GutCode – Privacy Policy

Last updated: January 29, 2026 | Version 1.1

1. Data Controller

The data controller responsible for processing your personal data is:

GutCode
Operated by: Hanish Ali Köse
Country: Germany
Email: support@gutcode.app

2. What Data We Process

2.1 Data Stored Locally on Your Device

The following data is stored only on your device and is never transmitted to our servers:

Data Type	Purpose	Legal Basis (GDPR Art. 6)
Food entries & nutrition logs	Track your meals and nutrition	Contract performance
Meal photos	Visual food logging	Contract performance
App preferences & settings	Personalize your experience	Contract performance
Health data (via HealthKit)	Display activity & wellness insights	Explicit consent (Art. 9)

2.2 Apple HealthKit Data

With your explicit consent, GutCode may read the following from Apple HealthKit:

• Step count & active energy
• Heart rate variability & resting heart rate
• Body weight
• Menstrual cycle data (if applicable)

2.3 Data Processed by Third Parties

When you use certain features, data may be processed by the following services:

Service	Purpose	Data Sent	Privacy Policy
OpenAI API	Food image recognition	Meal photo only (no personal/health data)	openai.com/privacy
Firebase Analytics	Usage analytics (with consent)	Anonymous usage patterns, screen views, feature engagement	firebase.google.com/privacy
Firebase Crashlytics	Crash reporting (with consent)	Anonymous crash logs, device model, OS version	firebase.google.com/privacy
Firebase Firestore	Research Collective data sync (opt-in only)	Anonymized health correlations (see Section 2.4)	firebase.google.com/privacy
RevenueCat	Subscription management	Purchase receipts, subscription status	revenuecat.com/privacy

Photos sent to OpenAI are processed transiently and are not stored beyond the processing request. Firebase services are hosted in the EU (Frankfurt, europe-west3) for GDPR compliance.

2.4 Research Collective (Optional Opt-In)

If you choose to join the Research Collective, the following anonymized data is synced to Firebase servers located in the EU:

• Age range (e.g., 25-34, not exact age)
• Biological sex and activity level
• Clinical diagnosis category (if voluntarily provided)
• Medication classes (if voluntarily provided)
• Anonymized meal-symptom correlations with timing
• Daily aggregates (plant diversity score, water intake, stool type)

3. How We Use Your Data

Your data is used exclusively to:

• Provide the core app functionality (meal tracking, nutrition insights)
• Display personalized wellness information based on your entries
• Improve the app experience through your local preferences

We do NOT use your data for:

• Advertising or marketing purposes
• Profiling or automated decision-making
• Sale to third parties

4. Data Storage & Security

• Local Storage: All personal data is stored on your device using Apple's secure storage mechanisms (Keychain, encrypted containers)
• No Cloud Sync: We do not maintain servers storing your personal data
• Encryption: iOS provides hardware-level encryption for app data

5. Data Retention

Your data is retained on your device for as long as you use the app. To delete all data:

• Uninstall GutCode from your device
• Revoke HealthKit permissions in iOS Settings → Privacy → Health

6. Your Rights Under GDPR

As a user in the European Union, you have the following rights:

Right	Description	How to Exercise
Access	Request a copy of your data	All data is on your device; contact us for assistance
Rectification	Correct inaccurate data	Edit directly in the app
Erasure	Delete your data	Uninstall the app
Portability	Export your data	Use in-app export features (if available)
Withdraw Consent	Revoke HealthKit access	iOS Settings → Privacy → Health
Lodge Complaint	File a complaint with a supervisory authority	Contact your local Data Protection Authority

7. Children's Privacy

GutCode is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us for immediate deletion.

8. International Data Transfers

When you use AI food recognition, image data may be processed by servers located in the United States (OpenAI). This transfer is based on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The data transferred is limited to meal photos only (no personal identifiers)

9. Analytics & Tracking

With your explicit consent, GutCode may collect anonymous usage analytics to improve the app experience:

• Usage Analytics: Screen views, feature engagement (e.g., meals logged, symptoms tracked)
• Crash Reports: Anonymous crash data to help us fix bugs

When you first use the app, you will be asked for consent. You can choose:

• Accept All: Enable analytics, crash reports, and personalization
• Essential Only: Only crash reports (no usage tracking)
• Customize: Choose individually what to enable

You can change your preferences at any time in Profile → Legal & About → Analytics & Privacy.

We do NOT:

• Use advertising SDKs or sell your data
• Track you across other apps or websites
• Share analytics data with third parties for marketing

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through:

• An in-app notification
• Updated "Last updated" date at the top of this policy

Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact & Data Protection Officer

For privacy inquiries, data requests, or to exercise your GDPR rights:

Email: support@gutcode.app
Response time: Within 30 days as required by GDPR

12. Supervisory Authority

If you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. In Germany, this is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
www.bfdi.bund.de