Privacy.
ooey is a pantry and recipe app built by Alien Tech Systems in Brooklyn, New York. We don’t run ads, we don’t sell your data, and we don’t track you across the web. This policy explains what data we collect, why, who we share it with, and how to get it back or make it disappear.
What we collect.
Email address. Provided when you create your account. Used for authentication (magic-link sign-in) and essential service emails. Linked to your account.
Photos. When you scan a pantry item, your camera captures a photo that is sent to our AI ingredient-identification service (Google Gemini) for processing. ooey does not store the photo after processing. You are asked for explicit consent before the first scan.
Pantry items and recipes. Items identified from scans, items you add manually, recipes you save or import, and related metadata (quantities, expiration estimates, storage locations). This is your content, stored in your account so the app works.
Account identifiers. An internal user ID generated when you sign up. Used to associate your data with your account.
Passkeys. If you set up a passkey for faster sign-in, a WebAuthn public-key credential is stored server-side. Biometric data (Face ID, Touch ID, fingerprint) never leaves your device — it is verified locally by your device’s secure enclave and is never transmitted to ooey.
Anonymous usage events. Counts of in-app actions — for example: the app was opened for the first time, an account was created, a pantry item was added, a recipe was generated — together with a random per-install identifier. These carry no name, email, or content from your pantry or recipes, and are not linked to your account identity. They are processed by PostHog in the European Union, are on by default, and you can switch them off any time in Settings → Privacy & Voice → Share anonymous usage data.
How we use your data.
Every piece of data listed above exists for one reason: to make the app work. We use your email to sign you in. We use your photos to identify ingredients. We use your pantry and recipe data to show you what’s in your kitchen and what you can cook. We do not use your data for advertising, profiling, or training AI models.
Third parties.
Google Gemini (Google LLC, US). Receives photos you scan for AI ingredient identification. Google may retain submitted data for up to approximately 55 days for abuse prevention and safety monitoring, after which it is deleted. Google does not use data submitted via the Gemini API to train its models.
Resend (Resend Inc., US). Delivers transactional emails (magic-link sign-in, service notices). Receives your email address for delivery purposes only.
Cloudflare (Cloudflare Inc., US). Provides hosting, content delivery, DDoS protection, and cookieless, aggregate web analytics for ooeyapp.com. Cloudflare processes requests to serve the app; it does not receive or store your account data.
PostHog (PostHog, EU region). Processes the anonymous in-app product-analytics events described under Anonymous usage events above, so we can see which features help and where people get stuck. Hosted in the European Union. Receives no name, email, pantry, or recipe content, and no advertising or cross-app identifiers. You can switch it off in Settings → Privacy & Voice.
We do not sell, rent, or trade your personal data to anyone. The third parties listed above receive only the minimum data required to provide their specific service.
Cookies and tracking.
We do not use cookies. We do not track you across other apps or websites, and we do not use advertising identifiers. Our website analytics (Cloudflare Web Analytics) are aggregate and cookieless — they cannot identify individual visitors. Inside the app we use PostHog (EU) for anonymous product analytics that you can switch off in Settings — see Anonymous usage events and Third parties above.
Data retention.
Your account data (email, pantry items, recipes, passkeys) is retained for as long as your account is active. Photos sent for ingredient scanning are not stored by ooey after processing; Google may retain them for up to approximately 55 days for abuse prevention. Abandoned scan data (scans that are started but never confirmed) is automatically purged after 72 hours.
Account deletion.
You can delete your account at any time from Settings → Account → Delete Account in the app. Deletion is a hard delete — all your data (account, pantry items, recipes, passkeys, scan history) is permanently and irreversibly removed within seconds. There is no grace period and no recovery. Active sessions are immediately invalidated.
Community publishing.
ooey is private by default. Your pantry, your saved recipes, your shopping lists, your scan history — none of it is visible to anyone but you. The community surface is opt-in: a recipe becomes public only when you flip it from private to public, and only after you read and accept the community rulebook. This section explains what changes when you publish.
What becomes public. The recipe itself: ingredients, method, yield, the headnote you wrote, any photo you attached, the publish date, and your @handle (the public name you chose; not your email, not your real name unless you put it in your handle). If your recipe is a fork of another cook’s recipe, the lineage chain is also public; attribution is permanent and cannot be stripped.
What stays private. Your email address, your account ID, the recipes you haven’t published, and the four small appreciation signals attached to public recipes (cooked this, saved, on my list, and a fork) — these are private to the author of the recipe at aggregate level only. There are no public counts, no follower graphs, no leaderboards. There never will be.
Pre-publication scan. Before a recipe goes public, ooey runs a pre-publication scan on the headnote and any fork-note for things you almost certainly did not mean to publish — phone numbers, email addresses, street addresses, and similar personal identifiers. The scan surfaces findings to you; you either remove them or acknowledge them before the recipe goes live. The scan runs server-side and the results are not retained beyond the publish transaction.
The public modlog. Moderation actions on public recipes (hide, restore, account suspension, takedown) are recorded in a public modlog at ooeyapp.com/community/modlog. The modlog publishes the action, not the content: a row contains a timestamp, the action taken, the recipe ID, the violation code, the steward’s handle, and a brief reason. The original report is not public.
If you delete your account. Public recipes you originated remain published because other cooks may have forked them, and attribution is part of the contract those forks depend on. Your @handle on those recipes is replaced with “a deleted cook” and your appreciation events on others’ recipes are deleted. Your account, email, passkeys, private recipes, and pantry data are hard-deleted on the same terms as the Account deletion section above.
What this section does not commit. The community surface is reserved on the roadmap (CM1 unlock) and is not yet live. This section discloses the privacy posture you can expect when CM1 ships; if any of it changes before then, this page is updated and the change is announced via the email on your account.
Data export.
You have the right to export all of your data. A data export includes your account information, pantry contents, and scan history in a machine-readable format (JSON). To request an export, use the export option in the app or email privacy@ooeyapp.com.
Security.
All data in transit is encrypted via HTTPS/TLS. Passwords are never used — ooey authenticates exclusively through magic links and passkeys, eliminating credential-stuffing and password-reuse risks. If you discover a security issue, please email security@ooeyapp.com.
Children.
ooey is not directed at children under 13. We do not knowingly collect data from children under 13. When the community surface unlocks, account creation will require an age attestation and accounts attesting under 13 will be declined before any account data is stored. If you believe a child has provided us with personal data, please contact privacy@ooeyapp.com and we will delete it promptly.
Changes to this policy.
If we make material changes, we’ll update this page and revise the date below. For significant changes, we’ll also notify you via the email address associated with your account.
Contact.
For privacy questions, data requests, or concerns: privacy@ooeyapp.com.
Alien Tech Systems
Brooklyn, New York