Privacy Policy
Last updated 25 April 2026
We built Onai to help you understand your nutrition. We collect only what we need to make the app work, we never sell your data, and you can delete everything at any time.
Who We Are
Onai is a food and nutrition tracking app available on iOS and Android. For privacy questions or data requests, contact us at privacy@onaiapp.io.
What We Collect
- Account information: your email address and display name
- Food and nutrition data: food photos, dish names, and calorie and macro estimates from your scans
- Health and body metrics: weight, height, gender, age, and dietary goals
- Meal history: logged meals with timestamps
- Dietary preferences: vegan, gluten-free, halal, and similar
- Location: approximate GPS coordinates, only when you use the nearby restaurants feature
- Subscription status: your purchase status and subscription tier
- Device data: device model, OS version, and crash logs to fix bugs
How We Use It
- Identifying food from photos or text using AI
- Tracking your daily and weekly calorie and macro intake
- Generating personalised dish suggestions based on your meal history and goals
- Showing nearby restaurants relevant to your location
- Managing your Pro subscription
- Sending account emails such as verification and password reset
- Fixing bugs and improving the app
Health Data and Your Consent
Food intake, body weight, height, and dietary preferences are health-related data under GDPR. By creating an account you explicitly consent to this data being processed solely to provide personalised nutrition tracking and recommendations. You can withdraw consent at any time by deleting your account. All data is permanently removed within 30 days.
Third-Party Services
- Google Firebase: authentication, database, file storage, and hosting. Privacy policy
- Anthropic: AI-powered food identification and dish suggestions. Photos are not retained beyond each request. Privacy policy
- RevenueCat: subscription and purchase management. Privacy policy
- Google Places API: nearby restaurant search. Privacy policy
- Apple and Google: payment processing through their app stores
We do not sell, rent, or share your data with any third party for advertising or marketing.
Data Retention
- Active accounts: data is kept for as long as your account exists
- Deleted accounts: all data permanently deleted within 30 days
- Meal history: retained for up to 12 months, then automatically purged
- Crash logs: retained for 90 days
Your Rights
Under GDPR you have the right to access, correct, delete, or export your data, and to object to or restrict how we process it. You can delete your account directly in the app under Settings. For any other request, email privacy@onaiapp.io and we will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Security
Your data is stored on Google Firebase infrastructure, ISO 27001 certified and SOC 2 compliant. All data is encrypted in transit and at rest. Firebase and Anthropic may process data in the United States, covered by Standard Contractual Clauses under GDPR.
Children
Onai is not directed at children under 13, or 16 in the EU and UK. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
Changes
We may update this policy from time to time. We will notify you of significant changes via email or in-app notice.
Contact
privacy@onaiapp.io