Ori
The idea Features How it works Plans Safety
The idea Features How it works Plans Safety Get the app

Privacy

Privacy Policy

Last updated: 4 July 2026.

1. Who we are

Double Quack LTD is the data controller for your personal data in connection with Ori. We are registered in England and Wales under company number 17262143.

Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Privacy contact: hello@heyori.app
ICO registration number: ZC177587
EU representative (Article 27): Not applicable. EU/EEA distribution is not enabled.

2. What this policy covers

This policy explains how we collect, use, store, share, and protect personal data when you use Ori, including the app, website, and any related services. Because the app processes food, weight, body, and goal information, some of the data we handle is health data or special category data under UK data protection law (UK GDPR).

3. What we collect and why

Data category Examples Why we use it Lawful basis
Account data Email address, authentication ID, account ID, sign-in provider (Apple/Google/Microsoft). Create and secure your account, sign you in, contact you about important account matters. Contract; legitimate interests; legal obligation where applicable.
Profile and onboarding data Date of birth, height, biological sex, activity level, goal type, goal rate, unit preferences, health consent acknowledgement. Estimate starting calorie targets, apply age-based safety rules, personalise the app. Contract; explicit consent (Article 9(2)(a) UK GDPR) for health-related special category data.
Food and calorie data Food log entries, calorie values, saved foods, saved meals, meal edits, quick calorie logs, label scan results, food photo estimates. Power the food diary, saved foods library, AI food estimates, and weekly food-based guidance. Contract; explicit consent for health-related special category data.
Weight and goal data Manual weight logs, Look Away weight readings, trend weight, target calories, adaptive tuning state, weekly snapshots. Track progress, run adaptive calorie target updates, provide guidance in normal or Stealth Health mode. Contract; explicit consent for health-related special category data.
AI request data Prompts, recent conversation context, voice-derived text, images you submit for food/label/scale reading, AI response metadata, usage counters. Power AI chat, food estimates, voice logging, label reading, Look Away, and Weekly Tweaks. Enforce per-user usage allowances and prevent abuse. Contract; explicit consent where health data is involved; legitimate interests for usage and cost controls.
Subscription and payment metadata RevenueCat customer ID, entitlement status, subscription tier, subscription period, renewal dates, platform (App Store / Google Play), payment event metadata. Grant and manage paid access, handle subscription lifecycle events, prevent fraud, support billing queries. Contract; legitimate interests; legal obligation for accounting/tax where applicable.
Technical and security data App version, platform, region, anonymised request logs, error logs, feature usage counters, security event markers, and server-secret hashes of sign-up IP and email for free-taster controls. Keep the app working, secure the backend, enforce feature limits, prevent repeated free-taster misuse, diagnose bugs, and control AI costs. Raw IP and email are not stored in taster claim or cooldown records. Legitimate interests; legal obligation where applicable.
Optional model-improvement data Pseudonymised numerical time series derived from daily calorie totals, weight patterns, logging methods and completeness, broad body-profile ranges, goals, target changes, and adjustment outcomes. Evaluate and improve Ori's calorie-adjustment models. This is optional, off by default, and excludes food names, saved meals, conversations, notes, photos, exact dates, email addresses, and account IDs. Explicit consent.
Website contact data Email address and message content if you contact us via the website. Respond to your enquiry. Legitimate interests; consent; or steps before a contract, depending on the nature of the request.

4. Health data and explicit consent

Food intake, calories, weight, height, biological sex, and goals can reveal information about your health. Under UK GDPR, this is special category data (the highest protection tier). We process it only on the basis of your explicit consent, given at the time you create an account.

You can withdraw consent at any time by deleting your account or contacting us at hello@heyori.app. Because health-related data is central to Ori's functionality, withdrawing consent will mean we cannot continue providing the Service and your account will be closed.

We never use special category data for advertising or share it with data brokers.

Consent needed to operate Ori is separate from the optional Help improve Ori choice shown after your first target check. If you agree, eligible existing and future numerical patterns are available to our protected model-evaluation process. Turning sharing off immediately excludes your records from future training and does not affect normal use of the app. Model versions already released and anonymous overall statistics cannot be individually rolled back.

5. AI features and data processing

When you use AI features (food chat, label scan, voice logging, Look Away, or Weekly Tweaks), your request is sent to our backend and processed by our AI provider (Google AI services). This includes any text, image, or voice-derived text you submit, along with recent conversation context.

We send the minimum context needed to answer your request. We do not send your full history, account data, or identifying personal details to the AI provider as part of each request.

Google's handling of data submitted via Google AI services is governed by Google's API terms and data processing agreements. We maintain a Data Processing Agreement with Google covering AI processing on our behalf.

Please do not include faces, other people, children, addresses, prescription labels, medical records, or sensitive personal information unrelated to food logging in any image, voice note, or prompt you submit.

6. Photos, voice, and Look Away

Camera and microphone access is used only when you actively trigger a feature that requires it (label scan, food photo, voice log, or Look Away). We do not access your camera or microphone in the background.

