Privacy Policy
At Hestia, we're committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Hestia mobile application, the Hestia Chrome browser extension, and our website (collectively, the "Service").
1. Information We Collect
Account Information
When you create a Hestia account, we collect your name, email address, phone number (optional), and account creation date. If you sign in using a third-party service, we receive information from that provider according to their authorization process.
Meal Preferences & Dietary Information
To personalize your meal planning experience, we collect your dietary preferences (vegetarian, vegan, keto, etc.), dietary restrictions (allergies, intolerances), cuisine preferences, disliked ingredients, and cooking skill level. This data is essential for generating tailored meal plans.
Shopping & Pantry Data
We collect information about products you've purchased, items in your shopping cart, your pantry inventory, product categories you browse, and your shopping frequency. This allows us to improve recommendations and price comparison features.
Location Data
With your permission, we collect your location to help you find nearby grocery stores and compare local prices. This data is not used for marketing and is processed with your explicit consent.
Background location and geofencing. If you enable it, the iOS app may use location in the background to detect when you arrive at a grocery store (geofencing) so we can prompt relevant features such as price checks. You can disable this at any time.
Stored GPS coordinates. When you submit a price check or a Missions price observation, your submission may attach and store precise GPS coordinates (latitude and longitude) to verify store proximity. These coordinates are stored alongside your submission.
Sensitive information and your choices. Precise geolocation is treated as "sensitive personal information" under the California CPRA, and you have the right to limit its use. You can disable location entirely (foreground and background) in iOS Settings > Privacy & Security > Location Services > Hestia, or grant only "While Using the App" rather than "Always." Disabling location does not prevent you from using the core app.
Device Information
We automatically collect device type, operating system version, app version, device identifiers, and crash/error data. This helps us improve app performance and troubleshoot issues.
Usage Analytics
We track features you use, screens you visit, actions you take (such as generating meal plans or adding items to your pantry), and session duration. This helps us understand how the app is used and improve user experience.
Apple Health Data
With your permission, Hestia integrates with Apple Health (HealthKit) on iOS. This integration is entirely optional and can be enabled or disabled at any time in Settings > Health & Fitness.
Data we read from Apple Health:
- Body weight and height — to personalise your daily calorie and protein targets
- Active energy burned and step count — to estimate your total daily energy expenditure (TDEE) for meal plan accuracy
- Resting energy (basal metabolic rate) — used alongside active energy for TDEE estimation
Data we write to Apple Health:
- Dietary nutrition from your meal plans: calories, protein, fat, carbohydrates, and fiber — so your Apple Health nutrition log stays current with your Hestia plan
How Apple Health data is used:
- Health data is used exclusively to personalise your own meal plans, calorie targets, and nutrition tracking within Hestia
- If you have granted analytics consent, your body weight (not your full HealthKit history) may be included in anonymised weekly health snapshots sent to our servers to compute your Healthy Eating Index score. This is disclosed separately at the analytics consent prompt.
- Apple Health data is never used for advertising, marketing, or behavioural targeting
- Apple Health data is never sold to data brokers, insurance companies, advertisers, or any third party
- Apple Health data is never shared with any third party, including Hestia’s commercial data partners described in Section 3
- Apple Health data is not included in any aggregated market intelligence products
This use complies with Apple’s HealthKit guidelines (App Store Review Guideline 5.1.3). You may revoke HealthKit access at any time via iOS Settings > Privacy & Security > Health > Hestia.
Chrome Extension Data
When you use the Hestia Chrome browser extension on grocery retailer websites (such as Walmart.com or Kroger.com), the extension may collect the following information from pages you actively visit:
- Product information: Product names, UPC codes, and item identifiers visible on pages you browse
- Pricing data: Current prices, sale prices, and promotional pricing displayed on retailer pages you visit
- Store context: The retailer name and your approximate region (to contextualize prices)
- Cart contents: Items in your Hestia shopping list, used to match products at the retailer you are visiting
The extension only reads data from pages you actively navigate to. It does not make background requests to retailer websites beyond what your own browsing causes, and it does not access your retailer account credentials, order history, or payment information.
Missions & Price Contributions
The Hestia Missions program allows you to voluntarily submit grocery price observations in exchange for in-app rewards. When you submit a price through Missions, we collect:
- The product name, UPC, and price you observed
- The retailer and your location at the time of submission (GPS coordinates are collected during active mission submissions to verify store proximity; these are stored alongside your submission but are not shared individually with partners)
- The date and time of submission
- Your Hestia user ID (to credit your reward)
Price submissions are voluntary and user-initiated. You choose what to submit and when. Submitted data becomes part of our aggregated price intelligence database as described in Section 3.
