Sign in
← Back to Home

Privacy Policy

Last updated: February 15, 2025

1. Who We Are

Okra ("we", "us", "our") is the name under which the operator of okra.recipes and the Okra app provides the services described in this policy. For the purposes of UK data protection law, the operator is the data controller of your personal data. We can be contacted at the details in section 15; our registered or business address is available on request where required (for example, when exercising your data protection rights).

We operate:

  • The Okra marketing website (okra.recipes)
  • The Okra recipe manager and meal planning web application
  • Related backend services

We comply with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Where applicable, the EU GDPR
  • The California Consumer Privacy Act (CCPA)

2. Personal Data We Collect

A. Marketing Website

When you browse our marketing site, we may collect:

  • Usage data (pages visited, referring URLs)
  • Device and browser information
  • Analytics data (via Google Analytics)
  • Error and performance data (via Sentry)
  • Cookie identifiers (where consent is provided)

B. Okra App (Registered Users)

When you create an account and use the app, we collect:

  • Account information (email address, first name, last name)
  • Authentication identifier (WorkOS ID)
  • Subscription or plan information
  • Recipes and meal plans you create, save, or import
  • Uploaded images
  • App usage data (feature usage and activity logs)
  • Technical logs and error data

Some information is required to provide the service. If you do not provide required information, we may be unable to create or maintain your account.

3. How We Collect Your Data

We collect data:

  • Directly from you when you register or use the app
  • Automatically via cookies and analytics tools (with consent where required)
  • From our authentication provider (WorkOS) when you sign up

4. Lawful Bases for Processing (UK GDPR)

We process your personal data under the following lawful bases:

PurposeLawful Basis
Creating and managing your accountPerformance of a contract
Storing and syncing recipesPerformance of a contract
Providing customer supportContract / Legitimate interests
Service-related emailsContract
Improving the appLegitimate interests
Error monitoring and securityLegitimate interests
Marketing site analyticsConsent
Legal complianceLegal obligation

Where we rely on legitimate interests, we ensure this does not override your rights.

5. How We Use Your Data

We use your personal data to:

  • Provide, operate, and maintain the Okra app
  • Authenticate users and manage accounts
  • Store and sync recipes and meal plans
  • Process subscription tiers and feature access
  • Send service-related communications
  • Monitor and improve system performance
  • Detect, prevent, and address security issues
  • Comply with legal obligations

We do not use your recipes or content to train AI models.

You retain ownership of the recipes and content you create.

6. Cookies

We use cookies and similar technologies on our marketing website for:

  • Analytics
  • Performance monitoring
  • Remembering preferences

Non-essential cookies are only set with your consent.

You can withdraw consent at any time via your browser settings.

7. Sharing Your Personal Data

We share personal data only where necessary with service providers who process data on our behalf, including:

  • WorkOS – authentication services
  • Google Analytics – website analytics
  • Sentry – error monitoring
  • Cloud hosting and infrastructure providers

These providers are bound by contractual data protection obligations.

We may also disclose data:

  • To comply with legal obligations
  • To regulators or law enforcement where required
  • During a business sale or restructuring (subject to confidentiality safeguards)

We do not sell or share your personal data for advertising purposes.

8. International Transfers

Some service providers may process data outside the UK.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • The UK International Data Transfer Agreement (IDTA)
  • Standard Contractual Clauses (SCCs)

You may contact us for more information about safeguards used.

9. Data Retention

We retain personal data only as long as necessary.

  • Account data: retained while your account is active
  • Deleted account data: retained for a limited period in backups (typically up to 90 days)
  • Error logs: retained for a short period (e.g. up to 30 days)
  • Analytics data: retained in line with our analytics provider's retention (e.g. up to 14 months)
  • Legal compliance records: retained as required by law

We may retain anonymised data indefinitely.

10. Your Rights (UK / EU)

Under UK GDPR (and EU GDPR where applicable), you have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)
  • Not be subject to automated decision-making with legal or similarly significant effects

We do not carry out automated decision-making that produces legal or similarly significant effects.

To exercise your rights, contact us at [email protected]. We will respond within one month, unless legally permitted to extend this period.

You also have the right to complain to the UK Information Commissioner's Office (ICO).

11. California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect
  • Request access to your information
  • Request deletion (subject to exceptions)
  • Not be discriminated against for exercising your rights

We do not sell personal information.

12. Security

We implement appropriate technical and organisational security measures, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls and authentication
  • Secure cloud hosting
  • Monitoring for unauthorised access

However, no system is completely secure, and we cannot guarantee absolute security.

13. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page and the "Last updated" date will be revised.

Continued use of our services after updates constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, wish to exercise your rights, or make a complaint, please contact:

Email: [email protected]

Our registered or business address is available on request when you contact us (for example, when exercising your data protection rights).