Voice logging: Speech-to-text transcription runs entirely on your device using your device's built-in speech recognition. Only the resulting text is sent to our backend; audio is never transmitted to our servers or any third party.

Look Away: Images submitted via Look Away are processed transiently to extract the scale reading. They are not stored in your Ori account after the reading is recorded. Temporary server-side processing artefacts and standard security logs may exist briefly as part of request handling, consistent with our retention policy.

Food photos and label scans: Images are sent to our backend and AI provider for estimation. Processed estimates are stored in your food log; the original images are not retained in your account after the estimate is returned.

7. Apple Health and Google Health Connect

Ori does not currently read from or write to Apple Health or Google Health Connect. If we add health platform integrations in a future build, we will update this policy, explain the data involved, and ask for your explicit permission before activating any integration.

8. Local device storage

The app stores some data locally on your device: preferences, saved food and meal data, local food logs, feature state, and AI conversation history (to provide context for follow-up messages). Recent conversation messages may still be sent to the backend when needed to answer an AI request.

Clearing app data or uninstalling the app may remove local-only data. It does not automatically cancel your subscription or delete your cloud account data.

9. Who we share data with

We do not sell your personal data and we do not share identifiable health data with advertisers or data brokers. We share limited data with service providers to operate Ori:

Provider Purpose Data shared
Supabase Authentication, database, Row Level Security, Edge Functions, and all backend operations. Account data, profile data, food and weight logs, AI usage counters, subscription state, security event logs.
Google (Google AI services) AI chat, food estimation, label reading, voice-log interpretation, Look Away scale reading, Weekly Tweaks. Prompts, recent conversation context, submitted images or voice-derived text, AI request metadata.
RevenueCat Subscription management, entitlement verification, webhook event handling. Platform purchase events (from Apple or Google), subscription status, entitlement tier, renewal dates. RevenueCat does not process payment card details; those are handled by Apple and Google.
Apple App Store / Google Play App distribution and in-app purchase processing. Store account, device, purchase, and distribution data handled under Apple and Google's own terms and privacy policies.
Google Workspace Transactional emails (account, subscription) and, with your consent, marketing communications. We do not use a separate third-party marketing platform — marketing emails are sent by us directly. Email address and, for marketing, your opt-in status, the date it last changed, and the copy version shown when you made that choice. No health data is included in or inferred from email segmentation.

All service providers are subject to Data Processing Agreements with us and are only permitted to process your data as instructed to provide their service.

We may also disclose data where required by law, court order, or regulatory authority; to protect users or the integrity of the Service; to investigate fraud or misuse; or as part of a business transfer such as a merger or acquisition, in which case we will notify affected users.

10. International data transfers

Some providers process data outside the UK, including in the United States. Where transfers are required, we rely on the UK Addendum to the Standard Contractual Clauses (or the Standard Contractual Clauses directly, incorporating the UK Addendum), as reflected in our Data Processing Agreements with Supabase, Google, and RevenueCat. Where a provider is separately self-certified under the UK Extension to the EU-US Data Privacy Framework, that may provide an additional basis for transfers to that provider, but it is not the mechanism we rely on by default.

11. Retention

We keep personal data only for as long as needed to provide the Service, meet legal obligations, resolve disputes, prevent abuse, maintain security, and support accounting or subscription records. Specific retention periods:

  • Account and app data: retained while your account is active.
  • Subscription and payment metadata: retained as needed for billing, tax, accounting, dispute resolution, and fraud prevention (typically 7 years for tax records).
  • AI conversation history: stored locally on your device until you clear it or uninstall the app. Server-side, we retain only usage counters and request-coordination records to enforce allowances and prevent abuse; these do not include conversation content and are periodically cleaned up.
  • Look Away and photo images: processed transiently and not retained in your account after the estimate or reading is recorded.
  • Security and error logs: retained for up to 12 months unless needed for an ongoing security investigation or legal matter, in which case they may be retained for longer.
  • Free-taster abuse records: a server-secret hash of the sign-up IP is retained for seven days; after account deletion, a server-secret hash of the account email is retained for 365 days so deleting and recreating an account does not reset free tasters. These records contain no food, weight, photo, or conversation data and never prevent sign-up, normal app access, or Premium.
  • Legal consent evidence: when an account is deleted, the accepted document versions and timestamps are retained in a service-only pseudonymous archive for seven years from acceptance, then automatically deleted. This is kept to meet accountability and legal-claims obligations.
  • Deleted accounts: login, profile, health, food, goal, settings, and model-improvement source data are deleted, subject only to the limited legal and abuse records described above and other minimum legal retention requirements.
  • Optional model-improvement data: used only while your explicit sharing choice is active. Turning sharing off immediately excludes your records from future training. Account deletion removes the consent and all contributing source rows; Ori does not keep a detached health-data time series after deletion. Previously released model versions and anonymous aggregate statistics cannot be individually reversed.

We may retain aggregated or anonymised statistics that cannot identify you. Where data can reasonably be re-linked to you, we treat it as personal data.

12. Automated processing and profiling

Ori uses automated processing to calculate personalised calorie targets, track weight trends, and generate Weekly Tweaks. This is done by applying population-level formulas to the data you enter, combined with statistical smoothing to separate meaningful trends from short-term noise such as water weight fluctuation.

