Privacy Policy

Last updated: March 18th, 2026

1. Information We Collect

When you use Okaasan, we may collect the following information:

  • Account data: email address, display name, and profile picture (synced from Google if you sign in via OAuth).
  • Body & dietary profile: weight, height, age, gender, activity level, and dietary preferences — entered voluntarily in your profile to enable personalized nutrition calculations (TDEE/DRV).
  • Scan history: product scan results (including the uploaded image) saved to our database when you are signed in. Restaurant menu scans are saved only if you are signed in; otherwise they are stored in your browser's sessionStorage only.
  • Grocery list: items you add to your shopping list, stored in our database and shareable via a public link token.
  • Usage data: anonymous pageviews and interaction events collected via PostHog analytics.
  • Payment data: handled entirely by Stripe. We do not store credit card details.

2. How We Use Your Information

We use collected information to:

  • Provide and improve the Okaasan service.
  • Maintain your scan history and account preferences.
  • Calculate personalized daily reference values (DRV) from your body profile using the Mifflin-St Jeor formula.
  • Process payments securely via Stripe.
  • Send transactional emails (account confirmation, receipts).
  • Analyze aggregate usage patterns to improve the product.

3. Image Processing & Storage

Photos you submit are sent to Google Gemini for AI analysis. For product scans, the uploaded image is stored in Supabase Storage and associated with your scan result — this allows sharing results via link and viewing your scan history. For menu scans, images are processed in real-time and not stored server-side. We do not use your images to train AI models.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase: our database, authentication, and file storage provider.
  • Stripe: for payment processing.
  • Google (Gemini API): for AI image analysis.
  • PostHog: for anonymous usage analytics.

5. Cookies & Local Storage

We use HttpOnly session cookies for authentication, managed by Supabase. Your browser's localStorage is used for:

  • okaasan-theme: your light/dark theme preference.
  • Scan image cache: up to 30 product images stored locally (WebP, 400px) to avoid redundant network requests.
  • Scan quota cache: a local counter that mirrors your monthly free scan count (the authoritative value is server-side).

SessionStorage is used to temporarily hold the last product or menu scan result while you view it. We do not use advertising or tracking cookies.

6. Data Retention

We retain your account data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.

7. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at hello@okaasan.app.

8. Security

We use industry-standard security practices including HTTPS encryption, secure cookie handling, and Supabase Row Level Security (RLS) to protect your data.

9. Children

Okaasan is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email or an in-app notice.

11. Contact

For privacy-related questions, contact us at hello@okaasan.app.