Privacy Policy

Last Updated: 28/11/2025

Introduction

Your privacy is our highest priority. This Privacy Policy explains how our IBD (Inflammatory Bowel Disease) health tracking application ("the App") handles your personal information and health data.

Our Core Privacy Commitment

What Data We Collect

1. Health Data Stored Locally on Your Device

The App allows you to track and store the following types of health information exclusively on your device:

• Symptom logs (pain levels, flare-ups, bowel movements, etc.)
• Medication tracking (dosages, schedules, adherence)
• Food diary entries
• Mood and energy levels
• Custom notes and observations
• Any other health metrics you choose to track

Important: This data is stored ONLY on your device using iOS's secure local storage. It NEVER leaves your device and is NEVER transmitted to us or anyone else.

2. HealthKit Integration (Optional)

If you choose to enable HealthKit integration, the App may:

• Read health data from Apple Health (with your explicit permission)
• Write health data to Apple Health (with your explicit permission)

Important: HealthKit data exchange occurs entirely on your device between the App and Apple Health. No HealthKit data is transmitted to external servers. Your HealthKit data remains under your control as per Apple's privacy guidelines.

We do not have access to any data stored in Apple Health or any data you choose to sync with Apple Health through our App.

3. Anonymous Transaction Data

When you make in-app purchases or subscribe to premium features, payment processing is handled by RevenueCat and Apple's App Store.

What we can see:

• Anonymous transaction records (that a purchase occurred)
• Subscription status (active, expired, canceled)
• General analytics (number of subscribers, revenue totals)

What we CANNOT see:

• Which specific user made the purchase
• Your personal identity linked to transactions
• Your health data or app usage patterns
• Payment information (credit cards, billing addresses, etc.)

All payment information is processed by Apple and RevenueCat. We never have access to your payment details.

4. Technical Data (Anonymous)

We may collect limited, anonymous technical information to improve app performance:

• Device type (e.g., iPhone 15, iPad Pro)
• Operating system version (e.g., iOS 18.1)
• App version
• Crash reports and error logs (containing no personal or health data)

This technical data is collected anonymously and cannot be linked to you or your health information.

How We Use Your Data

Your Health Data (Stored Locally)

Your health data is stored exclusively on your device and is used solely by you to:

• Track your IBD symptoms and patterns
• Monitor medication adherence
• Identify triggers and improve disease management
• Generate personal insights and reports
• Export data for your own use (e.g., to share with your healthcare provider)

We do not use, access, or analyze your health data in any way because it never leaves your device.

Transaction Data (Anonymous)

Anonymous transaction data is used to:

• Verify subscription status
• Provide access to premium features
• Understand subscription trends
• Improve our business operations

This data cannot be linked to you personally or to your health information.

Technical Data (Anonymous)

Anonymous technical data is used to:

• Fix bugs and improve app stability
• Optimize performance across different devices
• Plan feature development
• Ensure compatibility with new iOS versions

Data Storage and Security

Local Storage Security

All health data is stored on your device using:

• iOS's encrypted local storage (leveraging Apple's built-in security features)
• Secure data containers that are protected by your device's passcode/biometric authentication
• Sandboxed app environment as required by Apple's security model

Your health data is as secure as your iPhone or iPad. We recommend:

• Using a strong device passcode or biometric authentication (Face ID/Touch ID)
• Keeping your device's operating system updated
• Enabling device encryption (enabled by default on modern iOS devices)

No Remote Storage

We do not maintain any servers or databases that store your health information. Because your health data never leaves your device, it cannot be:

• Hacked from our servers (we don't have any)
• Subpoenaed or requested by third parties
• Sold or shared with advertisers
• Exposed in a data breach
• Accessed by our employees or contractors

Backups

Your health data may be included in:

• iCloud Backups (if you have iCloud Backup enabled)
• iTunes/Finder Backups (if you create local backups)

These backups are controlled by you and Apple, not by us. We recommend reviewing Apple's privacy policy to understand how iCloud handles your backup data. If you're concerned about health data in cloud backups, you can disable iCloud Backup for the App specifically or create encrypted local backups instead.

Data Retention

Your health data remains on your device until you:

• Manually delete it within the App
• Delete the App from your device
• Restore your device to factory settings
• Overwrite it with a new backup

We do not retain any copies of your health data because it never reaches our systems.

Your Privacy Rights

You have complete control over your health data:

Right to Access

You can access all your health data at any time through the App's interface.

Right to Export

You can export your data in standard formats (e.g., CSV, PDF) to share with healthcare providers or for your own records.

Right to Delete

You can delete any or all of your health data at any time through the App's settings. Deletion is immediate and permanent.

Right to Opt-Out

You can:

• Decline HealthKit integration
• Disable anonymous crash reporting (if applicable)
• Use the App without providing any data beyond what's necessary for its functionality

Right to Data Portability

You can export your data and transfer it to other applications or services of your choice.

