Privacy Statement

  1. Important information and who we are
  2. Third-party links
  3. Information we collect from you
  4. How is your personal data collected?
  5. Why do we use your personal data?
  6. How do we use your personal data?
  7. Aggregated data
  8. Promotional offers from us
  9. Disclosure of your information
  10. Data Security
  11. How long we store your personal data for
  12. Your rights
  13. Deleting Personal Data
  14. Objecting to Processing
  15. Restriction of processing
  16. Unsubscribing from the Ooni mailing list
  17. Complaints
  18. Changes to our privacy statement
  19. Contact us
  20. US Addendum

Ooni respects your privacy and is committed to protecting your personal data (which includes ‘personal information’). This privacy statement informs you how we look after your personal data when you visit our website, purchase goods from us, or use our mobile app, including when you pair your oven with the Ooni app via Bluetooth® wireless technology. It will also tell you about your privacy rights and how the law protects you.

At Ooni, we recognise and respect the importance of your privacy and want you to know what your personal data is being used for and that it is being kept safe. As a UK headquartered company with global distribution, we comply with relevant data protection laws and relevant principle (see further details of relevant compliance and contactsby country here.

Please read the following carefully to understand our views and practices regarding your personal data and how we treat it. You should read this privacy statement, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so you are fully aware of how and why we are using your personal data.

Our California and other US State Privacy Addendum ("US Addendum") supplements this Privacy Policy. The US Addendum is for individuals residing in certain US states and is designed to help you better understand how we collect, use, and disclose your personal information and, depending on how you interact with Ooni and where you reside, how to exercise available rights under various applicable privacy laws in the US, such as the California Consumer Privacy Act. If you are a California resident, click here to view the “Notice to California residents” section for additional information provided pursuant to California law.

If you do not agree with any term in this policy, please do not use the website or our app or submit any personal data to us.

Important information and who we are

We are Ooni Limited. We are a company incorporated and registered in England. Our company number is 08316049. Our registered address is 105 Hopewell Business Centre, Unit 20, Hopewell Drive, Chatham, Kent, ME5 7DX, United Kingdom. Our correspondence address is Unit 5, Ooni Park, 189 W Main St, Broxburn EH52 5LH, United Kingdom.

This privacy policy is issued on behalf of the Ooni group. When we refer to “we”, “us” or ”our” in this policy, we are referring to Ooni Limited and the following group companies:

  • Ooni GmbH
  • Ooni NZ Limited
  • Ooni Pty Limited
  • Ooni Canada Inc
  • Ooni, Inc.

We are the data controller in relation to the personal data you provide to us.This means we determine the purposes and the way in which your personal data is, or will be, processed.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or practices. When you leave one of our websites, we encourage you to read the privacy notice of every website you visit.

Information we collect from you

The personal data we may collect about you includes:

  • Identity Data:Includes full name, email or similar identifier, as well as login or viewing history.
  • Purchase Data:When you purchase something from us, we collect your name, billing address, delivery address, phone number and email address.
  • Account Data:You may also create an Ooni account to purchase Ooni products, create a wishlist, access and save recipes, as well as enjoy other account benefits such as our loyalty rewards. When you do this we only collect your name, email address, and country, but you can add your postal address, phone number and date of birth at any time.
  • Ooni Oven Data:If you pair your Ooni oven with the Ooni connect tab of our app, we may collect and process personal data including, but not limited to, your cook session ratings, cook dates, cook session start and end times, cook notes, cook pictures, and location.
  • Notification Data: If you accept marketing notifications on our app, we collect the device ID for your mobile phone to allow us to send you useful notifications. Other, functional notifications (for example, setting an app alert) may also allow us to collect personal data, including the device ID for your mobile phone.
  • Social media account handle:When you interact with us on social media platforms (e.g. Facebook, Twitter, Instagram), we may process your social media account handle and any other personal data you share with us on the relevant platform.
  • Correspondence & Special Category Data: If you contact us, we will keep a record of that correspondence. This may occasionally include special category data that you voluntarily give to us, (including any data you share when communicating with our customer service team - e.g. if you report an incident related to using an Ooni product you may provide us with health data for the purposes of explaining that incident). By providing this data, we assume that you are giving your explicit consent for us to process the information for the purpose of investigating and resolving the issue. You have the right to withdraw your consent at any time and we will cease processing any of your special category data once we receive your request, unless we are required to retain the data for legal or regulatory purposes.
  • Product Development Data:If you participate in reviewing or testing our products, or work with us as a brand ambassador (or in a capacity as a marketing or promotional partner), we may process data relating to your interactions with our products and us. This may include the content of interviews with you, as well as photographs and videos we may take or you might share with us.
  • Marketing Data:If you consent or are subscribed to receiving updates about our brand, products and other changes we (or our select partners) may use your name and email address to send you such updates by email.
  • Payment Data:If you are an existing customer, we will ask you if you would like us to store your payment card information to speed up the transaction process of future purchases.
  • Technical Data: When you browse our website or use our app, we may collect some technical information about your visit to our website or use of our app. For example, this could include, but is not limited to, the IP address used to connect your computer to the internet, your browser type and version, time zone setting and location, and your browser plug-in types and version, phone operating system, software version and phone type.

Our services are not directed at children and we will not process the personal data of children as part of providing our services.

If you provide personal data to us about someone else (such as a member of your family, including a child) you should ensure that you are entitled to disclose that personal data to us and that, without taking any further steps, we may collect, use and disclose that personal data as described in this privacy statement.

How is your personal data collected?

We collect most personal data from and about you through:

  • Direct interactions: When you give us your personal data by filling in forms or by corresponding with us in person, by electronic communications including email, social media and through our app, by phone, by post, in person or otherwise. This includes personal data you provide when you:
    • apply for or purchase our products or services;
    • create an account with us;
    • subscribe to our service or publications;
    • request marketing communications be sent to you;
    • enter a competition, promotion or survey;
    • participate in testing our products;
    • become a brand ambassador;
    • pair your Ooni oven with the Ooni connect tab of our app;
    • give us feedback or leave reviews; and/or
    • contact us.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your device, browsing activity and patterns. We may collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy for further information.
  • Third parties or publicly available sources. We may also receive personal data about you from various third party sources, including:
    • publicly accessible sources such as electoral registers;
    • analytics providers such as Google Analytics; and
    • third party organisations with your consent, such as your bank of building society.

Why do we use your personal data?

We will only use your personal data if we have a proper legal reason to do so. Most commonly, we will use your personal data in the following circumstances:

      • to perform a contract we are about to enter into or have entered into with you (i.e. when you purchase something from us);
      • to comply with a legal or regulatory obligation;
      • where we have your consent to do so;
      • at any time by contacting us or unsubscribing to relevant communications; and
      • for our legitimate interests (or those of a third party) where your interests and fundamental rights do not override those interests.

There may be additional reasons which will be notified to you where they apply.

How do we use your personal data?

We may use your personal data in the following ways:

Purpose / Activity Type of Data Lawful Basis
To set up and run your account Account data Our legitimate interest to improve the customer experience of ordering our products
To process your order and register your product Purchase data
Correspondence data
Payment data		 Performance of a contract with you
To store payment cards Purchase data
Payment data		 Consent
To prevent fraudulent transactions Purchase data
Payment data		 Our legitimate interest to prevent and combat fraudulent actions
To solve customer service requests and issues Identity data
Account data
Purchase data
Correspondence data		 Performance of a contract with you;
Consent where applicable
To send you marketing emails and notifications Marketing data
Technical data
Account data
Notification data		 Consent (You have the right to withdraw your consent and/or change your data preferences at any time by contacting us)
Our legitimate interest to promote, and provide information about, our products and services
To allow your participation in promotions, competitions, or prize draws Account data
Purchase data
Correspondence data		 Performance of a contract with you
To use cookies in accordance with our Cookie Policy Technical data Consent for those cookies that are not strictly necessary
To interact with you on social media Social media account handle Our legitimate interest to improve the quality of our customer interactions
To market existing customers about similar products or services Purchase data
Marketing data		 Our legitimate interests to support customer retention and improve customer interactions
To market using Custom Audiences on digital platforms Marketing data Consent
To undertake market research and analytics, both in-house and using third party partners, such as Experian Identity data
Account data
Purchase data
Marketing data
Technical data
Social media account handle		 Our legitimate interest to improve our understanding of our customer base so we can improve our products and how we market them
To allow our third party service providers to contact you with suggestions and recommendations about services that may be of interest to you Marketing data Consent
To allow our third party service providers, such as those providing online pizza courses, to contact you with information about the course and follow-up information Purchase data Performance of a contract with you
To receive customer reviews and carry out product research and development Account data
Purchase data
Correspondence data
Product development data		 Our legitimate interest to develop and test new products, to improve existing products, and to process and publish the reviews so that prospective customers are better informed about our products
To facilitate the use of the Ooni connect tab on our app by pairing your Ooni oven with our app Account data
Ooni oven data
Notification data		 Our legitimate interest to better understand our customers, promote and improve our products and services, and support you if you need our help
To review and monitor cook session ratings posted on our app to provide support to customers. Account data
Ooni oven data
Notification data		 Our legitimate interest to better understand our customers, promote and improve our products and services, and support you if you need our help
To record the last time a customer used their Ooni oven (date) and the last time a customer created a cook session (date) to understand at a basic level how customers engage with the functionality of the Ooni connect tab. Account data
Ooni oven data
Notification data		 Our legitimate interest to better understand our customers, promote and improve our products and services, and support you if you need our help

*A Custom Audience is a type of audience made up of our existing customers' demographics and information, that we might use to target new audiences.

We may also use your personal data to obtain a profile of your different interactions with us and to understand your preferences. This is necessary for our legitimate interests of personalising your experience and for tailoring the content, offers and promotions we send to you.

Our processors or third parties may use your personal data for the reasons above on our instructions. Processors and third parties may include e-commerce platforms and apps, customer data platforms, authentication services, delivery and logistics providers, CRM and ESP systems, and professional advisors (e.g. IT, legal, and financial).

Aggregated data

We also collect information in an aggregated form (so that no individual is identified) for statistical analysis to allow us to understand our customers and improve our services and performance, including the functionality of our website, app, and user experience. Activity on our app is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include but is not restricted to: the amount of clicks on a certain page of the website or app, the clicking of links within emails, the website or the app, and times, dates and frequency of activity.

The legal basis for processing your personal data (as well as pseudonymised or anonymised information generated from your personal data) in this way is that it is necessary for our legitimate interests of providing a better experience for you and other users of our website and app, promoting our products and services and understanding our customers and users of our website and app. We will retain this information for as long as is necessary for the relevant activity.

 

Promotional offers from us

We may use your Identity, Contact, Social Media, Marketing and Technical Data to form a view on what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing messages sent to you or by contacting us at any time. For California consumers, please see our “Notice to California residents”.

Disclosure of your information

We may have to share your personal information with third parties for the purposes set out in the table above, in the following circumstances:

      • External third-party service providers acting as processors who provide relevant services including:
        • Authentication services;
        • Payment services;
        • e-commerce platforms and apps;
        • Fraud prevention services;
        • CRM and ESP systems;
        • Customer data platforms;
        • Customer interaction platforms;
        • Online survey platforms;
        • Delivery and logistics providers;
        • Product testing and design agencies; and
        • Online pizza course providers.
      • To offer you different payment options (such as Klarna, Apple Pay and Google Pay), we will pass to the payment providers certain aspects of your personal data, such as contact and order details, in order for the payment provider to assess whether you qualify for their payment options and to tailor the payment options for you.
        • General information on Klarna can be found here.
      • Professional advisers, including lawyers, auditors and insurers who provide consultancy, legal, insurance and accounting services.
      • We use a service provided by NoFraud to prevent fraudulent transactions. NoFraud’s End User Privacy Policy, which may be updated from time to time, is available here.
      • When you create an account with us, we use the services of Auth0 to support account creation and authentication when you sign into our website, app, or other digital platforms. Auth0’s privacy statement can be found here.
      • HM Revenue & Customs (HMRC), Inland Revenue Service (IRS) and other relevant national and local law enforcement agencies, regulators and other authorities acting as processors, controllers or joint controllers who require reporting of processing activities in certain circumstances. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
      • With our group companies, or other third parties, where the law permits us to do so.

Where we use third parties, we will ensure that appropriate provisions are put in place to protect the security of the personal information being held on our behalf and to ensure that the third parties do not use the personal information for their own purposes. The third parties will only process your personal information on our instructions and will be subject to a duty of confidentiality. We may, in certain circumstances, share your personal information with third parties outside of the UK, subject to appropriate safeguards being put in place.

Data Security

To protect your personal data from being accidentally lost, stolen, used or accessed in an unauthorised way, altered, copied or disclosed, we have put in place appropriate security measures, in accordance with industry best practice. In addition, we limit access to your personal data to only those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

All information you provide to us is stored securely, including on secure servers. Any payment transactions are encrypted and we only use trusted third parties with whom we have legally binding contracts in place.

To help protect the privacy of data and personally identifiable information you transmit through use of this website, we maintain physical, technical and administrative safeguards.

How long we store your personal data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for as set out in this privacy statement.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data sooner: see Deleting personal data below for further information.

 

Your rights

You have a number of rights in relation to your personal data and, depending on your jurisdiction, these rights may include but are not limited to:

  1. Right to know how your personal data is being used
  2. Right to receive a copy of your personal data in a structured, commonly used and machine readable format
  3. Request correction (rectify, update, modify) of your personal data
  4. Request deletion of your personal data in certain circumstances
  5. Object to the processing of your personal data and/or withdraw consent
  6. Request restriction of processing of your personal data in certain circumstances (for example, if you don't think the data is accurate)
  7. Request the transfer of your personal data to a third party in certain circumstances

If you wish to exercise any of the rights set out above, please contact us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Deleting Personal Data

You may ask us to delete or remove personal data where there is no legitimate reason for us continuing to process it. This is more commonly known as the ‘right to be forgotten’.

You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law.

Please note, however, that we may not always be able to comply with your request to delete or remove personal data for specific legal reasons, which we will advise you of, if applicable, at the time of your request.

Objecting to Processing

You have the right to stop us processing your personal data for direct marketing purposes. You can usually exercise your right to prevent such marketing by checking/unchecking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.

Restriction of processing

This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  1. if you ask us to establish the data's accuracy;
  2. where our use of the data is unlawful but you do not want us to erase it;
  3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  4. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you are a California resident, you have the right to opt-out of the sale or sharing of personal information by Ooni to third parties, and the right to limit the use and disclosure of sensitive personal information. To opt-out of sales or sharing, you can click on the "Cookie Preferences and Do Not Sell or Share My Personal Information" link and set your cookie preferences to "Required" or you can configure your browser so that it always rejects cookies or asks you each time whether you want to accept them or not. You may also contact us or call our CCPA toll-free number, +1 888-533-0752, and we can support your personal data requests and rights.

Ooni does not knowingly sell or share the personal data of children under the age of 16.

Unsubscribing from the Ooni mailing list

If you'd like to unsubscribe from the Ooni mailing list, click the 'unsubscribe' link at the bottom of Ooni emails you receive, or email us at support@ooni.com.

Withdrawing consent

Where we are relying on consent to process your personal data you can withdraw your consent at any time. Please note that this will not affect the lawfulness of any processing carried out before you withdrew your consent. You can also exercise the right at any time by contacting us.

Complaints

You have the right to complain to a supervisory body. The relevant authority in the UK is the Information Commissioner’s Office (ICO). For other authorities by country see our table.

If you do have a complaint, we would appreciate the chance to deal with your concerns before you approach the ICO or relevant authority, so please contact us in the first instance if possible.

Changes to our privacy statement

We may update this notice from time to time by posting a revised version on our site. The revised version will be effective at the time we post it.

Contact us

Data Protection Officer (DPO): Ooni has appointed Trace, a Datavant company, as our named DPO (or ‘privacy officer’) and point of contact for data subjects and supervisory authorities. Questions, comments and requests regarding this policy are welcomed and should be sent to us at support@ooni.com, or via post at Ooni HQ, Bishopsgate Business Park, 189 West Main Street, Broxburn, EH52 5LH, marked for the attention of the Data Protection Officer.

Ooni is a global company, with worldwide online and third party distribution. We also have physical locations (registered offices, premises) which are listed below alongside the relevant data protection legislation and authority for your reference:

Country Ooni entity and registered address Relevant data protection and privacy legislation and principles we comply with Data protection authority
UK Ooni Limited (Company No. 08316049), a company registered in England with its registered address at 105 Hopewell Business Centre Unit 20, Hopewell Drive, Chatham, Kent, ME5 7DX. The UK General Data Protection Regulation 2016/679 ("UK GDPR") and national laws implementing UK GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data The Information Commissioner’s Office (ICO)
Europe Ooni GmbH (Company No. HRB 98327), a company registered in Germany, with its registered address at Simrockstraße 11, 53113 Bonn, Germany. The EU General Data Protection Regulation (GDPR) The German Federal Commissioner for Data Protection and Freedom of Information
A list of Europe’s data protection authorities can be found here.
New Zealand Ooni NZ Ltd (Company No. 8367081), a company registered in New Zealand, with its registered address at Tompkins Wake, Level 17, 88 Shortland Street, Auckland Central, Auckland, 1010, New Zealand The Privacy Act (New Zealand) 2020 New Zealand Privacy Commissioner
Australia Ooni Pty Ltd (ACN 660203832), a company registered in Australia with its registered address at Macpherson Kelley, Level 7, 600 Bourke Street, Melbourne VIC 3000 The Privacy Act 1988, and the Australian Privacy Principles (APPs) Office of the Australian Information Commissioner
Canada Ooni Canada Inc. (Company No. 1000246600), a company registered in Canada with its registered address at 66 Wellington Street West, Suite 4100, Toronto, Ontario, Canada, M5K 1B7 The Personal Information Protection and Electronic Documents Act (PIPEDA) Office of the Privacy Commissioner of Canada
USA Ooni Inc., a company registered in Delaware with its registered address at 2140 South Dupont Hwy, Camden, Delaware 19934, United States of America. In the USA privacy laws are state specific, relevant compliance for Ooni is the CCPA (see details in addendum) Federal Trade Commission
California: The California Privacy Protection Agency

US Addendum

To learn more about our practices in connection with the collection, processing, and disclosure of personal information relating to US consumers, continue to read below.

Notice to California residents

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (the “CCPA”), as amended by the California Privacy Rights Act of 2020 (together, we refer to them as “the CCPA/CPRA”). The Ooni privacy statement describes Ooni’s general privacy practices, provides an explanation of your data rights and addresses the required disclosures about your personal data under the CCPA/CPRA.

This notice provides you with additional information specifically on the CCPA/CPRA provisions related to the “sale” and “sharing” of personal data and on the collection, use and disclosure of sensitive personal information. You have the right to request information about how Ooni collects, processes, and shares your personal information (for further details see the ‘Your rights’ section of this privacy policy), and under the California Shine the Light Law you have the right to ask us once a year if we have shared personal information with third parties for their direct marketing purposes during the preceding calendar year. To exercise any of your data rights, please contact us or call our CCPA toll-free number, +1 888-533-0752.

Sensitive personal information, and personal information under California law

When we collect sensitive personal information as that term is defined by the CCPA/CPRA, we use or disclose your sensitive personal information only for the permitted business purposes set forth in the CCPA/CPRA, such as to deliver your products as an Ooni customer. For more on our purposes for data collection and retention, see the relevant section ‘How we collect your data’ in the privacy policy.

Sale of personal information under California Law

We do not sell personal information as the term “sell” is commonly understood. Under the CCPA/CPRA, a “sale” is defined to include disclosures of personal information to a third party for monetary or valuable consideration.

Sharing of personal information under California law

Under the CCPA/CPRA, “sharing” is defined to include disclosures of personal information to a third party for cross-context behavioural advertising. As you interact with our website, we may automatically collect technical data about your device, browsing activity and patterns. We collect this personal information by using cookies and other similar technologies and we may share it with our partners for cross-context behavioural advertising. This activity may qualify as “sharing” under the CCPA/CPRA. You can make choices to allow or prevent such uses and opt out; depending on your choices, during the past twelve months, we may have “shared” information to advertising networks, data analytics providers, social networks and advertising partners for cross-context behavioural advertising within the following categories defined by the CCPA/CPRA:

  • Internet or other similar network activity relating to your interactions with our website
  • Identifiers and location information, such as your IP address
  • Inferences about your interests

Personal Information We Collect and Disclose

As defined by the applicable state privacy laws (e.g. California, Colorado, Connecticut, Virginia, Utah, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Nevada, Oregon, Tennessee, Kentucky, Maryland, Minnesota, Rhode Island, Texas, Nebraska), “personal information” includes any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or an identified or identifiable individual.

In the past 12 months, Ooni has collected from consumers the categories of personal information described below. Ooni has processed these categories for the purposes described in the “How do we use your personal data” section. Ooni has disclosed personal information to the categories of third parties described in the “Disclosure of your information” section.

Categories of PI Collected Examples
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, device ID, mobile ad ID, browser ID, email address, account username, or other similar identifiers
Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Internet or other similar network activity Browsing details, search details, information about your interaction with the website, mobile application, or advertisement, including page views, clicking tendencies, and time spent on a page, and other similar event or session data
Personal information types listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number
Sensory data Voicemail or similar audio recordings, content of interviews with you as well as photographs and videos
Geolocation data The city and state associated with your IP address (not precise)
Inferences drawn from other information Inferences drawn from the above categories of information to create a profile about you reflecting your preferences or characteristics

Sensitive Personal Information

Information Type Examples
Information that reveals a consumer’s account log-in details Username and password
Information that concerns a consumer’s health Any details you choose to make available to our customer support team (e.g. mental or physical health status, religious beliefs)

The laws of some U.S. states regulate the handling of “sensitive personal information” or “sensitive data.” The section above describes the types of sensitive personal information we may collect and process, however not all categories of sensitive personal information or sensitive data are being collected in all states.

Applicable Retention Periods

For each category of personal information identified above, we will retain your personal information only for as long as necessary to fulfill your requests or the purposes for which it was obtained, as set forth in the “How long we store your personal data for” section.

Categories of Sources of Personal Information

Ooni collects these categories of personal information from the categories of sources mentioned in the “How is your personal data collected?” section.

Business or Commercial Purposes for Collecting and Disclosing Personal Information.

We collect and disclose the personal information described above for following business or commercial purposes mentioned in the “How do we use your personal data” section.

Sensitive Personal Information

As described above, Ooni uses and discloses certain “sensitive personal information” (as defined by the applicable state privacy laws). Ooni does not engage in “selling”, “sharing” or “targeted advertising” using any sensitive personal information or sensitive data. In some cases, we use or disclose sensitive personal information to solve customer service requests, and to prevent, detect, and investigate security incidents, resist fraudulent or illegal actions.

Selling, Sharing or Targeted Advertising of Personal Information

Ooni does not “sell” any personal information for monetary consideration, though some of our disclosures are considered “sales” in certain jurisdictions. In the past 12 months, Ooni has engaged in “selling”, “sharing” or “targeted advertising” (as those terms are defined by the applicable state privacy laws) using the following categories of personal information to advertising networks, data analytics providers, social networks and advertising partners for the purposes of serving you with targeted advertisements, either on behalf of us or third parties:

  • Identifiers, such as your IP address, device ID, browser ID, mobile ad ID, or other unique or personal online or electronic identifier associated with the means by which you access the website or mobile application.
  • Internet activity, such as browsing details, search details, information about your interaction with the website, application, or advertisement, including page views, clicking tendencies, and time spent on a page, and other similar event or session data.
  • Geolocation data, such as the city and state associated with your IP address.
  • How you interact with articles or products you view, your search terms, or how you otherwise choose to navigate or use one of our websites or mobile applications.

Please review the “Exercising Your Right to Opt-Out of ‘Selling/Sharing/Targeted Advertising’” section below for instructions on how to opt out.

Ooni does not have actual knowledge that it collects, processes, or engages in “selling”, “sharing” or “targeted advertising” personal information of consumers under 16 years of age.

Your Rights under the Applicable State Privacy Laws

Subject to exceptions, the applicable state privacy laws may provide consumers with the rights mentioned in the “Your Rights” section. Additionally, the applicable state privacy laws may provide consumers with the:

  • Right to Opt-Out of Selling/Sharing/Targeted Advertising: You have the right to request that we opt you out of the “selling”, “sharing” or “targeted advertising” of your personal information.
  • Right to Appeal: In the event we decline your verifiable consumer request, depending on the applicable law, you may have the right to appeal the decision. You may also be entitled to report the matter to the appropriate regulator in your state.

Exercising Your Rights under the Applicable State Privacy Laws

You may exercise your rights by submitting a verifiable consumer request as described in the “Your Rights” section. If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed permission from the consumer authorizing you to make the request.

As indicated above, please be aware that the applicable state privacy laws provide certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request.

The applicable state privacy laws require us to respond to a verifiable consumer request within forty-five (45) days of its receipt; however, we may extend that period by an additional 45 days.

