Privacy Policy

Effective Date: March 25, 2026 — Updated: March 28, 2026 (added Washington MHMDA section, linked health data policy)

At Hestia, we’re committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Hestia mobile application, the Hestia Chrome browser extension, and our website (collectively, the “Service”).

1. Information We Collect

Account Information

When you create a Hestia account, we collect your name, email address, phone number (optional), and account creation date. If you sign in using a third-party service, we receive information from that provider according to their authorization process.

Meal Preferences & Dietary Information

To personalize your meal planning experience, we collect your dietary preferences (vegetarian, vegan, keto, etc.), dietary restrictions (allergies, intolerances), cuisine preferences, disliked ingredients, and cooking skill level. This data is essential for generating tailored meal plans.

Shopping & Pantry Data

We collect information about products you’ve purchased, items in your shopping cart, your pantry inventory, product categories you browse, and your shopping frequency. This allows us to improve recommendations and price comparison features.

Location Data

With your permission, we collect your approximate location to help you find nearby grocery stores and compare local prices. This data is not used for marketing and is processed with your explicit consent. Location data is not stored long-term; it’s used only during active store-finding sessions.

Device Information

We automatically collect device type, operating system version, app version, device identifiers, and crash/error data. This helps us improve app performance and troubleshoot issues.

Usage Analytics

We track features you use, screens you visit, actions you take (such as generating meal plans or adding items to your pantry), and session duration. This helps us understand how the app is used and improve user experience.

Apple Health Data

With your permission, Hestia integrates with Apple Health (HealthKit) on iOS. This integration is entirely optional and can be enabled or disabled at any time in Settings > Health & Fitness.

Data we read from Apple Health:

• Body weight and height — to personalise your daily calorie and protein targets
• Active energy burned and step count — to estimate your total daily energy expenditure (TDEE) for meal plan accuracy
• Resting energy (basal metabolic rate) — used alongside active energy for TDEE estimation

Data we write to Apple Health:

• Dietary nutrition from your meal plans: calories, protein, fat, carbohydrates, and fiber — so your Apple Health nutrition log stays current with your Hestia plan

How Apple Health data is used:

• Health data is used exclusively to personalise your own meal plans, calorie targets, and nutrition tracking within Hestia
• If you have granted analytics consent, your body weight (not your full HealthKit history) may be included in anonymised weekly health snapshots sent to our servers to compute your Healthy Eating Index score. This is disclosed separately at the analytics consent prompt.
• Apple Health data is never used for advertising, marketing, or behavioural targeting
• Apple Health data is never sold to data brokers, insurance companies, advertisers, or any third party
• Apple Health data is never shared with any third party, including Hestia’s commercial data partners described in Section 3
• Apple Health data is not included in any aggregated market intelligence products

This use complies with Apple’s HealthKit guidelines (App Store Review Guideline 5.1.3). You may revoke HealthKit access at any time via iOS Settings > Privacy & Security > Health > Hestia.

Chrome Extension Data

When you use the Hestia Chrome browser extension on grocery retailer websites (such as Walmart.com or Kroger.com), the extension may collect the following information from pages you actively visit:

• Product information: Product names, UPC codes, and item identifiers visible on pages you browse
• Pricing data: Current prices, sale prices, and promotional pricing displayed on retailer pages you visit
• Store context: The retailer name and your approximate region (to contextualize prices)
• Cart contents: Items in your Hestia shopping list, used to match products at the retailer you are visiting

The extension only reads data from pages you actively navigate to. It does not make background requests to retailer websites beyond what your own browsing causes, and it does not access your retailer account credentials, order history, or payment information.

Missions & Price Contributions

The Hestia Missions program allows you to voluntarily submit grocery price observations in exchange for in-app rewards. When you submit a price through Missions, we collect:

• The product name, UPC, and price you observed
• The retailer and your location at the time of submission (GPS coordinates are collected during active mission submissions to verify store proximity; these are stored alongside your submission but are not shared individually with partners)
• The date and time of submission
• Your Hestia user ID (to credit your reward)

Price submissions are voluntary and user-initiated. You choose what to submit and when. Submitted data becomes part of our aggregated price intelligence database as described in Section 3.

Receipt Data

If you choose to upload a grocery receipt or confirm an online order through Hestia, we collect the itemized purchase data (product names, quantities, prices paid, date, and retailer). This is used to update your pantry inventory, verify your meal plan adherence, and contribute to our aggregated purchase intelligence. Receipt upload is always voluntary and user-initiated.