Receipt Data
If you choose to upload a grocery receipt, product image, pantry image, or confirm an online order through Hestia, we collect the information needed to process that submission, such as product names, quantities, prices paid, dates, retailers, and image or text content you provide. This is used to provide the feature you requested, update your shopping or pantry records, verify eligible rewards, improve matching accuracy, and support aggregated or de-identified insights as described below. Uploads are voluntary and user-initiated. Please avoid submitting images that include other people, unrelated private documents, payment cards, or information you do not have the right to share.
Hestia Rewards Program: Notice of Financial Incentive
Hestia Rewards is an optional loyalty program that provides a financial incentive in exchange for personal information, as described by the California Consumer Privacy Act (CCPA). This notice explains the program's material terms.
Summary of the incentive. Members earn non-purchasable points for eligible contributions: uploading grocery receipts, confirming or correcting receipt items, scanning products, reporting prices, and completing clearly disclosed Missions. Points are redeemable for grocery and physical-retail merchant gift cards. Points cannot be purchased, and reward amounts are disclosed before you complete an action.
Categories of personal information involved. Purchase and receipt information (items, store, price, date, and package details), product and price observations, receipt and shelf photos you choose to submit, and approximate location when you choose to provide it. Your name, email address, payment details, loyalty card numbers, exact GPS coordinates, and raw receipt images are not included in the data shared with partners; partners receive aggregated or pseudonymous results unless a named sponsored Mission discloses otherwise before you accept it.
Who receives the data and why. Eligible member contributions improve grocery prices for the Hestia community and support verified price intelligence, sponsored-offer measurement, and aggregated market reporting for participating grocery brands, retailers, and research partners. Hestia may be paid for that market intelligence. That payment funds the rewards.
How to opt in. Join Hestia Rewards during onboarding or from your Wallet at any time. Participation is voluntary, and you can use all of Hestia without joining; non-members simply do not earn points and their data is not used for the commercial purposes described above.
How to withdraw. Leave Hestia Rewards at any time in Settings. You keep and may still redeem points you already earned; withdrawal never forfeits earned value. After you leave, your future activity is not used commercially.
Good-faith estimate of the value of the data. Hestia estimates the value of an average member's eligible monthly contributions at up to $5 per calendar month, which matches the program's monthly redemption cap.
Method of calculation. The estimate is based on anticipated partner revenue for verified grocery price intelligence and sponsored-offer measurement, the number and type of verified observations an average member contributes, the cost of validating submissions and preventing fraud, and the cost of providing rewards.
2. How We Use Your Information
- Personalization: Creating tailored meal plans, product recommendations, and shopping list suggestions based on your preferences and dietary needs
- AI Meal Planning: Generating personalized meal plans using our planning system, taking into account your preferences, restrictions, and available recipes
- Price Comparison: Comparing product prices across retailers and helping you find better deals on items in your shopping list
- Pantry Management: Helping you track inventory and reducing food waste by suggesting recipes using ingredients you already have
- Analytics: Analyzing app usage patterns to improve features, performance, and user experience
- Service Improvement: Troubleshooting bugs, improving performance, and developing new features
- Communication: Sending service notifications, updates, and support responses (you can opt out of non-essential communications)
- Billing and rewards: Verifying subscription status, processing eligible rewards, preventing fraud, and supporting refund or billing requests through the applicable payment provider
- Security: Detecting and preventing fraud, abuse, and unauthorized access
3. Data Sharing & Disclosure
We Do Not Sell Your Personal Information
Hestia does not sell, rent, or share your personally identifiable information (your name, email address, account data, or dietary preferences) with third parties for their marketing purposes.
Apple Health data is never shared with any third party under any circumstances. Health and fitness data collected through the HealthKit integration is used solely to provide and improve the health management features within Hestia, as required by Apple’s App Store guidelines (Guideline 5.1.3).
Aggregated and De-Identified Insights
Some Hestia features allow you to contribute grocery prices, receipt information, product observations, or shopping context. We may combine these contributions with information from other users to create aggregated or de-identified insights, reports, datasets, or analytics. These may be used by Hestia and may be provided to business, research, or operational partners.