Exercising Your Right to Opt-Out of Selling/Sharing/Targeted Advertising

You can request to opt-out of the ”selling”, “sharing” or “targeted advertising” of your personal information as follows:

  • For information collected from you through our use of automatic technologies on our websites or mobile applications: You can opt out by configuring the “Cookie Settings” link in the website footer or the mobile app settings menu accordingly, or by enabling the Global Privacy Control on your browser or device (to learn more: https://globalprivacycontrol.org/). Your actions only apply to the browser or device you are using to interact with our website or mobile application and not to other devices or browsers. If you clear your cookies or change your preferences on a particular browser or device, or use another browser or device to interact with our websites and mobile applications, you may need to complete the action again.

We do not engage in automated profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. As a result, the right to opt out of such activities may not be available.

Once a consumer makes a request to opt-out of selling/sharing/targeted advertising, we will honor such request for at least twelve (12) months before asking the consumer to reauthorize certain personal information usage.

Our Commitment Not to Discriminate

Consistent with the applicable state privacy laws, we will not discriminate against you for exercising any of your rights by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Consumer Health Data Notice

This Notice is provided pursuant to the Washington My Health My Data Act (RCW 19.373.005 to 19.373.900) and the Nevada Consumer Health Data Privacy Law (NRS 603A.400 to 603A.490). The laws of your state or country of residence may not regulate our handling of your consumer health data. As such, you may or may not be entitled to exercise or receive the rights and information described herein.

How We Collect Consumer Health Data

Consumer health data” is any personal information that is linked or reasonably linkable to a “consumer” (as that term is defined in applicable laws, but often meaning a resident of the state to which the law pertains) and that identifies the consumer’s past, present, or future physical or mental health status. Ooni may collect the following categories of consumer health data:

  • Individual health conditions, treatments, diseases, or diagnoses.
  • Receipt of health-related surgeries and procedures or post-surgery or -procedure care.
  • Data that identifies a consumer seeking health care services.
  • Other identifiable information that would constitute an information-type described above but is derived or extrapolated from non-health data.

You may provide Ooni with this information through your interactions with our customer support team.

How We Use Consumer Health Data

The above information is collected and used by Ooni for the purposes of providing you with the customer support services you requested. Ooni also uses the above categories of consumer health data for the purposes of:

  • Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with our websites and mobile applications and our services.
  • Protecting Ooni and/or its parent companies, affiliates, subsidiaries, retail partners, the general public, including investigating possible fraud, theft, violations of our terms, misuses of our websites or mobile applications and/or attempts to harm Ooni and/or its parent companies, affiliates, subsidiaries, organizational partners, or any individual.

How We Share Your Consumer Health Data

Ooni may disclose or transfer your consumer health data to vendors or service providers that process the information on Ooni’s behalf (e.g., customer interaction platforms). Additionally, Ooni shares consumer health data with the following categories of “third parties” (as that term is defined by applicable laws, but often meaning a party who is not a processor acting on our behalf):

  • Parties to a corporate transaction or proceeding, such as in the event of a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets of which consumer health data is among the assets being disclosed or transferred.
  • Law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to a valid legal process.
  • Professional advisers, including lawyers, auditors and insurers who provide consultancy, legal, insurance and accounting services.

How You Can Exercise Your Rights

Subject to certain exceptions, the laws of your state of residence may afford you the right to:

  • Confirm whether Ooni is collecting, sharing, or selling your consumer health data and to access such data, including a list of all third parties and affiliates with whom Ooni has shared or sold the consumer health data.
  • Withdraw consent from the collection or sharing of your consumer health data.
  • Delete your consumer health data.

Where the collection or use of your consumer health data is necessary for us to provide a product or service you have requested from us, such as handling customer support requests you’ve initiated, we may collect and use your consumer health data without your consent. If we collect or use your consumer health data for other purposes, however, we will obtain your consent for such processing, where the law requires us to do so.

Note, Ooni may deny your request if we are unable to authenticate you or your request using commercially reasonable efforts and may request that you provide additional information for authentication purposes. If Ooni can authenticate your request, it will comply with the request within 45 days of receipt of the request; provided that, Ooni may extend its response period by an additional 45 days when reasonably necessary, in which case you shall be notified of the extension.

If your request to exercise a right that you have under applicable laws is denied, you may appeal that decision by contacting us at support@ooni.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with your local attorney general.

For more information on Ooni’s use of cookies and similar technology, please see our Cookie policy.

Version: 3
Last updated: 9 December 2025