Ketoly Privacy Policy

Effective date: 2026-05-07. Last updated: 2026-05-11.

This Privacy Policy explains how Ketoly (“we”, “us”, “our”) collects, uses, shares, and safeguards information when you use the Ketoly mobile application (the “App”) and related services (collectively, the “Service”). The App is offered for download in the United States, Canada, Australia, and New Zealand only, and this policy is written to comply with the laws of those four countries — in particular the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act, the Washington My Health My Data Act (“MHMDA”), Canada’s PIPEDA and Quebec Law 25, the Australian Privacy Act 1988 and the Australian Privacy Principles (“APPs”), the New Zealand Privacy Act 2020, the Turkish KVKK (Kişisel Verilerin Korunması Kanunu — our home jurisdiction), and Apple’s App Store Review Guidelines.

Washington residents: sections of this policy that specifically apply to you under the Washington My Health My Data Act are collected in Section 13 (Consumer Health Data Notice) below.

If anything in this policy is unclear, or you want to exercise any of the rights described below, contact us at privacy@ketoly.app.

1. Who we are

Ketoly is an iOS application that helps people track ketogenic meals, hydration, intermittent fasts, weight, and recipe choices. It is operated by Aslıhan Akar (individual) from Türkiye, with all backend infrastructure hosted on Amazon Web Services in the us-east-1 (N. Virginia) region.

Apple App Store identifier: com.ketoly.app.

The App is available for download in the United States, Canada, Australia, and New Zealand. If you reside outside these countries, the App is not offered to you and we do not knowingly collect your personal information.

2. Information we collect

All personal information described in this Section is collected directly from you through the App’s signup, onboarding, daily-logging, and profile screens. We do not receive personal information about you from any third-party data broker, advertising network, social-media integration, marketing partner, or other indirect source. (This satisfies the “categories of sources” disclosure under CCPA Reg. §7011(e)(1)(B) and the “how we collect” requirement under Australian Privacy Principle 1.4(c).)

2.1 Account information

Email address. Used to create your account, send verification codes, and recover access. Stored in Amazon Cognito.
First name. Optional; used to personalize greetings and notifications.
A randomly assigned user identifier (“sub”) generated by Cognito at signup. Used internally to key all data we hold for you.
Hashed password. Managed entirely by Cognito. We never see or store your password ourselves.
Health-data authorization timestamp. The date and time you authorized the collection of your health-related data, recorded when you ticked the authorization box at signup (see Section 13 and our in-app signup flow).

2.2 Profile and goals

Demographic data you choose to share during onboarding: gender, age, height, weight, target weight, activity level, country, motivation, cooking time preference, allergies, disliked food categories, cuisine preference, and macro / water targets.
Notification preference and reminder time.
Premium subscription status (free, monthly, annual) and the associated StoreKit productId and originalTransactionId returned by Apple when you subscribe.

2.3 Tracking and logs

We store the entries you create in the App:

Food logs — meal type, portion, food identifier, calories, fat, protein, total carbs, fiber, net carbs, sodium, potassium, magnesium, timestamp.
Custom foods you submit — name, macros, your user identifier as submittedBy.
Water intake logs — amount, date, timestamp.
Fasting sessions — start time, end time, target hours, fast type, optional notes.
Weight history — weight in kilograms, date, timestamp.
Recipe favorites and ratings — recipe identifier, star rating, created/updated timestamps. Reviews with text are not yet collected.
Streak data — current streak, longest streak, last keto day, total keto days, milestone history.
Meal plans generated for you.

2.4 Device and push registration

APNs device token + SNS endpoint ARN. When you enable push notifications, your device token is exchanged with Apple Push Notification service and stored on AWS SNS. The ARN that AWS returns is saved alongside your profile so we can deliver streak / milestone reminders.
Time zone. Used to evaluate streaks at your local midnight and to send reminders in your local time. We do not collect your location.

2.5 Apple Health (HealthKit)

With your explicit permission, the App reads your weight, body fat percentage, active energy, and workout sessions from Apple Health to keep your stats accurate, and writes the meals, water, and weight you log back to Apple Health so other apps stay in sync. HealthKit data never leaves your device. It is read and written entirely on-device by the App; it is not transmitted to our servers, to AWS, or to any third party. Under Apple’s privacy framework and under MHMDA, on-device-only access does not constitute “collection” by us.

