Privacy Policy

Effective Date: March 25, 2026 — Updated: June 30, 2026

At Hestia, we're committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Hestia mobile application, the Hestia Chrome browser extension, and our website (collectively, the "Service").

1. Information We Collect

Account Information

When you create a Hestia account, we collect your name, email address, phone number (optional), and account creation date. If you sign in using a third-party service, we receive information from that provider according to their authorization process.

Meal Preferences & Dietary Information

To personalize your meal planning experience, we collect your dietary preferences (vegetarian, vegan, keto, etc.), dietary restrictions (allergies, intolerances), cuisine preferences, disliked ingredients, and cooking skill level. This data is essential for generating tailored meal plans.

Shopping & Pantry Data

We collect information about products you've purchased, items in your shopping cart, your pantry inventory, product categories you browse, and your shopping frequency. This allows us to improve recommendations and price comparison features.

Location Data

With your permission, we collect your location to help you find nearby grocery stores and compare local prices. This data is not used for marketing and is processed with your explicit consent.

Background location and geofencing. If you enable it, the iOS app may use location in the background to detect when you arrive at a grocery store (geofencing) so we can prompt relevant features such as price checks. You can disable this at any time.

Stored GPS coordinates. When you submit a price check or a Missions price observation, your submission may attach and store precise GPS coordinates (latitude and longitude) to verify store proximity. These coordinates are stored alongside your submission.

Sensitive information and your choices. Precise geolocation is treated as "sensitive personal information" under the California CPRA, and you have the right to limit its use. You can disable location entirely (foreground and background) in iOS Settings > Privacy & Security > Location Services > Hestia, or grant only "While Using the App" rather than "Always." Disabling location does not prevent you from using the core app.

Device Information

We automatically collect device type, operating system version, app version, device identifiers, and crash/error data. This helps us improve app performance and troubleshoot issues.

Usage Analytics

We track features you use, screens you visit, actions you take (such as generating meal plans or adding items to your pantry), and session duration. This helps us understand how the app is used and improve user experience.

Apple Health Data

With your permission, Hestia integrates with Apple Health (HealthKit) on iOS. This integration is entirely optional and can be enabled or disabled at any time in Settings > Health & Fitness.

Data we read from Apple Health:

Data we write to Apple Health:

How Apple Health data is used:

This use complies with Apple’s HealthKit guidelines (App Store Review Guideline 5.1.3). You may revoke HealthKit access at any time via iOS Settings > Privacy & Security > Health > Hestia.

Chrome Extension Data

When you use the Hestia Chrome browser extension on grocery retailer websites (such as Walmart.com or Kroger.com), the extension may collect the following information from pages you actively visit:

The extension only reads data from pages you actively navigate to. It does not make background requests to retailer websites beyond what your own browsing causes, and it does not access your retailer account credentials, order history, or payment information.

Missions & Price Contributions

The Hestia Missions program allows you to voluntarily submit grocery price observations in exchange for in-app rewards. When you submit a price through Missions, we collect:

Price submissions are voluntary and user-initiated. You choose what to submit and when. Submitted data becomes part of our aggregated price intelligence database as described in Section 3.

Receipt Data

If you choose to upload a grocery receipt, product image, pantry image, or confirm an online order through Hestia, we collect the information needed to process that submission, such as product names, quantities, prices paid, dates, retailers, and image or text content you provide. This is used to provide the feature you requested, update your shopping or pantry records, verify eligible rewards, improve matching accuracy, and support aggregated or de-identified insights as described below. Uploads are voluntary and user-initiated. Please avoid submitting images that include other people, unrelated private documents, payment cards, or information you do not have the right to share.

Hestia Rewards Program: Notice of Financial Incentive

Hestia Rewards is an optional loyalty program that provides a financial incentive in exchange for personal information, as described by the California Consumer Privacy Act (CCPA). This notice explains the program's material terms.

Summary of the incentive. Members earn non-purchasable points for eligible contributions: uploading grocery receipts, confirming or correcting receipt items, scanning products, reporting prices, and completing clearly disclosed Missions. Points are redeemable for grocery and physical-retail merchant gift cards. Points cannot be purchased, and reward amounts are disclosed before you complete an action.

