Privacy Policy
Last updated: February 24, 2026
Your privacy matters to us. This policy explains in detail what data we collect, how we use it, and what rights you have regarding your personal information.
1. Data We Collect
We collect the following categories of data: Account data — your email address, first and last name, and profile information provided during registration or obtained through Google OAuth sign-in. Meal data — meal descriptions, comments, photos, hunger level (1–9 scale), saturation level (1–9 scale), and tastiness rating (yes/no) for each logged meal. Emotional data — selections from a range of emotional states recorded before and after meals. Daily notes — free-text journal entries you write each day. Analytics data — computed averages, aggregated statistics, and chart data derived from your meal and emotional logs. Technical data — device type, operating system, app version, and basic usage information necessary for maintaining service quality.
2. How We Use Your Data
Your data is used for the following purposes: to store and display your meal logs, emotional records, and daily notes; to compute and present analytics, charts, and eating pattern insights; to synchronize your data across devices; to authenticate your identity and secure your account; to send essential service notifications (e.g., password reset, account verification); and to maintain and improve the technical performance of the service. We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We do not use your data to build user profiles for targeted advertising.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases: Consent — you provide consent when you create an account and voluntarily submit your meal, emotional, and journal data. You may withdraw consent at any time by deleting your account. Contract performance — processing is necessary to provide you with the OVO service as described in our Terms of Use. Legitimate interest — we process limited technical data to maintain service security, prevent abuse, and improve service quality. We ensure our legitimate interests do not override your fundamental rights and freedoms.
4. Data Storage & Security
We take the security of your data seriously. Account authentication data is managed by Clerk (clerk.com), an industry-standard authentication provider that handles email/password credentials, email verification, password reset, and Google OAuth tokens securely. Meal photos are stored on Amazon S3 using secure presigned URLs with limited time-based access, ensuring that images are only accessible through authorized requests. All other personal data (meal logs, emotional records, daily notes, analytics) is stored on our API servers. All data transmission between your device and our servers is encrypted using TLS. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
5. Third-Party Services
OVO relies on the following third-party services to operate: Clerk (clerk.com) — provides authentication services including email/password login, email verification, password reset, and Google OAuth integration. Clerk's privacy policy: https://clerk.com/privacy. Amazon Web Services (S3) — provides secure cloud storage for meal photos. AWS privacy policy: https://aws.amazon.com/privacy/. Google OAuth — if you choose to sign in with Google, Google shares your basic profile information (name, email, profile picture) with us. Google's privacy policy: https://policies.google.com/privacy. These third-party services process your data according to their own privacy policies. We only share the minimum data necessary for each service to function.
6. International Data Transfers
Our primary servers are located within the European Union. However, some of our third-party service providers (Clerk, Amazon Web Services) may process data in the United States or other countries outside the EEA. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's certification under recognized data protection frameworks. By using OVO, you acknowledge that your data may be processed in countries with different data protection laws than your country of residence.
7. Your Rights
Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights: Right of access — you may request a copy of the personal data we hold about you. Right to rectification — you may request correction of inaccurate or incomplete data. Right to erasure — you may request deletion of your personal data; you can also delete your account directly in the App settings. Right to data portability — you may request your data in a structured, commonly used, machine-readable format. Right to restriction — you may request that we restrict processing of your data under certain circumstances. Right to object — you may object to the processing of your data based on legitimate interests. Right to withdraw consent — you may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. To exercise any of these rights, contact us at support@ovo-app.com. We will respond to your request within 30 days.
8. Data Retention
We retain your personal data for as long as your account is active and the service is being provided to you. Upon account deletion, all personal data — including meal logs, photos, emotional records, daily notes, and analytics — is permanently and irreversibly removed from our systems immediately. Anonymized, aggregated data that cannot be used to identify you may be retained for service improvement purposes.
9. Children's Privacy
OVO is not intended for use by children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take immediate steps to delete that data. If you believe a child has provided us with personal data, please contact us at support@ovo-app.com.
10. Cookies & Local Storage
The OVO web application uses essential cookies and local storage for authentication session management and user preference storage. These are strictly necessary for the service to function and cannot be disabled. The OVO mobile application uses secure on-device storage to maintain your authentication session and cache data for offline access. We do not use cookies or tracking technologies for advertising, analytics, or profiling purposes.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or service features. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this policy indicates when the most recent changes were made. We encourage you to review this policy periodically.
12. Contact
For privacy-related questions, concerns, or data protection requests, please contact our Data Protection Officer at support@ovo-app.com. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.