These aggregated or de-identified outputs:
- Do not contain names, email addresses, or other direct personal identifiers
- Cannot be used to identify, contact, or target you individually
- Are designed to represent trends or summaries rather than individual user records
You may opt out of having your eligible contributions included in commercial insight products at any time via Settings > Privacy > Data Contributions. Opting out does not affect your ability to use Hestia or earn rewards unless a specific reward requires an eligible contribution and that requirement is disclosed in the app.
Aggregated & Anonymized Data (Non-Commercial)
We may also share aggregated, de-identified data with academic researchers and public health institutions for non-commercial research purposes. This data cannot be used to identify you individually.
Third-Party Services
We use trusted service providers to operate the Service. We share only the information reasonably needed for the provider to perform its role, and we require appropriate confidentiality, security, and limited-use protections where applicable. Provider categories may include:
- Hosting, storage, and database providers: to run the app, website, APIs, and data systems
- Analytics and diagnostics providers: to understand feature usage, measure website performance after consent where required, and diagnose bugs or crashes
- AI, OCR, and automation providers: to process meal-planning requests, receipt or product-label images, recipe content, and other user-initiated submissions. We require limited-use and limited-retention terms where applicable.
- Payment and app-store providers: to process subscriptions, trial eligibility, renewals, cancellations, invoices, and refund requests
- Rewards fulfillment providers: to verify eligibility and deliver eligible rewards
- Communications and notification providers: to send service messages, support replies, account notices, and push notifications you enable
- Security, fraud-prevention, and support tools: to protect accounts, investigate abuse, and respond to user requests
If you request a refund or billing review through an app store or payment provider, we may share limited transaction, subscription, entitlement, fraud-prevention, and app-usage information with that provider so the request can be assessed and processed.
Legal Requirements
We may disclose your information if required by law, court order, or government request. We'll notify you of such requests unless prohibited by law.
Business Transfers
If Hestia is acquired or merged with another company, your information may be transferred as part of that transaction. We'll notify you of such changes.
4. Data Storage & Security
Encryption at Rest
Sensitive data is protected using provider-managed encryption at rest and access controls. iOS file protection is enabled for protected local app exports and app data on your device.
Encryption in Transit
Communication between the app and our servers uses HTTPS/TLS. Where implemented in the native app, certificate pinning adds protection against man-in-the-middle attacks.
Secure Credential Storage
Authentication tokens and sensitive credentials are stored in the iOS Keychain, never in plain text or UserDefaults.
Database Security
Our backend database uses standard security practices including access controls, regular backups, and audit logging. Database connections require authentication and encryption.
Data Retention
We retain different categories of information for different periods depending on why we collected them. Account, subscription, shopping, pantry, receipt, reward, support, audit, and security records are retained while needed to provide the Service, comply with legal and accounting obligations, resolve disputes, prevent fraud and abuse, enforce our terms, and maintain reliable backups. User-initiated uploads and AI/OCR inputs are retained only as long as needed for the feature, support, safety, audit, or improvement purposes described in this policy unless a longer retention period is required by law or selected by you. Aggregated or de-identified information that no longer identifies you may be retained and used without a fixed deletion date. You can request deletion of your account and eligible associated data at any time.
5. Children's Privacy
Hestia accounts are intended for users who are at least 13 years old unless a parent or guardian completes the verifiable parental-consent flow for a child. In the United States, consistent with COPPA, we do not knowingly collect personal information from children under 13 without verifiable parental consent; if we learn that we collected it without the required consent, we delete it.
In the EU/EEA and the UK, the minimum age to consent to an online service is 16 in some countries and as low as 13 in others. Hestia does not knowingly process the personal data of anyone below the applicable digital-consent age in their country without verifiable parental consent. Where household meal planning involves information about children (for example, the number, ages, or dietary needs of family members), that information is provided by the adult account holder, is used solely to size and tailor the household's meal plan, and is never used to build a profile of, advertise to, or contact a child.
If you believe a child has provided us personal data without appropriate consent, contact us at support@hestiaember.com and we will delete it.
6. Your Rights & Data Control
We design our consent mechanisms to provide clear, symmetrical choices. We do not use pre-checked boxes, manipulative visual hierarchy, or other design patterns intended to subvert your autonomy. Withdrawing consent is as easy as giving it.
Access Your Data
You can view most of your personal information within the app under Account settings. You can download your account data directly from the iOS Account > Privacy screen or the web Account > Privacy data controls.
