Privacy Policy

Effective date: March 24, 2026

Gutsy ("we," "our," or "the app") is operated by Sudjeev Singh. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Gutsy iOS application and related services.

We take your privacy seriously — especially because Gutsy handles sensitive health-related data. Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

• Account information: Email address and authentication credentials (if you create an account via email or Sign in with Apple).
• Health profile: Medical diagnoses, chronic symptoms, dietary goals, weight, height, age, and FODMAP sensitivities you enter during onboarding or in settings.
• Food & meal logs: Photos of meals, food names, ingredients, FODMAP classifications, and meal timing.
• Symptom logs: Symptom types, severity ratings, timestamps, and mood/stress levels.
• Stool logs: Bristol stool type, volume, observations, and optional photos.
• Medication & supplement logs: Medication names, dosages, supplement types, and timing.
• Water intake: Volume amounts and timestamps.
• Chat messages: Conversations with the Gutsy AI assistant.

1.2 Information from Apple Health (HealthKit)

With your explicit permission, Gutsy reads the following data from Apple Health:

• Sleep duration and in-bed time
• Heart rate variability (HRV)
• Step count
• Resting heart rate

Gutsy only reads Apple Health data. We never write to or modify your Apple Health records. HealthKit data is used solely to correlate lifestyle factors with your digestive symptoms and is never shared with third parties or used for advertising.

1.3 Information Collected Automatically

• Analytics data: Anonymous usage events (e.g., feature usage, screen views) via Mixpanel. We do not track food names, symptom details, diagnoses, or any identifiable health information in analytics.
• Device information: Device type, operating system version, and app version for crash reporting and compatibility.

2. How We Use Your Information

• Provide core functionality: Food analysis, FODMAP classification, symptom tracking, wellness scoring, trigger detection, and AI chat.
• AI-powered analysis: Photos and text you provide are sent to our secure backend proxy, which forwards them to OpenAI's API for analysis (food identification, stool classification, medication recognition, and chat responses). See Section 4 for details.
• Generate insights: Correlate food, symptoms, lifestyle, and health data to identify patterns, triggers, and trends personal to you.
• Weekly reports & summaries: Create personalized reports and AI-generated summaries based on your logged data.
• Notifications: Send reminders, check-in prompts, pattern alerts, and streak notifications you've opted into.
• Improve the app: Aggregated, anonymized usage analytics help us understand which features are used and improve the experience.

3. Data Storage & Security

3.1 On-Device Storage

All of your health data is stored locally on your device using Apple's SwiftData framework. This includes all food logs, symptom entries, stool logs, medication records, wellness scores, and Apple Health snapshots. Your data never leaves your device except when you interact with AI features (see Section 4).

3.2 Firebase Authentication

If you create an account, your authentication credentials are managed by Google Firebase Authentication. Firebase stores your email and authentication tokens. See Firebase Privacy Policy.

3.3 Security Measures

• All network requests are encrypted using HTTPS/TLS.
• API keys are stored server-side and never embedded in the app binary.
• Photos sent for AI analysis are not stored on our servers after processing.
• We use Apple's Keychain Services for secure credential storage on-device.

4. Third-Party AI Service — OpenAI

Gutsy uses OpenAI's API (GPT-4o model) to power its AI features. This section explains exactly what data is shared, how it is shared, and how it is protected.

4.1 User Consent

Before any data is sent to OpenAI, Gutsy presents an explicit consent screen that clearly identifies OpenAI as the data recipient and describes the data that will be shared. You must agree to this consent before any AI features are activated. If you decline, no data is sent to OpenAI and AI-powered features remain disabled. You can change your consent preference at any time in the app's Settings.