These are algorithmic estimates, not individually tailored medical assessments. The outputs (target calories, trend weight, suggested adjustments) are directional guidance, not determinative decisions. You can always override, ignore, or delete them.

This processing does not constitute "solely automated decision-making with significant legal or similarly significant effects" within the meaning of Article 22 UK GDPR. However, if you have concerns about how automated processing is being applied to your data, you may contact us at hello@heyori.app and request human review of how your targets or guidance are being generated.

13. Marketing communications

We may send you transactional emails about your account, subscription, or service changes. These are not marketing communications and we do not need your consent to send them.

If we send promotional or marketing emails (such as feature announcements or offers), we will only do so if you have given your consent, as required by the Privacy and Electronic Communications Regulations (PECR). You can give or change this preference at any time in the app under Settings > Email Preferences, withdraw consent and unsubscribe using the link in any marketing email, or by contacting hello@heyori.app.

14. Security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. We review and update these measures as the Service evolves.

No system is perfectly secure. If we become aware of a personal data breach requiring notification under UK GDPR (typically within 72 hours of becoming aware), we will notify the Information Commissioner's Office (ICO) and, where the breach poses a high risk to individuals, affected users as required by applicable law.

To report a potential security vulnerability, please contact us at hello@heyori.app with a description of the issue. We will acknowledge your report and work to address it promptly.

15. Your rights

Depending on your location, you may have the following rights:

  • Access: obtain a copy of your personal data.
  • Correction: ask us to correct inaccurate data.
  • Deletion: ask us to delete your data (subject to legal retention requirements). You can also delete your account directly within the app.
  • Portability: receive a copy of your data in a portable format (e.g. JSON or CSV). Contact us to request an export.
  • Restriction: ask us to restrict processing in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent for special category data at any time. This will result in account closure as described in section 4.
  • Automated decision-making: rights relating to solely automated decisions that significantly affect you. See section 12 for how automated processing works in Ori.

To exercise your rights, contact hello@heyori.app. We will respond within one month. We may need to verify your identity before acting on a request.

You can also delete your account inside Ori or follow the instructions on our account-deletion page. Renewing Apple or Google subscriptions must be cancelled first because deleting an Ori account cannot stop store-controlled billing.

16. UK and EU supervisory authority complaints

If you are in the UK, you can complain to the Information Commissioner's Office at ico.org.uk. If you are in the EEA, you may complain to your local data protection supervisory authority. We ask that you contact us first so we have the opportunity to resolve your concern.

17. US state privacy notices

We do not sell personal information and do not share personal information for cross-context behavioural advertising. We process health-related information only to provide the Service, maintain security, comply with law, and improve the product as described in this policy.

Washington State (My Health My Data Act, MHMD) and Nevada (Consumer Health Data Privacy Law): If you are a Washington or Nevada resident, you have rights relating to your consumer health data, including the right to access, delete, and withdraw consent. These rights, the categories of consumer health data we collect, and who we share it with are set out in full in our dedicated Consumer Health Data Privacy Notice. We do not sell consumer health data or share it with third parties for marketing purposes. You may also raise a complaint with the Washington State Attorney General at atg.wa.gov or the Nevada Attorney General at ag.nv.gov.

California (CCPA/CPRA), Colorado (CPA), Virginia (CDPA), Connecticut (CTDPA), Texas (TDPSA), and Oregon (OCPA): We do not sell personal information and do not share personal information for cross-context behavioural advertising. There is nothing to opt out of. Even where Ori is below the thresholds for mandatory compliance with these state laws, we aim to honour reasonable access, deletion, correction, and opt-out requests from US residents where feasible. Contact us at hello@heyori.app to exercise any applicable state privacy rights.

HIPAA notice: Ori is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). The Service is a general wellness tool, not a healthcare provider, health plan, or healthcare clearinghouse. Your data is protected under this policy and applicable US state law, but HIPAA does not apply to Ori.

If a security incident involving identifiable health information triggers US breach notification obligations, we will follow applicable notice requirements.

18. Children

Ori is not for anyone under 18. We do not knowingly collect personal data from anyone under 18. We take steps at account creation to detect underage users and will close any account we identify as belonging to someone under 18. If you believe someone under 18 has used Ori, contact us and we will take prompt action.

For users in the United States: Ori is also not directed at children under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

19. Cookies and website analytics

See our Cookie Notice for details of what cookies and similar technologies this website uses.

The Ori app does not use advertising cookies or tracking pixels. Locally stored preferences and session state are used only to provide app functionality and are not shared with advertisers.

20. Changes to this policy

We may update this policy. If changes are material, we will notify you via the app, by email, or on the website before or when they take effect. The date at the top of this page always shows when it was last updated.

21. Contact

Privacy contact: hello@heyori.app
Postal address: Double Quack LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Ori

Your calm calorie companion.

Privacy Terms Health Disclaimer Support Cookies Consumer Health Data Delete account
Download on the App Store — coming soon Get it on Google Play — coming soon