PRIVACY POLICY

1. Overview

GI Studio ("the App") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Health data you enter: Meal logs, bowel movement records, symptom reports, medication tracking, expense logs, and daily check-ins. This data is entered manually by you and is never collected automatically.

Account information: Email address and authentication provider (Apple, Google, Facebook, or email). We store the minimum required to identify your account.

Device information: We collect your device timezone for accurate timestamp display. We do not collect device identifiers or location data.

Product-usage events: During private beta, we record lightweight product-telemetry events (screen opens, log creation counts, error frequencies, app version) to understand how the App is performing. These events do not contain the free-text content of your logs, photos, or medical information. You may opt out in Settings → Share Anonymous Usage Data, or request opt-out by emailing us.

Photos: If you attach photos to meal logs, they are stored securely and associated with your account. Photos are never shared or used for any purpose other than displaying them back to you.

3. How We Use Your Data

• To display your health logs and generate personal insights
• To sync your data across your devices
• To generate correlation reports between meals, symptoms, and bowel patterns
• To enable physician export features when you choose to share data with your healthcare provider

We do not use your data for advertising, marketing, or training AI models.

4. Data Storage and Security

Your data is stored in Supabase (hosted on AWS infrastructure). All data is protected by:

• Row Level Security (RLS): Database policies ensure only you can access your data
• Encryption in transit: All connections use TLS/HTTPS
• Encryption at rest: Database storage is encrypted at the infrastructure level
• Authentication: All API requests require a valid user session

Sensitive credentials (API keys, authentication tokens) are stored in your device's secure Keychain, not in plain text.

5. Data Sharing

We do not sell, rent, or share your personal health data with any third party. Your data may be processed by the following service providers solely to operate the App:

• Supabase: Database hosting and authentication (US region, AWS infrastructure)
• Apple: App distribution, authentication (Sign in with Apple), and payment processing
• Vercel: Web dashboard hosting
• OpenAI and Anthropic: When you explicitly request AI enrichment of a meal, the meal text (and photo, if attached) is sent to the selected provider to generate nutrition and FODMAP estimates. No account or identity information is sent. You can disable AI enrichment at any time in Settings → AI Providers.
• Postmark: Delivers and receives support email when you submit feedback from Settings → Talk to Us.

Physician sharing: GI Studio includes a feature that lets you generate a time-limited, read-only link to share selected health data with your healthcare provider. You control exactly what data is included, who receives the link, and when it expires. No data is shared with any physician unless you explicitly initiate it. You may revoke access at any time.

5a. Clinical Disclaimer

GI Studio is a self-tracking tool and is not a medical device. FODMAP scores, meal-sensitivity estimates, and correlation insights shown in the App are generated by AI and statistical models — they are informational only, not medically validated, and not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified clinician before changing your diet, medications, or treatment plan based on information in the App.

6. Data Architecture

Your account identity (email, authentication, subscription status) and your health data (symptom logs, meal records, bowel events) are stored in separate logical partitions. This separation ensures that a compromise of one system does not expose a complete user profile.

7. Data Retention and Deletion

Your health data is retained for as long as your account is active, up to a maximum of 2 years from the date of entry. When you delete data or your account:

• Deleted entries are soft-deleted immediately (hidden from all views)
• Soft-deleted data is permanently and irreversibly purged from all systems within 90 days
• Account deletion removes all health data, authentication records, and subscription state

You may request earlier deletion at any time.

8. Your Rights

You have the right to:

• Access: View all data associated with your account within the App
• Export: Download your data at any time via the data export feature — this is a free feature, not a premium add-on, because your data belongs to you
• Delete: Request complete deletion of your account and all associated data
• Correct: Edit or update any health log entries at any time
• Revoke: Cancel any physician share token you have issued

To exercise these rights, use the in-app settings or contact bsewell@gmail.com.

9. Breach Notification

In the event of a data breach affecting your personal health data, we will notify affected users via email within 72 hours of discovery, in compliance with the FTC Health Breach Notification Rule. The notification will include: what data was affected, what we are doing to address the breach, and what steps you can take to protect yourself.

10. Children's Privacy

GI Studio is not intended for use by children under the age of 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated through the App or via email. The effective date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related questions or data deletion requests, contact us at bsewell@gmail.com.