Third-Party Services

RevenueCat (Payment Processing)

We use RevenueCat to manage in-app purchases and subscriptions. RevenueCat may collect:

• Anonymous transaction data
• Device identifiers (anonymous)
• Subscription status

RevenueCat does not have access to your health data. For more information, see RevenueCat's Privacy Policy.

Apple App Store

In-app purchases are processed through Apple's App Store. Apple may collect:

• Payment information
• Purchase history
• Account information

Apple does not have access to your health data stored in our App (though they manage HealthKit data separately). For more information, see Apple's Privacy Policy.

No Other Third Parties

We do not integrate with any other third-party services that could access your data. We do not use:

• Analytics platforms that track individual users
• Advertising networks
• Social media integrations
• Cloud storage providers (beyond optional iCloud backup)

HealthKit and Apple Health

If you grant the App permission to access HealthKit:

• Data exchange is local: The App reads from and writes to Apple Health directly on your device
• You control permissions: You can grant or revoke specific HealthKit permissions at any time
• No external transmission: HealthKit data accessed by the App is not transmitted to external servers
• Apple's policies apply: HealthKit data is governed by Apple's privacy policies

We comply with Apple's HealthKit guidelines, which prohibit:

• Selling HealthKit data to third parties
• Using HealthKit data for advertising
• Sharing HealthKit data without explicit user consent

Children's Privacy

The App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information through the App, please contact us immediately.

HIPAA Compliance

Important Notice: This App is designed as a personal health tracking tool for individual use. It is not a HIPAA-covered entity or business associate.

Why HIPAA May Not Apply to This App

HIPAA (Health Insurance Portability and Accountability Act) applies to:

• Healthcare providers
• Health insurance companies
• Healthcare clearinghouses
• Business associates of the above

As a personal health tracking tool where all data is stored locally on your device, we:

• Do not operate as a healthcare provider
• Do not transmit protected health information (PHI)
• Do not maintain electronic health records on behalf of covered entities
• Cannot access your health data

Your Responsibility

If you choose to share exported data from this App with healthcare providers, that data exchange is between you and your provider. We recommend:

• Understanding your provider's privacy practices
• Using secure methods to share health information
• Consulting with your healthcare team about appropriate data sharing

International Users

The App is designed to comply with privacy laws worldwide, including:

• GDPR (General Data Protection Regulation) for users in the European Union
• PIPEDA (Personal Information Protection and Electronic Documents Act) for users in Canada
• Privacy Act 1988 for users in Australia
• Other applicable data protection laws

Because all health data is stored locally on your device and never transmitted to external servers, many international data transfer concerns are eliminated by design.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in legal requirements
• New features or functionality
• User feedback and best practices

When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you through the App or via email (if we have your email address)
• Your continued use of the App after changes constitutes acceptance of the updated policy

We will never change our core commitment: Your health data will always remain exclusively on your device.

Data Breaches

Because your health data never leaves your device and we do not store it on any servers, a data breach of our systems cannot expose your health information.

In the unlikely event of a security incident affecting:

• Anonymous transaction data
• Technical/diagnostic data

We will:

• Investigate the incident promptly
• Take steps to prevent future incidents
• Notify affected users if required by law

Your Device Security

Since all your health data is stored on your device, your device security is paramount. We recommend:

1. Use strong authentication:
   • Enable Face ID or Touch ID
   • Use a strong device passcode (6+ digits)
   • Enable "Erase Data" after failed passcode attempts
2. Keep software updated:
   • Install iOS updates promptly
   • Keep the App updated to the latest version
3. Be cautious with device access:
   • Don't jailbreak your device (this compromises security)
   • Don't share your passcode with others
   • Be aware of who has physical access to your unlocked device
4. Manage backups carefully:
   • Understand that iCloud backups may include app data
   • Consider encrypted local backups for maximum privacy
   • Use a strong Apple ID password

Contact Information

Legal Requests

In the unlikely event we receive a legal request for user data (such as a subpoena or court order):

We cannot provide health data because we do not have access to it. Your health data exists only on your device.

We may be able to provide:

• Anonymous transaction records (if we can identify the relevant transactions)
• Account information (if you've provided it)
• Anonymous technical data

We will:

• Carefully review any legal request
• Notify affected users when legally permitted
• Provide only the minimum information required by law

Disclaimer

This App is intended for personal health tracking and informational purposes only. It is not intended to:

• Replace professional medical advice
• Diagnose, treat, cure, or prevent any disease
• Serve as a medical device or clinical tool

Always consult with qualified healthcare professionals for medical advice and treatment decisions.

Consent

By using the App, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use the App.

---

Summary: Your Privacy in Plain Language