GutTune Privacy Policy

This Privacy Policy explains how we collect, use, share, and protect information about you when you use:

• The GutTune mobile application and related services, and
• Our website at guttune.com (including any subpages).

This policy does not cover third-party sites/services that we don't control.

1) Information you provide

• Account details (optional): single-sign-on identifier (e.g., Apple/Google).
• Health & lifestyle logs (sensitive data): Meals, ingredients, symptoms, stool entries, free-text notes, and any media you choose to attach (e.g., meal photos).
• Support requests: Messages you send to us (email or in-app).

2) Information collected automatically

• Device & app info: Device model, OS version, app version, language, time zone.
• App interactions & diagnostics: Crash logs, performance metrics, and basic usage events (e.g., feature use) to improve stability and user experience.
• Website data (cookies/analytics): If you visit guttune.com, we may use cookies or similar technologies for essential site functions and to understand aggregate traffic. You can control cookies in your browser settings.

3) Information from third parties

• Sign-in with Apple/Google (if you choose): We receive a unique identifier and basic profile details you allow them to share.
• AI meal analysis: The specific meal text you submit for analysis is shared with our AI provider solely to return the requested result.

GutTune is local-first. By default, your entries are stored in a local database on your device. If you enable Cloud Sync, your entries (including sensitive health data) will be securely transmitted and stored with our cloud provider (currently Supabase). Turning off sync prevents further uploads but does not automatically delete data already stored in the cloud—see Your Rights & Choices for deletion.

We use your information to:

• Provide the service: Store your logs; render charts and insights; enable backups and multi-device access via optional sync.
• AI insights (when you ask for them): Classify meals and surface patterns to help minimize flare-ups.
• Improve and secure the App: Diagnose crashes, analyze performance, prevent fraud or misuse, and develop new features.
• Communicate with you: Send transactional emails (e.g., account notices), respond to support requests, or deliver optional tips and product updates (you can opt out).
• Legal compliance: Comply with legal obligations and enforce our terms.

We do not use your sensitive health data for advertising and we do not sell personal information.

If you are in the EEA/UK, we process your data under these legal bases:

• Consent: Health/sensitive data (e.g., symptoms), AI analysis, and optional cloud sync.
• Contract: To provide the App and requested features.
• Legitimate interests: Security, debugging, product improvement (balanced against your rights).
• Legal obligation: Where laws require us to retain or disclose information.

You can withdraw consent at any time in the App settings (for sync/AI features) or by contacting us.

Your logs may reveal information about your health. We process this only to provide the App features you choose (e.g., symptom tracking, AI insights), and only with your consent. You can use GutTune offline and decline AI features at any time.

When you request AI analysis (e.g., meal classification), GutTune sends the minimum necessary text to our AI provider [OpenAI or current provider] to generate a result. We configure the provider to not use your content to train their models where such controls are offered. AI outputs are suggestions for educational purposes and are not medical advice.

We share information only as described below:

Service providers (processors):

• Cloud storage & database: Supabase (if you enable sync).
• AI processing: [OpenAI / current AI provider] (only when you request AI analysis).
• Error reporting & analytics: Crash/diagnostic tools to keep the App reliable.

These providers access data only to perform services for us under contract.

• Legal & safety: If required by law or to protect rights, safety, and the integrity of our services.
• Business transfers: In a merger, acquisition, or asset sale, your data may be transferred under this Policy's protections.

We do not sell your personal information and do not share it with third-party ad networks for targeted advertising.

• On device: Your local data remains until you delete it or uninstall the App.
• Cloud (if enabled): We retain synced records until you delete them from the App or request deletion.
• Diagnostics: Crash and performance logs are typically retained for a limited period (e.g., 30–180 days) to analyze issues.
• Accounts: If your account is inactive, we may contact you before deleting cloud data after a reasonable period.

We may retain limited information as required by law (e.g., records of a deletion request).

In the App

• Stay local-only: Keep sync off to avoid cloud storage.
• Export: Export your data (e.g., CSV/PDF) from the App where available.
• Delete: Delete specific entries, or delete all synced data, and/or close your account.
• Permissions: Control camera, photo library, and notification permissions in your device settings.

By contacting us

Email wholegastro@gmail.com to:

• Access a copy of your data (where feasible)
• Correct inaccurate information
• Delete your account and cloud-stored data
• Port your data in a machine-readable format
• Object or restrict certain processing

We will verify your identity before acting on requests.

Region-specific rights

• EEA/UK (GDPR/UK GDPR): You have rights to access, rectification, erasure, restriction, portability, and objection. You can lodge a complaint with your local supervisory authority.
• California (CPRA): Right to know, delete, correct, data portability, and to opt-out of "selling" or "sharing" personal information and to limit the use/disclosure of sensitive personal information. We do not "sell" or "share" personal information as defined by CPRA.
• Nigeria (NDPA/NDPR): Rights to access, correction, deletion, portability, and to object to processing. You may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

We may process and store information in countries other than where you live (for example, where our cloud or AI providers host). When we transfer personal data internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses or equivalent mechanisms) as required by applicable law.

We use technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) for communications with our services
• Encryption at rest where supported by our providers
• Local-first design: Your logs can remain on-device if you prefer
• Access controls for our staff and systems

No system is perfectly secure. If we discover a security incident affecting your data, we will notify you and regulators as required by law.

GutTune is not intended for children under 13 (or the age required by your country). If you are a minor, you must use the App with a parent/guardian's consent. If we learn we have collected personal information from a child without appropriate consent, we will delete it.

Our website may use necessary cookies for core functions and optional analytics cookies to understand aggregate usage. You can control cookies through your browser. The App itself does not rely on browser cookies.

The App and website may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

Your browser may send "Do Not Track" signals. We currently do not respond to DNT signals. You can manage cookies and tracking through your browser and device settings.

We may update this Privacy Policy to reflect changes in our practices or for legal, technical, or regulatory reasons. We will post the updated version on guttune.com with a new effective date, and, where required, notify you in-app or by email. If changes materially affect your rights, we will request consent where required.

Depending on how you use GutTune, the App may request these permissions:

• Camera / Photos: Attach meal photos to entries.
• Notifications: Send reminders to log entries or complete daily check-ins.

You can revoke these in your device settings at any time.

• Export: In the App, use Settings → Export to download your logs (CSV/PDF where available).
• Delete device data: Use Settings → Delete Local Data (irreversible).
• Delete cloud data (if sync enabled): Use Settings → Cloud Sync → Delete Synced Data and/or email us.
• Close account: Email us to delete your account and associated cloud records.