2. How We Use Your Information

• Personalization: Creating tailored meal plans, product recommendations, and shopping list suggestions based on your preferences and dietary needs
• AI Meal Planning: Generating personalized meal plans using our planning system, taking into account your preferences, restrictions, and available recipes
• Price Comparison: Comparing product prices across retailers and helping you find better deals on items in your shopping list
• Pantry Management: Helping you track inventory and reducing food waste by suggesting recipes using ingredients you already have
• Analytics: Analyzing app usage patterns to improve features, performance, and user experience
• Service Improvement: Troubleshooting bugs, improving performance, and developing new features
• Communication: Sending service notifications, updates, and support responses (you can opt out of non-essential communications)
• Security: Detecting and preventing fraud, abuse, and unauthorized access

3. Data Sharing & Disclosure

We Do Not Sell Your Personal Information

Hestia does not sell, rent, or share your personally identifiable information (your name, email address, account data, or dietary preferences) with third parties for their marketing purposes.

Apple Health data is never shared with any third party under any circumstances.Health and fitness data collected through the HealthKit integration is used solely to provide and improve the health management features within Hestia, as required by Apple’s App Store guidelines (Guideline 5.1.3).

Commercial Licensing of Aggregated Market Intelligence

Hestia operates a grocery market intelligence business. Price observations collected through the Missions program, the Chrome extension, and receipt contributions are aggregated with data from other users to create anonymized market intelligence reports. These reports are licensed to third parties including consumer packaged goods companies, market research firms, and commercial data subscribers.

The aggregated data we license:

• Contains no names, email addresses, or other personal identifiers
• Cannot be used to identify, contact, or target you individually
• Represents statistical trends across thousands of observations (e.g., “the average price of ground beef in the Chicago metro area this week was $4.89/lb”)

You may opt out of your price observation and receipt data being included in commercial data products at any time via Settings > Privacy > Data Contributions. Opting out does not affect your ability to use Hestia or earn Missions rewards, though future rewards for price submissions may not apply if your contributions are excluded from the commercial dataset.

Aggregated & Anonymized Data (Non-Commercial)

We may also share aggregated, de-identified data with academic researchers and public health institutions for non-commercial research purposes. This data cannot be used to identify you individually.

Third-Party Services

We use trusted third-party services to operate the app. These services have contractual obligations to protect your data:

• Analytics: Firebase Analytics (Google) — tracks feature usage and app performance
• Crash Reporting: Sentry — captures error data to help us fix bugs
• Push Notifications: Apple Push Notification service — for recipe recommendations and shopping reminders
• Backend API: Our hosted backend service — processes meal planning, search, and personalization

Legal Requirements

We may disclose your information if required by law, court order, or government request. We’ll notify you of such requests unless prohibited by law.

Business Transfers

If Hestia is acquired or merged with another company, your information may be transferred as part of that transaction. We’ll notify you of such changes.

4. Data Storage & Security

Encryption at Rest

Sensitive data (account credentials, payment methods, dietary information) is encrypted using AES-256 at rest. iOS file protection is enabled to encrypt all app data on your device.

Encryption in Transit

All communication between the app and our servers uses TLS 1.2 or higher with certificate pinning to prevent man-in-the-middle attacks.

Secure Credential Storage

Authentication tokens and sensitive credentials are stored in the iOS Keychain, never in plain text or UserDefaults.

Database Security

Our backend database uses standard security practices including access controls, regular backups, and audit logging. Database connections require authentication and encryption.

Data Retention

We retain your personal data for as long as your account is active or as long as necessary to provide our services. You can request deletion of your account and associated data at any time.

5. Children’s Privacy

Hestia is not directed at children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we become aware that we’ve collected data from a child under 13, we’ll delete it immediately. If you believe we’ve collected data from a child under 13, please contact us immediately at support@hestiaember.com.

6. Your Rights & Data Control

We design our consent mechanisms to provide clear, symmetrical choices. We do not use pre-checked boxes, manipulative visual hierarchy, or other design patterns intended to subvert your autonomy. Withdrawing consent is as easy as giving it.

Access Your Data

You can view most of your personal information within the app under Settings > Account > My Data. For a complete data export, contact us at support@hestiaember.com.

Update Your Information

You can update your profile information, dietary preferences, and email address directly in the app settings at any time.

Delete Your Account

You can delete your account from Settings > Account > Delete Account. This will remove all personal data, meal plans, and shopping lists. Some data may be retained in aggregated form for analytics.

Export Your Data

You can request a copy of your data (meal plans, shopping history, pantry inventory) in a machine-readable format. This typically takes 5-7 business days.

Opt Out of Analytics

You can disable usage analytics in Settings > Privacy > Analytics. This may limit our ability to improve the app’s performance.

Opt Out of Communications

You can disable non-essential notifications (recommendations, deals) in Settings > Notifications. Service notifications (password resets, payment receipts) cannot be disabled.

7. Cookie Policy

App-Based Storage

Since Hestia is a native iOS app, we don’t use traditional HTTP cookies. Instead, we use secure local storage and Keychain for session management.

Web-Based Services

If you visit our website (hestiaember.com), we use minimal cookies:

• Session cookies: To keep you logged in
• Preference cookies: To remember your theme (light/dark mode) and language
• Analytics cookies: To track website usage (can be disabled)

Website Analytics

We use Microsoft Clarity to understand how visitors use our website. Clarity collects information such as which pages you visit, where you click, and how far you scroll - this helps us identify confusing parts of the site and improve the experience. Clarity may use cookies to recognize returning visitors. No personally identifiable information is collected through Clarity. For more information, see Microsoft’s Privacy Statement.

8. California Privacy Rights (CCPA/CPRA)

If you’re a California resident, you have the right to:

• Know what personal information is collected about you and how it is used
• Know whether personal information is sold or disclosed, and to whom
• Opt out of the sale or sharing of personal information
• Access your personal information
• Request deletion of personal information
• Correct inaccurate personal information
• Limit the use of sensitive personal information
• Get equal service and pricing even if you exercise your privacy rights

Do Not Sell or Share My Personal Information:Hestia does not sell your personal information (name, email, account data). However, our aggregated market intelligence business may constitute “sharing” under CPRA in certain circumstances. California residents may opt out of having their price contribution and receipt data included in commercial data products by contacting us or using Settings > Privacy > Data Contributions in the app.

Breach Notification: In the event of a data breach affecting California residents, we will notify affected individuals within 30 calendar days of discovery. If more than 500 California residents are affected, we will submit a sample of the notification to the California Attorney General within 15 calendar daysof notifying affected residents. These timelines comply with California Civil Code § 1798.82, as amended by SB 446 (effective January 1, 2026).

Identity Protection Services:If a breach exposes your social security number, driver’s license number, or California identification card number, and Hestia was the source of the breach, we will provide appropriate identity theft prevention and mitigation services at no cost to you for not less than 12 months.

To exercise your California privacy rights, contact us at support@hestiaember.com with the subject line “California Privacy Request.” We’ll respond within 45 days.

9. Washington State Health Data Rights (MHMDA)

If you are a Washington State resident, the My Health My Data Act (RCW 19.373) provides additional protections for your consumer health data. This section supplements our Health Data Privacy Policy, which contains the full details required under this law.

Consumer health data we collect:

• Body weight and height (from Apple HealthKit, only with your explicit opt-in)
• Dietary patterns and meal plan choices
• Meal plan compliance and consumption data
• Healthy Eating Index (HEI-2020) scores derived from your dietary data

Purposes: This data is used to personalize your meal plans, calorie targets, and nutrition tracking. With separate opt-in consent, anonymized aggregate data (never individual data) may be used for wellness program analytics.

Third-party sharing:Health data is shared with third parties only if you have separately opted in to “Health & Wellness Insights” in Settings > Privacy & Consent. Even then, only aggregate population-level statistics are shared (minimum 50 households per data point, with statistical noise applied). HealthKit-sourced weight data is always excluded from any third-party sharing. Health data is never sold to insurance companies, advertisers, or data brokers.

Your rights under MHMDA:

• Right to know: You can view what health data we hold about you in Settings > Account > My Data
• Right to withdraw consent: You can disable health data sharing at any time in Settings > Privacy & Consent. Changes take effect immediately.
• Right to deletion: You can delete all health data by disconnecting Apple Health (Settings > Health & Fitness > Disconnect). This deletes both local and server-side health data. Full account deletion is also available.
• No conditioning: Hestia works fully without health data consent. Disabling health data sharing does not limit any app features.

Health data consent expires after one year and requires your active renewal. For the complete health data privacy policy required under MHMDA, see hestiaember.com/health-privacy.

To exercise your Washington State health data rights, contact support@hestiaember.com with the subject line “Washington Health Data Request.”

10. GDPR Rights (EU Residents)

If you’re in the EU, you have the right to:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data (the “right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Export your data in a structured format
• Right to Object: Object to certain processing (e.g., marketing)
• Right to Lodge a Complaint: With your local data protection authority

Our legal basis for processing your data is legitimate interest (providing the service) and your consent (for optional features like location). To exercise GDPR rights, contact support@hestiaember.com. We’ll respond within 30 days.

11. Third-Party Links

The app may contain links to third-party retailers, recipe sites, and external services. We’re not responsible for their privacy practices. Review their privacy policies before sharing information.

12. Contact Us

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be effective 30 days after posting. Your continued use of Hestia after changes constitutes your acceptance of the updated policy. We’ll notify you via email or in-app notification for material changes.

Last updated: March 25, 2026. This Privacy Policy is part of Hestia’s commitment to your privacy and data protection.