Categories of personal information involved. Purchase and receipt information (items, store, price, date, and package details), product and price observations, receipt and shelf photos you choose to submit, and approximate location when you choose to provide it. Your name, email address, payment details, loyalty card numbers, exact GPS coordinates, and raw receipt images are not included in the data shared with partners; partners receive aggregated or pseudonymous results unless a named sponsored Mission discloses otherwise before you accept it.

Who receives the data and why. Eligible member contributions improve grocery prices for the Hestia community and support verified price intelligence, sponsored-offer measurement, and aggregated market reporting for participating grocery brands, retailers, and research partners. Hestia may be paid for that market intelligence. That payment funds the rewards.

How to opt in. Join Hestia Rewards during onboarding or from your Wallet at any time. Participation is voluntary, and you can use all of Hestia without joining; non-members simply do not earn points and their data is not used for the commercial purposes described above.

How to withdraw. Leave Hestia Rewards at any time in Settings. You keep and may still redeem points you already earned; withdrawal never forfeits earned value. After you leave, your future activity is not used commercially.

Good-faith estimate of the value of the data. Hestia estimates the value of an average member's eligible monthly contributions at up to $5 per calendar month, which matches the program's monthly redemption cap.

Method of calculation. The estimate is based on anticipated partner revenue for verified grocery price intelligence and sponsored-offer measurement, the number and type of verified observations an average member contributes, the cost of validating submissions and preventing fraud, and the cost of providing rewards.

2. How We Use Your Information

3. Data Sharing & Disclosure

We Do Not Sell Your Personal Information

Hestia does not sell, rent, or share your personally identifiable information (your name, email address, account data, or dietary preferences) with third parties for their marketing purposes.

Apple Health data is never shared with any third party under any circumstances. Health and fitness data collected through the HealthKit integration is used solely to provide and improve the health management features within Hestia, as required by Apple’s App Store guidelines (Guideline 5.1.3).

Aggregated and De-Identified Insights

Some Hestia features allow you to contribute grocery prices, receipt information, product observations, or shopping context. We may combine these contributions with information from other users to create aggregated or de-identified insights, reports, datasets, or analytics. These may be used by Hestia and may be provided to business, research, or operational partners.

These aggregated or de-identified outputs:

You may opt out of having your eligible contributions included in commercial insight products at any time via Settings > Privacy > Data Contributions. Opting out does not affect your ability to use Hestia or earn rewards unless a specific reward requires an eligible contribution and that requirement is disclosed in the app.

Aggregated & Anonymized Data (Non-Commercial)

We may also share aggregated, de-identified data with academic researchers and public health institutions for non-commercial research purposes. This data cannot be used to identify you individually.

Third-Party Services

We use trusted service providers to operate the Service. We share only the information reasonably needed for the provider to perform its role, and we require appropriate confidentiality, security, and limited-use protections where applicable. Provider categories may include:

If you request a refund or billing review through an app store or payment provider, we may share limited transaction, subscription, entitlement, fraud-prevention, and app-usage information with that provider so the request can be assessed and processed.

Legal Requirements

We may disclose your information if required by law, court order, or government request. We'll notify you of such requests unless prohibited by law.

Business Transfers

If Hestia is acquired or merged with another company, your information may be transferred as part of that transaction. We'll notify you of such changes.

4. Data Storage & Security

Encryption at Rest

Sensitive data is protected using provider-managed encryption at rest and access controls. iOS file protection is enabled for protected local app exports and app data on your device.

Encryption in Transit

Communication between the app and our servers uses HTTPS/TLS. Where implemented in the native app, certificate pinning adds protection against man-in-the-middle attacks.

Secure Credential Storage

Authentication tokens and sensitive credentials are stored in the iOS Keychain, never in plain text or UserDefaults.

Database Security

Our backend database uses standard security practices including access controls, regular backups, and audit logging. Database connections require authentication and encryption.

Data Retention

We retain different categories of information for different periods depending on why we collected them. Account, subscription, shopping, pantry, receipt, reward, support, audit, and security records are retained while needed to provide the Service, comply with legal and accounting obligations, resolve disputes, prevent fraud and abuse, enforce our terms, and maintain reliable backups. User-initiated uploads and AI/OCR inputs are retained only as long as needed for the feature, support, safety, audit, or improvement purposes described in this policy unless a longer retention period is required by law or selected by you. Aggregated or de-identified information that no longer identifies you may be retained and used without a fixed deletion date. You can request deletion of your account and eligible associated data at any time.

5. Children's Privacy

Hestia accounts are intended for users who are at least 13 years old unless a parent or guardian completes the verifiable parental-consent flow for a child. In the United States, consistent with COPPA, we do not knowingly collect personal information from children under 13 without verifiable parental consent; if we learn that we collected it without the required consent, we delete it.

In the EU/EEA and the UK, the minimum age to consent to an online service is 16 in some countries and as low as 13 in others. Hestia does not knowingly process the personal data of anyone below the applicable digital-consent age in their country without verifiable parental consent. Where household meal planning involves information about children (for example, the number, ages, or dietary needs of family members), that information is provided by the adult account holder, is used solely to size and tailor the household's meal plan, and is never used to build a profile of, advertise to, or contact a child.

If you believe a child has provided us personal data without appropriate consent, contact us at support@hestiaember.com and we will delete it.

6. Your Rights & Data Control

We design our consent mechanisms to provide clear, symmetrical choices. We do not use pre-checked boxes, manipulative visual hierarchy, or other design patterns intended to subvert your autonomy. Withdrawing consent is as easy as giving it.

Access Your Data

You can view most of your personal information within the app under Account settings. You can download your account data directly from the iOS Account > Privacy screen or the web Account > Privacy data controls.

Update Your Information

You can update your profile information and dietary preferences directly in the app settings. Account email changes require support-assisted verification for now; contact support@hestiaember.com if you need to change the email used for recovery, billing, legal notices, or household invites.

Delete Your Account

You can delete your account from Settings > Account > Delete Account. This starts account deletion, revokes access tokens, removes active access to meal plans and shopping lists, and schedules eligible account data for purge. Some records may be retained where required for security, legal, audit, or aggregated analytics purposes.

Export Your Data

Self-service export provides available account data, including meal plans, shopping history, and pantry inventory, in a machine-readable JSON format. If the self-service export is unavailable or you need a special request, contact support@hestiaember.com and we will respond within the time required by applicable law.

Opt Out of Analytics

You can disable usage analytics in Settings > Privacy > Analytics. This may limit our ability to improve the app's performance.

Opt Out of Communications

You can disable non-essential notifications (recommendations, deals) in Settings > Notifications. Service notifications (password resets, payment receipts) cannot be disabled.

7. Cookie Policy

App-Based Storage

Since Hestia is a native iOS app, we don't use traditional HTTP cookies. Instead, we use secure local storage and Keychain for session management.

Web-Based Services

If you visit our website (hestiaember.com), we use minimal cookies:

Website Analytics & Advertising

To understand how visitors use our website and to measure our advertising, we may use analytics, session-measurement, advertising-conversion, and aggregate traffic tools. These tools load only after you accept them in our cookie banner where consent is required; if you reject (or your browser sends a Global Privacy Control signal), non-essential advertising and analytics trackers are not loaded.

8. California Privacy Rights (CCPA/CPRA)

If you're a California resident, you have the right to:

Do Not Sell or Share My Personal Information

Hestia does not sell your name, email address, account credentials, or individual profile to data brokers. However, under the California Consumer Privacy Act as amended by the CPRA, certain disclosures — including commercial use of aggregated or de-identified grocery insights and the use of advertising or analytics trackers on our website — may be considered a "sale" or "sharing." California residents and residents of other states with comparable laws have the right to opt out.

We honor the Global Privacy Control (GPC). If your browser or a browser extension sends a GPC signal, we treat it as a valid opt-out request for that browser and do not load advertising or analytics trackers.