4.2 What Data Is Sent to OpenAI

When you use AI-powered features, the following data may be sent to OpenAI's servers via our secure backend proxy:

• Chat messages: The text of your conversations with the Gutsy AI assistant.
• Food and meal logs: Recent food names, ingredients, FODMAP classifications, and meal timing (used as context for personalized responses).
• Symptom logs: Recent symptom types, severity ratings, and timestamps.
• Stool logs: Recent Bristol stool type, volume, and observations.
• Supplement and medication logs: Recent supplement types, medication names, dosages, and timing.
• Photos: Images you submit for food analysis, stool classification, or medication label recognition.
• Apple Health data (if enabled): Sleep duration, heart rate variability (HRV), step count, and resting heart rate — included as context to personalize AI responses.
• Health profile: Your medical diagnosis, chronic symptoms, and dietary goals (used as context for personalized guidance).

4.3 How Data Is Sent

All data is transmitted via encrypted HTTPS to our secure backend proxy server, which then forwards the request to OpenAI's API. Your device never communicates directly with OpenAI — all requests are routed through our proxy. API keys are stored server-side and are never exposed to the client app.

4.4 How OpenAI Handles Your Data

• OpenAI does not use data submitted via its API to train or improve its models. This is confirmed in OpenAI's API Data Usage Policy.
• OpenAI may retain API inputs and outputs for up to 30 days for abuse and misuse monitoring, after which they are deleted. OpenAI does not use this data for training.
• Photos and text are processed in real-time and are not permanently stored by either our proxy server or OpenAI.
• OpenAI maintains industry-standard security measures including encryption in transit and at rest, SOC 2 Type II compliance, and regular security audits. See OpenAI's Privacy Policy for full details.

4.5 Data Protection Assurance

We have confirmed that OpenAI provides protections for your data that are equal to or greater than the protections described in this Privacy Policy, including: encryption of data in transit and at rest, no use of your data for AI model training, limited retention periods, and compliance with applicable data protection laws.

5. Other Third-Party Services

In addition to OpenAI, Gutsy uses the following third-party services:

• Firebase (Google): Provides authentication services. See Firebase Privacy.
• Mixpanel: Provides anonymized product analytics. No health data, food names, symptoms, or personally identifiable health information is sent to Mixpanel. See Mixpanel Privacy Policy.
• Open Food Facts: Barcode lookups for packaged food products. Only the barcode number is sent. See Open Food Facts Terms.
• Apple (HealthKit, StoreKit): Health data access and subscription management are governed by Apple's Privacy Policy.

6. What We Do NOT Do

• We do not sell, rent, or trade your personal or health data to anyone.
• We do not use your health data for advertising or ad targeting.
• We do not share your data with data brokers.
• We do not use HealthKit data for advertising, marketing, or data mining.
• We do not store photos of your meals or stool on our servers after AI analysis is complete.

7. Data Retention

• On-device data: Stored indefinitely on your device until you delete entries or uninstall the app.
• Firebase auth data: Retained until you delete your account.
• Analytics data: Anonymized events are retained by Mixpanel per their retention policy.
• AI processing data: Photos and text sent for AI analysis are processed in real-time and not retained on our proxy servers or by OpenAI after processing.

8. Your Rights & Choices

• Delete your data: You can delete individual entries within the app, or delete your entire account from Settings, which removes all server-side data.
• Export your data: Premium users can export all logged data as CSV or JSON files.
• Disable HealthKit: You can revoke HealthKit permissions at any time in iOS Settings > Health > Data Access.
• Disable notifications: Manage notification preferences in the app's Reminders settings or iOS Settings.
• Withdraw AI data sharing consent: You can withdraw your consent for AI data sharing at any time in the app's Settings. When withdrawn, no further data will be sent to OpenAI and AI-powered features will be disabled.
• Opt out of analytics: Contact us at the email below to request analytics opt-out.

9. Children's Privacy

Gutsy is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, (b) request deletion of your personal information, (c) opt out of the sale of personal information (we do not sell personal information), and (d) not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at the email below.

11. International Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal basis for processing health data is your explicit consent, which you provide by using the app and agreeing to this policy. To exercise your rights, contact us at the email below.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the "Effective date" above. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@thegutsyapp.com

Developer: Sudjeev Singh