights, contact us at contact@olea.plus. We will respond within 5 business days.
12. Your Rights (CCPA, California Users)
If you are a California resident, under the California Consumer Privacy Act (CCPA) you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell your data)
- Non-discrimination for exercising your CCPA rights
To make a CCPA request, contact us at contact@olea.plus.
13. Children's Privacy
Olea is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete that information.
14. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where our service providers are based. We ensure appropriate safeguards are in place (such as standard contractual clauses) to protect your data in accordance with applicable law.
15. Third-Party Links
The App and Website may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit. We are not responsible for the content, privacy practices, or data handling of any third parties.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification before the changes take effect. The "Last updated" date at the top reflects the most recent revision.
17. Contact Us
For any privacy questions, data requests, or complaints, please contact:
Olea operated by MMT Momentum Labs FZCO
Email: contact@olea.plus
Response time: within 5 business days
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK).