← Back

Privacy Policy

Last updated: March 2026

1. Overview

Onyx Tenet is designed with privacy as a first principle. The core principle: your core nutrition data stays on your device.

2. What data we collect

  • On-device data: All nutrition logs, food entries, weight records, and profile information are stored locally on your device using SwiftData (iOS) or Room (Android). This data is never uploaded to our servers.
  • Anonymous analytics: We use PostHog to collect anonymous usage events such as screen views, feature interactions, app version, and device/OS information. No personally identifiable information, food logs, or HealthKit data is included. You can disable this in Settings.
  • Crash reports: We use Sentry to collect anonymised crash reports. These contain device/OS information and stack traces — never your nutrition or personal data.
  • Barcode lookups: When you scan a barcode, the barcode number is sent to OpenFoodFacts (world.openfoodfacts.org) to retrieve product information. No personal data is attached to this request.
  • AI estimation: If you use the AI estimation feature, a resized meal photo, an optional text description, and a random app-generated device identifier are sent to our Firebase Cloud Function. The photo and description are forwarded to Google Gemini to return the estimate. The random identifier is used only to enforce daily AI rate limits and is not tied to an account or your real-world identity.

3. Optional backup account

You may optionally enable cloud backup in Settings. If you do:

  • Email address: We collect your email address via Firebase Authentication for passwordless sign-in. Your email is stored only in Firebase Auth and is not sent to analytics services.
  • Backup data: A compressed snapshot of your nutrition logs, food items, weight entries, and profile settings is uploaded to Firebase Cloud Storage. Backups are isolated per user and automatically deleted after one year.
  • Pseudonymous analytics: If you have both backup and analytics enabled, we identify your analytics profile using your Firebase UID (not your email). This provides cross-session continuity without linking analytics to your real-world identity.

Backup is entirely optional. You can disable it at any time in Settings, which stops future backups. Existing cloud backups are retained until they expire.

4. What we do not collect

  • No account is required to use the app — backup accounts are optional.
  • No location data.
  • No advertising identifiers.
  • No HealthKit or Health Connect data leaves your device.
  • Your email is never sent to PostHog, Google Analytics, or any analytics service.

5. Cookies and website analytics

Our website uses PostHog in cookieless mode to count page views and navigation patterns. PostHog sets no cookies and stores nothing on your device: each visit is counted using a server-computed hash of your IP address and browser user-agent combined with a salt that rotates and is destroyed every 24 hours, producing an aggregate statistic that cannot be linked back to you or across days.

Optional Google Analytics and Reddit advertising cookies are only set after you give consent via the banner shown on your first visit. You can decline at any time, and you can clear cookies through your browser settings. No cookies are set for cross-site tracking beyond the scope of advertising attribution.

6. Email signups

If you sign up for early access on our website, we store your email address via SendGrid to send you product updates. You can unsubscribe at any time. We will never sell your email address.

7. HealthKit and Health Connect

On iOS, we request read access to weight, active energy, and resting energy from HealthKit — used only to improve TDEE accuracy. This data is processed on-device and never leaves your phone. On Android, we use Health Connect for the same purpose.

8. Data deletion

Uninstalling the app removes your on-device nutrition data. Separate server-side records may still exist according to provider retention windows, including anonymous analytics, anonymised crash reports, AI rate-limit records keyed only to the random app-generated device identifier, and cloud backup snapshots (if enabled, retained up to one year). If you signed up for email updates, unsubscribe via the link in any email we’ve sent.

9. Third-party services

  • OpenFoodFacts (barcode data): world.openfoodfacts.org
  • PostHog (anonymous analytics, in-app + website): posthog.com
  • Google Analytics (website analytics, consent-gated): analytics.google.com
  • Sentry (crash reporting): sentry.io
  • Firebase (AI proxy, auth, cloud storage): firebase.google.com
  • Google Gemini (AI estimation): ai.google.dev
  • SendGrid (email, website only): sendgrid.com

10. Contact

Questions about privacy: support@onyxtenet.com

We use cookies to improve your experience and guide the product roadmap. Learn more