2.6 Camera (barcode scanner)

With your explicit permission, the App accesses the camera solely to decode barcodes on packaged foods. We do not save photos or video frames; barcode strings are forwarded to OpenFoodFacts to look up nutrition data.

2.7 Server-side request logs

IP address, user agent, request timestamp, API endpoint, and HTTP status code. Logged automatically by Amazon API Gateway and AWS CloudWatch when your App makes a request to our backend. Used solely for security monitoring, abuse prevention, and operational debugging. These logs are retained for 30 days and then purged. They contain no log payloads or request bodies.

2.8 Information we do not collect

We do not collect precise or coarse location.
We do not use any third-party analytics, advertising, or attribution SDKs (no Firebase, Amplitude, Segment, Mixpanel, AppsFlyer, Branch, etc.).
We do not access your contacts, photo library, microphone, or Bluetooth.
We do not store payment card numbers; subscription billing is handled entirely by Apple.

3. How we use this information

We use the data above only to:

Provide the Service — sign you in, store and display your logs, generate meal plans and shopping lists, evaluate keto streaks.
Send notifications you’ve opted into (streak reminders, milestones, “streak at risk” warnings).
Personalize the macros, mascot states, and recipe suggestions shown to you. These computations are deterministic rules applied to the inputs you give us; we do not run any profiling, machine-learning, or automated decision-making that produces legal or similarly significant effects on you.
Validate your subscription purchases with Apple’s App Store servers.
Diagnose problems and prevent abuse using server-side logs that contain user IDs but not data contents.

Apart from notifications you have explicitly opted into (point 2 above), we do not send marketing or promotional emails. The only emails you will receive from us are transactional: email-verification codes, password-reset codes, and any required legal notices such as breach notifications or material changes to this Policy.

We do not sell, rent, share, or trade personal information for monetary or other valuable consideration. We do not use your data for behavioral advertising or to train any third-party machine-learning models.

Sensitive personal information (CPRA §7027(m)): the health, weight, and dietary information described in Section 2 is “Sensitive Personal Information” under the California Privacy Rights Act. We process it solely to perform the services you reasonably expect from a keto-tracking app — recording your logs, computing your macros, generating meal plans, and displaying your trends. This use falls within the §7027(m)(1) exemption to the right to limit. We do not infer additional characteristics about you, profile you for marketing, or share this data outside the processors listed in Section 4.

4. Third parties that process data on our behalf

Provider	Purpose	What they receive
Amazon Web Services (us-east-1)	Hosting (Lambda, DynamoDB, S3, CloudFront, API Gateway)	All data described in Section 2 except HealthKit data.
Amazon Cognito (AWS)	Authentication + password hashing	Email, password (never seen by us), name, email verification codes.
Amazon SNS (AWS)	APNs push delivery	APNs device token, message payloads (streak reminders).
Apple Push Notification service (Apple Inc.)	Delivers pushes to your device	Notification payloads, your device token.
Apple App Store / StoreKit (Apple Inc.)	Subscription processing	Apple receipt and `originalTransactionId`. We never see your card details.
USDA FoodData Central (U.S. Department of Agriculture, public API)	Generic food nutrition lookup	The search query you typed (e.g. “broccoli”). No user identifier.
Open Food Facts (non-profit, EU)	Barcode-to-nutrition lookup	The scanned barcode. No user identifier.

These are processors only. They are bound by their own published privacy policies and contractual data-processing terms with us. None of them receive your HealthKit data. None of them sell your data or use it for advertising on our behalf.

When you tap a link inside the App that leads outside our Service — for example to the Apple App Store, the Apple Subscriptions screen, the OAIC complaint page, the AAA arbitration site, or one of the data-protection regulator pages cited in Section 6 — you navigate to a third-party site that has its own privacy policy. This Policy does not govern those sites and we are not responsible for their content or practices.