Update Your Information
You can update your profile information and dietary preferences directly in the app settings. Account email changes require support-assisted verification for now; contact support@hestiaember.com if you need to change the email used for recovery, billing, legal notices, or household invites.
Delete Your Account
You can delete your account from Settings > Account > Delete Account. This starts account deletion, revokes access tokens, removes active access to meal plans and shopping lists, and schedules eligible account data for purge. Some records may be retained where required for security, legal, audit, or aggregated analytics purposes.
Export Your Data
Self-service export provides available account data, including meal plans, shopping history, and pantry inventory, in a machine-readable JSON format. If the self-service export is unavailable or you need a special request, contact support@hestiaember.com and we will respond within the time required by applicable law.
Opt Out of Analytics
You can disable usage analytics in Settings > Privacy > Analytics. This may limit our ability to improve the app's performance.
Opt Out of Communications
You can disable non-essential notifications (recommendations, deals) in Settings > Notifications. Service notifications (password resets, payment receipts) cannot be disabled.
7. Cookie Policy
App-Based Storage
Since Hestia is a native iOS app, we don't use traditional HTTP cookies. Instead, we use secure local storage and Keychain for session management.
Web-Based Services
If you visit our website (hestiaember.com), we use minimal cookies:
- Session cookies: To keep you logged in
- Preference cookies: To remember language and display preferences
- Analytics cookies: To track website usage (can be disabled)
Website Analytics & Advertising
To understand how visitors use our website and to measure our advertising, we may use analytics, session-measurement, advertising-conversion, and aggregate traffic tools. These tools load only after you accept them in our cookie banner where consent is required; if you reject (or your browser sends a Global Privacy Control signal), non-essential advertising and analytics trackers are not loaded.
- Usage analytics: measures traffic, sessions, and feature usage across the site
- Session diagnostics: helps us identify confusing pages, broken interactions, and performance issues
- Advertising measurement: measures the effectiveness of our advertising and supports conversion tracking where permitted
- Aggregate traffic analytics: provides lightweight, summary-level site metrics
8. California Privacy Rights (CCPA/CPRA)
If you're a California resident, you have the right to:
- Know what personal information is collected about you and how it is used
- Know whether personal information is sold or disclosed, and to whom
- Opt out of the sale or sharing of personal information
- Access your personal information
- Request deletion of personal information
- Correct inaccurate personal information
- Limit the use of sensitive personal information
- Get equal service and pricing even if you exercise your privacy rights
Do Not Sell or Share My Personal Information
Hestia does not sell your name, email address, account credentials, or individual profile to data brokers. However, under the California Consumer Privacy Act as amended by the CPRA, certain disclosures — including commercial use of aggregated or de-identified grocery insights and the use of advertising or analytics trackers on our website — may be considered a "sale" or "sharing." California residents and residents of other states with comparable laws have the right to opt out.
We honor the Global Privacy Control (GPC). If your browser or a browser extension sends a GPC signal, we treat it as a valid opt-out request for that browser and do not load advertising or analytics trackers.
You can opt out of the sale or sharing of your personal information in any of the following ways:
- Click "Reject" on our website cookie banner (this prevents advertising and analytics trackers from loading).
- Use the in-app Privacy settings (Settings > Privacy > Data Contributions) to opt out of having eligible contribution data included in commercial insight products.
- Email us at privacy at hestiaember.com or hello at hestiaember.com with the subject line "Do Not Sell or Share."
Opting out does not affect your ability to use Hestia or earn Missions rewards.
Breach Notification: In the event of a data breach affecting California residents, we will notify affected individuals within 30 calendar days of discovery. If more than 500 California residents are affected, we will submit a sample of the notification to the California Attorney General within 15 calendar days of notifying affected residents. These timelines comply with California Civil Code § 1798.82, as amended by SB 446 (effective January 1, 2026).
Identity Protection Services: If a breach exposes your social security number, driver's license number, or California identification card number, and Hestia was the source of the breach, we will provide appropriate identity theft prevention and mitigation services at no cost to you for not less than 12 months.
To exercise your California privacy rights, contact us at support@hestiaember.com with the subject line "California Privacy Request." We'll respond within 45 days.
9. Washington State Health Data Rights (MHMDA)
If you are a Washington State resident, the My Health My Data Act (RCW 19.373) provides additional protections for your consumer health data. This section supplements our Health Data Privacy Policy, which contains the full details required under this law.
