Privacy Policy

Effective Date: 27 July 2025  |  Last Revised: 27 July 2025

1 · Who we are

GutApp Ltd. operates the GutApp mobile and web applications. We help users track fibre and plant-based foods for general wellness; GutApp is not a medical device.

Contact: support@gutapp.app

2 · Data we collect

  • Account: email address and OAuth provider ID (Apple or Google).
  • Profile: nickname, age band, gender, dietary settings.
  • Logs: records of your meals (including meal titles, dates, optional photos, and ingredient details), nutrition values (such as fibre, protein, vitamins, minerals), bowel patterns (frequency and timing), gut symptoms (type and frequency), allergies, health data (BMI, height, weight, activity level), and goals you set. Optional meal and stool photos are processed only with explicit consent and may be considered special-category data.
  • Device & usage: device model, OS, IP address, session analytics, crash reports.
  • Payments: App Store / Play receipt IDs.
  • Support: emails and chat history.

3 · Why we use your data

  • Provide and secure the Service  —  legitimate interests / contract
  • Personalised nutrition insights  —  consent / explicit consent
  • Subscription billing  —  contract / legal obligation
  • Analytics & crash diagnostics  —  legitimate interests
  • Marketing emails (opt-in)  —  consent

4 · Sharing

We share data only with vetted processors such as Supabase (EU hosting) and Mixpanel (US analytics via SCCs). We do not sell your data. Legal disclosures occur only when required.

5 · International transfers

If data leaves the UK, we rely on UK GDPR Standard Contractual Clauses or adequacy regulations.

6 · Retention

Account and log data are deleted three years after your last activity or immediately on account deletion; backups purge 30 days later. Payment records stay six years for tax.

7 · Your rights

You can ask to access, correct, delete, restrict, or export your data, or object to processing. Withdraw consent at any time in-app or by emailing us. You may complain to the ICO (ico.org.uk).

8 · Cookies

Essential cookies keep you logged in; analytics cookies load only after you accept them in the banner.

9 · Security

Data in transit is protected by TLS 1.3; at rest by AES-256. We do not store any passwords. Authentication is handled securely via Supabase OAuth with Apple and Google only. Access is role-based and audited.

10 · Changes

We will give 30 days’ notice of material changes to this policy.

11 · Contact

Email support@gutapp.app for any questions or to exercise your rights.