You can opt out of the sale or sharing of your personal information in any of the following ways:

Opting out does not affect your ability to use Hestia or earn Missions rewards.

Breach Notification: In the event of a data breach affecting California residents, we will notify affected individuals within 30 calendar days of discovery. If more than 500 California residents are affected, we will submit a sample of the notification to the California Attorney General within 15 calendar days of notifying affected residents. These timelines comply with California Civil Code § 1798.82, as amended by SB 446 (effective January 1, 2026).

Identity Protection Services: If a breach exposes your social security number, driver's license number, or California identification card number, and Hestia was the source of the breach, we will provide appropriate identity theft prevention and mitigation services at no cost to you for not less than 12 months.

To exercise your California privacy rights, contact us at support@hestiaember.com with the subject line "California Privacy Request." We'll respond within 45 days.

9. Washington State Health Data Rights (MHMDA)

If you are a Washington State resident, the My Health My Data Act (RCW 19.373) provides additional protections for your consumer health data. This section supplements our Health Data Privacy Policy, which contains the full details required under this law.

Consumer health data we collect:

Purposes: This data is used to personalize your meal plans, calorie targets, and nutrition tracking. With separate opt-in consent, anonymized aggregate data (never individual data) may be used for wellness program analytics.

Third-party sharing: Health data is shared with third parties only if you have separately opted in to "Health & Wellness Insights" in Settings > Privacy & Consent. Even then, only aggregate population-level statistics are shared (minimum 50 households per data point, with statistical noise applied). HealthKit-sourced weight data is always excluded from any third-party sharing. Health data is never sold to insurance companies, advertisers, or data brokers.

Your rights under MHMDA:

Health data consent expires after one year and requires your active renewal. For the complete health data privacy policy required under MHMDA, see hestiaember.com/health-privacy.

To exercise your Washington State health data rights, contact support@hestiaember.com with the subject line "Washington Health Data Request."

10. GDPR Rights (EU Residents)

If you're in the EU, you have the right to:

Legal Bases for Processing

Where the EU/UK GDPR applies, we rely on the following legal bases:

International Data Transfers

Hestia is operated from the United States, and your personal data is stored and processed on servers located in the United States. When we transfer personal data from the EEA, the UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses, together with the UK International Data Transfer Addendum, entered into with the service providers that process your data. You may request a copy of the relevant safeguards by contacting us.

Automated Decision-Making

Hestia generates your meal plans using an automated planning system that weighs your stated preferences, dietary restrictions, budget, and the available recipe catalogue. This personalizes the Service and does not produce legal or similarly significant effects on you within the meaning of Art. 22 GDPR. You remain free to edit, reject, or regenerate any plan, and you may contact us for a human review of any automated output.

Data Controller and EU/UK Representative

The data controller for your personal data is Hestia Labs LLC (United States). Hestia is currently directed at users in the United States. We do not yet offer the Service to, or target, residents of the EU/EEA or the United Kingdom. Before we make the Service available to EU/EEA or UK residents, we will appoint representatives under Art. 27 GDPR and Art. 27 UK GDPR and publish their names and contact details here. The rights described in this section apply to the extent the EU GDPR or UK GDPR applies to you.

How to Exercise Your Rights

To exercise any GDPR right, contact support@hestiaember.com. We will respond within one month, extendable by up to two further months for complex requests, and we will tell you if an extension applies. You also have the right to lodge a complaint with your local data protection supervisory authority.

11. Third-Party Links

The app may contain links to third-party retailers, recipe sites, and external services. We're not responsible for their privacy practices. Review their privacy policies before sharing information.

12. Contact Us

Questions about our Privacy Policy?

Email: support@hestiaember.com

We typically respond within 24-48 hours.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be effective 30 days after posting. Your continued use of Hestia after changes constitutes your acceptance of the updated policy. We'll notify you via email or in-app notification for material changes.

Last updated: June 30, 2026. This Privacy Policy is part of Hestia's commitment to privacy and data protection.