Consumer health data we collect:
- Body weight and height (from Apple HealthKit, only with your explicit opt-in)
- Dietary patterns and meal plan choices
- Meal plan compliance and consumption data
- Healthy Eating Index (HEI-2020) scores derived from your dietary data
Purposes: This data is used to personalize your meal plans, calorie targets, and nutrition tracking. With separate opt-in consent, anonymized aggregate data (never individual data) may be used for wellness program analytics.
Third-party sharing: Health data is shared with third parties only if you have separately opted in to "Health & Wellness Insights" in Settings > Privacy & Consent. Even then, only aggregate population-level statistics are shared (minimum 50 households per data point, with statistical noise applied). HealthKit-sourced weight data is always excluded from any third-party sharing. Health data is never sold to insurance companies, advertisers, or data brokers.
Your rights under MHMDA:
- Right to know: You can view what health data we hold about you in Settings > Account > My Data
- Right to withdraw consent: You can disable health data sharing at any time in Settings > Privacy & Consent. Changes take effect immediately.
- Right to deletion: You can stop Health data sync by disconnecting Apple Health (Settings > Health & Fitness > Disconnect). This removes local Health sync data from the app and starts deletion of server-side Health data where Hestia stores it. Full account deletion is also available.
- No conditioning: Hestia works fully without health data consent. Disabling health data sharing does not limit any app features.
Health data consent expires after one year and requires your active renewal. For the complete health data privacy policy required under MHMDA, see hestiaember.com/health-privacy.
To exercise your Washington State health data rights, contact support@hestiaember.com with the subject line "Washington Health Data Request."
10. GDPR Rights (EU Residents)
If you're in the EU, you have the right to:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data (the "right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data in a structured format
- Right to Object: Object to certain processing (e.g., marketing)
- Right to Lodge a Complaint: With your local data protection authority
Legal Bases for Processing
Where the EU/UK GDPR applies, we rely on the following legal bases:
- Performance of a contract (Art. 6(1)(b)) — to create your account and provide the core meal-planning, shopping, and pantry features you sign up for.
- Consent (Art. 6(1)(a)) — for optional features such as location, the Apple Health integration, non-essential communications, and including your contributions in commercial insight products. You may withdraw consent at any time.
- Explicit consent (Art. 9(2)(a)) — for special-category data, including health and fitness data and any dietary information that may reveal a health condition (such as allergies or a medically required diet). We process this only with your explicit opt-in and never for advertising.
- Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent fraud and abuse, debug and improve features, and create aggregated or de-identified insights. You may object to processing based on legitimate interests, and you can opt out of the commercial insight program at any time via Settings > Privacy > Data Contributions.
International Data Transfers
Hestia is operated from the United States, and your personal data is stored and processed on servers located in the United States. When we transfer personal data from the EEA, the UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses, together with the UK International Data Transfer Addendum, entered into with the service providers that process your data. You may request a copy of the relevant safeguards by contacting us.
Automated Decision-Making
Hestia generates your meal plans using an automated planning system that weighs your stated preferences, dietary restrictions, budget, and the available recipe catalogue. This personalizes the Service and does not produce legal or similarly significant effects on you within the meaning of Art. 22 GDPR. You remain free to edit, reject, or regenerate any plan, and you may contact us for a human review of any automated output.
Data Controller and EU/UK Representative
The data controller for your personal data is Hestia Labs LLC (United States). Hestia is currently directed at users in the United States. We do not yet offer the Service to, or target, residents of the EU/EEA or the United Kingdom. Before we make the Service available to EU/EEA or UK residents, we will appoint representatives under Art. 27 GDPR and Art. 27 UK GDPR and publish their names and contact details here. The rights described in this section apply to the extent the EU GDPR or UK GDPR applies to you.
How to Exercise Your Rights
To exercise any GDPR right, contact support@hestiaember.com. We will respond within one month, extendable by up to two further months for complex requests, and we will tell you if an extension applies. You also have the right to lodge a complaint with your local data protection supervisory authority.
11. Third-Party Links
The app may contain links to third-party retailers, recipe sites, and external services. We're not responsible for their privacy practices. Review their privacy policies before sharing information.
12. Contact Us
Questions about our Privacy Policy?
Email: support@hestiaember.com
We typically respond within 24-48 hours.
13. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be effective 30 days after posting. Your continued use of Hestia after changes constitutes your acceptance of the updated policy. We'll notify you via email or in-app notification for material changes.
Last updated: June 30, 2026. This Privacy Policy is part of Hestia's commitment to privacy and data protection.