5. Where we store data and how long we keep it

All server-side data lives in the AWS us-east-1 region (Northern Virginia, USA). Data uploaded from Canada, Australia, or New Zealand is transferred to and stored in the United States; see Section 9.
Logs (food, water, fasts, weight) are retained for the lifetime of your account because the core utility of the App — long-term trend analysis, streak history, and weight tracking over months or years — requires complete historical access. You can delete any individual log entry from inside the App at any time.
We retain server-side debugging logs (user identifiers and request metadata, no log contents) for 30 days.
When you delete your account (Section 7) we erase all of the above immediately.
DynamoDB point-in-time-recovery (PITR) backups are not separately retained beyond AWS’s 35-day rolling window. After 35 days from deletion, the data is unrecoverable, including from backups. We do not use backed-up data except in the event we need to restore the database after an operational failure.

6. Your rights

This section sets out the rights available to you depending on where you live. To exercise any right that isn’t already self-serve in the App, email privacy@ketoly.app from the address associated with your account. We respond within 45 days, with a single permitted extension of up to a further 45 days where reasonably necessary, as required under California law. We may request limited information solely to verify the request — typically a confirmation reply from the same email address on file — and we will not require you to create a new account for that purpose. We will not deny the Service, charge different prices, or provide a different level of quality because you exercised any right below.

6.1 All users

You may, at any time:

Know what personal information we collect, use, and share — this policy is intended to satisfy that requirement.
Access a copy of your data. Settings → Account → Export My Data, or GET /user/export if you prefer the API. We return a JSON file with every record under your user identifier.
Correct any inaccurate data via the in-app profile screens.
Delete your account and all associated data: Settings → Account → Delete Account. Deletion is immediate and removes the Cognito user, the SNS push endpoint, and every DynamoDB row keyed by your user identifier. Your active App Store subscription is not cancelled automatically — manage that from Settings → Apple ID → Subscriptions.
Withdraw consent for the collection of health-related data by deleting your account, which terminates all further processing.

6.2 California (CCPA / CPRA)

In addition to Section 6.1, California residents have the right to:

Opt out of the sale or sharing of personal information. We do not sell or share your personal information for monetary or other valuable consideration. There is no opt-out to enable because the category does not apply to our processing.
Limit use of sensitive personal information. We process the health, weight, and dietary information described in Section 2.2–2.3 solely to provide the Service you requested, which falls within the §7027(m)(1) exemption under CCPA regulations. As a result, no separate “Limit the Use of My Sensitive Personal Information” link is required under CPRA. If you would still like us to stop processing this data, the practical mechanism is to delete your account (Section 7).
Shine the Light (Civil Code §1798.83). We do not share personal information with third parties for those parties’ direct marketing purposes; therefore no additional disclosure is required under §1798.83.
Notice of financial incentive. We do not offer financial incentives in exchange for personal information.
Global Privacy Control (GPC). We honor opt-out preference signals sent via Global Privacy Control. Because we do not sell or share personal information for cross-context behavioral advertising in any case, the practical effect of a GPC signal on our processing is the same as our default — no targeted-advertising opt-out is engaged because none is needed.
Authorized agent. You may designate an authorized agent to submit a CCPA request on your behalf. We will require (a) written proof of the agent’s authority signed by you, and (b) direct verification of your own identity from the email address on file before we act on the request.
Past-12-month disclosure. In the preceding 12 months we have not sold any personal information, have not shared any personal information for cross-context behavioral advertising, and have not disclosed personal information to any third party except the processors listed in Section 4 and only for the purposes described there.

For complaints about how we handle your data, you may contact the California Department of Consumer Affairs (Civil Code §1789.3 — see also Terms of Use §13).

6.3 Washington (My Health My Data Act)

See Section 13 below for the Consumer Health Data Notice that applies specifically to Washington residents.

6.4 Canada — federal (PIPEDA)

Canadian residents have the right to access, correct, and challenge compliance with respect to their personal information. The accountable person for the protection of personal information is:

Aslıhan Akar Email: privacy@ketoly.app

If we cannot resolve a concern, you have the right to contact the Office of the Privacy Commissioner of Canada at https://priv.gc.ca.

6.5 Quebec (Law 25)

In addition to Section 6.4, residents of Quebec have:

The right to data portability — covered by our Export My Data feature (Section 6.1).
The right to be informed about automated decision-making. The App uses deterministic rules to compute your macro targets, generate meal plans, and evaluate streaks. These are not machine-learning models and do not produce legal or similarly significant decisions about you. You may contact us for further information about these rules.
A designated person responsible for the protection of personal information: Aslıhan Akar (contact above), serving as our privacy officer for Law 25 purposes.
The right to lodge a complaint with the Commission d’accès à l’information du Québec.

Cross-border transfers from Quebec to the United States are subject to a privacy impact analysis we have completed internally; the U.S. data protection regime, combined with our contractual safeguards with AWS, provides protection equivalent to that available in Quebec for our processing context.

6.6 Australia (Privacy Act 1988 + Australian Privacy Principles)

Australian residents have the rights set out in the Australian Privacy Principles (APPs), including:

APP 6 — to know how your personal information is used and disclosed.
APP 8 (cross-border disclosure) — your information is held with AWS in the United States. AWS is contractually bound to protect personal information in a manner consistent with the APPs, and we have taken reasonable steps to ensure equivalent treatment.
APP 11 — security of personal information (see Section 10).
APP 12 / 13 — access and correction (covered by Section 6.1).

Complaints may be directed to us at privacy@ketoly.app in the first instance. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at https://oaic.gov.au.

We will notify you and the OAIC of any eligible data breach in accordance with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988).

6.7 New Zealand (Privacy Act 2020)

Residents of New Zealand have the rights set out in the Information Privacy Principles (IPPs) under the Privacy Act 2020, including the right to access (IPP 6) and correct (IPP 7) personal information.

IPP 12 (cross-border disclosure) — your information is transferred to and held with AWS in the United States. We rely on the contractual protections in place with AWS, supplemented by your express authorization at signup, as the basis for that transfer.
Notifiable privacy breach scheme. We will notify the Office of the Privacy Commissioner of New Zealand and affected individuals of any privacy breach causing or likely to cause serious harm, in accordance with Part 6 of the Privacy Act 2020.

Complaints may be directed to us first; if unresolved you may contact the Office of the Privacy Commissioner at https://privacy.org.nz.

6.8 Türkiye (KVKK — operator’s home jurisdiction)

Aslıhan Akar, as the data controller (veri sorumlusu) under Türkiye’s Personal Data Protection Law No. 6698 (KVKK), discloses that health-related data described in Section 2 constitutes “special category personal data” (özel nitelikli kişisel veri) under KVKK Article 6. We process this data on the basis of your explicit consent (açık rıza), recorded at signup. You have the rights granted under KVKK Article 11, including the rights to information, access, rectification, deletion, and to object to automated processing. Requests under KVKK may be sent to privacy@ketoly.app.

7. Account deletion (Apple Guideline 5.1.1(v))

You can delete your account from inside the App: Settings → Account → Delete Account. Confirm twice and the App will:

Send a DELETE /user/account request authenticated with your access token.
The server removes every DynamoDB row under your user identifier (profile, streak, weight history, food / water / fasting logs, meal plan, recipe favorites and ratings, custom foods you submitted, and your health-data authorization record).
The server deletes your SNS push endpoint, then deletes your Cognito account.
The App clears its local keychain and caches.

After this completes, you cannot recover your data. Sign-in with the same email is permitted but starts a fresh, empty account. Deleting your account also functions as a withdrawal of your authorization for the collection of consumer health data under Washington MHMDA and KVKK.

8. Children’s privacy

Ketoly is not directed to children under 13. We do not knowingly collect personal information from children. If we discover that an account belongs to a child under 13, we will delete the account and any associated data within 30 days. If you believe a child has provided us with personal information, contact privacy@ketoly.app and we will act promptly.

9. International transfers

The App is offered only in the United States, Canada, Australia, and New Zealand. All server-side data is processed and stored in the United States (AWS us-east-1).

For users in Canada, Australia, and New Zealand, your personal information is transferred to the United States. The legal basis for this transfer is your express authorization at signup, supplemented by contractual data-protection commitments with AWS.
The U.S. data-protection regime differs in some respects from that of your country of residence. Where required, we have completed a cross-border transfer assessment and concluded that, in combination with the technical and organizational safeguards in Section 10, the level of protection is appropriate for the processing context.

10. Security

We implement industry-standard safeguards:

TLS 1.2+ in transit between the App and AWS.
At-rest encryption for DynamoDB (KMS) and S3 (AES-256).
Cognito-managed password hashing; no plain-text storage.
Least-privilege IAM roles for every Lambda function.
HealthKit data never leaves the device.

No system is perfect, however. If we discover a data breach affecting your personal information, we will notify you and the relevant supervisory authority without unreasonable delay, in accordance with:

California Civil Code §1798.82 (most expedient time possible),
The Australian Notifiable Data Breaches scheme (Privacy Act Part IIIC),
The New Zealand Privacy Act 2020 Part 6 (notifiable privacy breaches),
Quebec Law 25 (notification to the CAI without delay), and
KVKK Article 12 (notification to the Personal Data Protection Board within 72 hours of becoming aware).

11. Changes to this policy

We will post any material change to this policy at the same URL where you found it and update the “Last updated” date above. If a change substantively expands what we collect or how we use it, we will also notify you in-app before the change takes effect, and (where required by law) request a fresh authorization.

12. Contact

Aslıhan Akar Türkiye Privacy / data rights: privacy@ketoly.app General questions: support@ketoly.app

13. Consumer Health Data Notice (Washington My Health My Data Act)

This section is the dedicated Consumer Health Data Privacy Policy required by RCW 19.373 (Washington’s My Health My Data Act, “MHMDA”). It applies to Washington residents and to any consumer whose consumer health data we collect while they are physically present in Washington. It supplements — and is incorporated into — the rest of this Privacy Policy.

13.1 What is “consumer health data”?

Under MHMDA, “consumer health data” is personal information linked or reasonably linkable to you that identifies your past, present, or future physical or mental health status. For Ketoly, this means:

Body metrics: weight, height, body fat percentage, target weight.
Diet metrics: food logs, custom foods, calorie / macro / fiber / net carb intake, water intake.
Behavioral health metrics: fasting sessions, streaks, mascot states.
Profile inputs that signal health status: gender, age, activity level, allergies, motivation.

13.2 How we collect it

You provide it directly through the App’s signup, onboarding, and daily logging screens. We do not infer consumer health data from third-party sources, and we do not derive consumer health data from non-health sources (e.g. from location, contacts, or purchase history).

13.3 How we use it

Solely to operate the Service for you (storage and display of your own logs, computation of your macro targets, generation of meal plans, evaluation of keto streaks, delivery of streak reminders).

We do not sell or share your consumer health data with any third party for that party’s own purposes. The processors listed in Section 4 of this Policy receive consumer health data only to the extent necessary to provide infrastructure (AWS) or notification delivery (SNS, APNs) on our behalf, and they are contractually prohibited from using it for any other purpose.

We collect consumer health data only after you provide a separate, affirmative, opt-in authorization during signup. This authorization is distinct from your acceptance of the Terms of Use and from the acknowledgement of this Privacy Policy. The authorization is recorded with a date and time on your account record (healthDataConsentAt).

You may withdraw your authorization at any time by deleting your account (Section 7). Withdrawal terminates further processing immediately and triggers permanent deletion of all consumer health data we hold.

13.6 Your MHMDA rights

In addition to the rights in Section 6, you have the right to:

Confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data — covered by our Export feature (Section 6.1).
Withdraw consent to the collection or sharing of consumer health data — see Section 13.5.
Delete your consumer health data — covered by Section 7.
Appeal any denial of one of the above requests by replying to the email response we send. Unresolved appeals may be referred to the Washington State Office of the Attorney General at https://atg.wa.gov.
A private right of action under the Washington Consumer Protection Act for any violation of MHMDA.

13.7 No geofencing

We do not establish any geofence around any healthcare facility or in-person healthcare service.

13.8 No sale of consumer health data

We do not sell consumer health data and we have never done so. No “valid authorization for sale” form is provided because there is no sale.

13.9 Contact for MHMDA requests

Send all MHMDA requests, complaints, and appeals to privacy@ketoly.app with the subject line “MHMDA Request”. We will acknowledge receipt within 10 business days and respond within the 45-day window required by RCW 19.373.060, with one permitted 45-day extension where reasonably necessary.