Download on the App Store

Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how Eightbot OÜ ("we", "us", "our") collects, uses, and protects your personal data when you use the OKKAI mobile application and related services (together, the "Service"). OKKAI is an AI-powered nutrition tracking app that analyses photos of food to estimate calories and nutrition.

We act as the data controller for the personal data we process. This policy is written to comply with the EU General Data Protection Regulation (GDPR), the Estonian Personal Data Protection Act, and Apple's App Store privacy requirements.

1. Who we are

Eightbot OÜ
Registered in the Republic of Estonia
Privacy contact: support@okkai.app
Support: support@okkai.app

2. What data we collect

You provide directly

  • Account data — your name and email address, obtained via Sign in with Apple or Sign in with Google. If you use Apple's private email relay, we receive the relay address only.
  • Profile data — date of birth, sex, height, weight, and nutrition goals you enter to calculate your daily targets.
  • Food entries — photos, text descriptions, and notes you submit about meals.

Collected automatically

  • Health & Fitness data — with your explicit permission, we read weight, activity, steps, sleep, and blood glucose from Apple Health (HealthKit), and we write your logged calories and macronutrients back to Apple Health.
  • Subscription data — the status of your Apple subscription (active, trialing, cancelled) and transaction identifiers provided by Apple. We never see your payment card.
  • Product interaction — which screens you view, which features you use, and error events. Used to understand how OKKAI is used and to improve it.
  • Device and connection data — IP address (for security logs), app version, operating system, and rough region for service localization.

3. How we use your data

We use your personal data only for the purposes set out below:

  • To provide the Service — authenticate you, save your food log, compute nutrition estimates, and show your progress.
  • To personalise the Service — calculate your calorie and macro targets based on your profile and suggest meals based on your history.
  • To process your subscription — verify your Apple purchase, grant Premium features, and handle renewals, refunds, and cancellations.
  • To provide support — respond to emails and account requests you send us.
  • To improve the Service — analyse aggregated usage to find and fix bugs and decide which features to build next.
  • To comply with law — respond to lawful requests, detect fraud, and protect our rights.

4. Legal bases (GDPR Article 6)

  • Contract (Art. 6(1)(b)) — most processing is necessary to provide the Service you asked for, including your subscription.
  • Legitimate interest (Art. 6(1)(f)) — product improvement, fraud prevention, security logging. You may object at any time; see Section 8.
  • Consent (Art. 6(1)(a)) — access to Apple HealthKit data, camera, and photos. You may withdraw consent at any time in iOS Settings.
  • Legal obligation (Art. 6(1)(c)) — for example, retaining billing records for tax and accounting purposes under Estonian law.

For data categorised as special under Art. 9 (health data), we process solely on your explicit consent (Art. 9(2)(a)).

5. Sharing with third parties

We do not sell your personal data. We do not share it with data brokers, and we do not use it for third-party advertising. We share only with the following categories of processors, each bound by a data processing agreement:

  • Apple Inc. — Sign in with Apple, Apple Health (HealthKit), App Store In-App Purchase, push notifications (APNs).
  • Google LLC — Sign in with Google (only if you choose this sign-in method).
  • AI processing providers (such as OpenAI and Anthropic) — your food photos and text descriptions are sent to large-language-model providers to perform nutrition analysis. Their API terms prohibit training on our data. We do not disclose your name or email to these providers.
  • Infrastructure providers — cloud hosting, database, CDN, and email delivery vendors that operate our backend. They process data only on our instructions.

We require all processors to provide at least the level of protection required by GDPR.

6. International transfers

Our servers are located in the European Union. Some of our processors (notably AI providers and Apple) are based in the United States. When your data is transferred outside the European Economic Area we rely on:

  • The EU-US Data Privacy Framework where the processor is certified;
  • Standard Contractual Clauses (Art. 46) where the framework does not apply;
  • Your explicit consent where required.

7. Retention

  • Account and profile data — kept while your account is active; deleted within 30 days after you delete your account.
  • Food entries and photos — kept while your account is active; deleted with your account.
  • Subscription and billing records — kept for seven (7) years to meet Estonian accounting obligations, even after account deletion.
  • Server logs — rotated after 90 days.

8. Your rights under GDPR

You have the right to:

  • Access the data we hold about you (Art. 15);
  • Correct inaccurate data (Art. 16);
  • Erase your data (Art. 17) — you can delete your account directly in the app;
  • Restrict processing (Art. 18);
  • Data portability — export your food log in a machine-readable format (Art. 20);
  • Object to processing based on legitimate interest (Art. 21);
  • Withdraw consent at any time (Art. 7);
  • Lodge a complaint with a supervisory authority. Our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee.

To exercise any right, email support@okkai.app. We respond within 30 days.

9. Apple HealthKit

In accordance with Apple's App Store Review Guideline 5.1.3, we will never:

  • Use HealthKit data for advertising or similar services;
  • Disclose HealthKit data to advertising platforms, data brokers, or information resellers;
  • Sell HealthKit data to any third party;
  • Use HealthKit data for any purpose other than providing you health or fitness services inside OKKAI or to support research for which you have given informed consent.

10. Deleting your account

You can delete your OKKAI account at any time from within the app (Settings → Delete Account). Deletion erases your profile, food log, photos, and linked health data on our servers within 30 days. Deleting your OKKAI account does not cancel any Apple subscription. To cancel an active subscription, open Settings → [your name] → Subscriptions on your iPhone.

11. Children and minimum age

The minimum age to use OKKAI depends on your country of residence and is set out in the OKKAI Terms of Service, section 2 (Eligibility and age). We do not knowingly collect personal data from users below that age. If you believe a child below the applicable minimum age has provided us personal data, contact us and we will delete it.

12. Security

We use HTTPS/TLS for data in transit and encrypt databases at rest. Access to personal data is restricted to staff who need it and is logged.

13. Changes to this policy

We will post updates to this page and change the "Last updated" date. Material changes will be notified in-app.

14. Contact

Questions or requests about this Privacy Policy: support@okkai.app.