Privacy Policy

1. Introduction

Gut Fix ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered gut health application.

2. Information We Collect

Personal Information

• Email address and name (for account creation)
• Health symptoms and conditions you provide
• Dietary preferences and restrictions
• Current medications and supplements
• Protocol progress and daily check-in data
• Food diary entries

Wearable Device Data (Whoop Integration)

If you choose to connect your Whoop device, we access:

• Recovery scores and trends
• Heart rate variability (HRV) data
• Sleep performance and duration
• Daily strain scores
• Resting heart rate

We do not access continuous heart rate data or raw sensor data. You can revoke Whoop access at any time in Settings.

Genetic Data (DNA Analysis)

If you upload a DNA file (from 23andMe, AncestryDNA, or similar), we process your genetic data to analyze specific health-relevant SNPs (single nucleotide polymorphisms). We store only the computed analysis results (risk assessments and recommendations) — raw genetic data is processed server-side and is not permanently stored. You may request deletion of your DNA analysis at any time.

Payment Information

Payment processing is handled entirely by Stripe. We never store, process, or have access to your credit card numbers. We only store your Stripe customer ID and subscription status.

3. How We Use Your Information

• Personalized Protocols: Generate gut health recommendations based on your symptoms, diet, and health data
• AI Analysis: Provide contextual AI-powered troubleshooting and coaching using your health data
• Biometric Insights: Correlate Whoop wearable data with gut health patterns when connected
• Progress Tracking: Monitor your healing journey over time through daily check-ins and food diary
• Safety Checks: Detect supplement contraindications and die-off reactions

4. AI Data Processing

Your health data (symptoms, medications, protocol context, and wearable biometrics) is sent to Anthropic's Claude AI for analysis when you use AI features such as protocol generation and the troubleshooting chat.

• Anthropic does not use API data for model training
• Data sent to Anthropic is retained for up to 30 days for safety monitoring, then deleted
• We do not send your email, name, or payment information to Anthropic — only health-relevant context

5. Data Storage and Security

Your data is stored securely on Supabase (hosted on AWS infrastructure in the United States) with encryption at rest and in transit (TLS 1.2+). All database tables are protected with Row-Level Security (RLS) policies, ensuring your data is only accessible to your authenticated account.

Wearable device tokens are stored securely and used only to fetch your data on your behalf. We do not share your personal health data with third parties for marketing or advertising purposes.

6. Data Retention

We retain your data as follows:

• Active accounts: Data is retained as long as your account is active
• After account deletion: All personal data is permanently deleted within 30 days of your deletion request
• DNA analysis: Deleted immediately upon request or within 30 days of account deletion
• Anonymized analytics: Aggregated, non-identifiable usage data may be retained for service improvement

7. Third-Party Services

We integrate with the following services:

• Whoop: Wearable health data (with your explicit consent via OAuth)
• Anthropic (Claude AI): AI-powered health insights and protocol generation
• Supabase: Secure database and authentication
• Stripe: Payment processing (PCI DSS compliant)

8. Cookies and Tracking

Gut Fix uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party marketing trackers. We may use privacy-friendly analytics to understand general usage patterns without tracking individual users.

9. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you
• Export: Download your data in a portable format (JSON)
• Deletion: Request permanent deletion of your account and all associated data
• Correction: Update or correct inaccurate information
• Revocation: Disconnect wearable integrations at any time
• Opt-out: Opt out of data processing for specific purposes

To exercise these rights, use the Data Management options in Settings or email us at the address below.

10. International Data Transfers

Your data is stored on servers in the United States. If you are located outside the United States (including the EU/EEA or UK), your data will be transferred to and processed in the United States. By using Gut Fix, you consent to this transfer. We implement appropriate safeguards to protect your data in accordance with applicable data protection laws.

11. Age Restrictions

Gut Fix is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a minor, we will promptly delete it.

12. Health Data Disclaimer

13. Data Breach Notification

In the event of a data breach that affects your personal health information, we will notify affected users via email within 72 hours of confirming the breach. The notification will include the nature of the breach, the data affected, and the steps we are taking to remediate it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes affecting your data rights, we will provide notice via email.

15. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at: privacy@gutfix.ai