GutGraphBack to Home

Privacy Policy

Last updated: December 28, 2025

Our Privacy Manifesto

At GutGraph, we believe your health data is your most private possession. We do not sell your data, we do not track your identity for advertisers, and we do not have a "cloud" where your medical history lives unprotected.

Your data stays secure, encrypted, and under your control—always.

Your Security is Our Foundation

Unlike other health apps, GutGraph is built with security and privacy at its core—not as an afterthought.

End-to-End Encryption

All sensitive health data—including your weight, cycle data, personal notes, and nutrition logs—is encrypted using industry-standard AES-256-GCM encryption before being stored. We cannot read your private health information, even if we wanted to.

User-Controlled Backups

Your backup data is encrypted and stored securely on our infrastructure with your consent. You control when backups happen and can export or delete your data at any time. We never access your backups without your explicit permission.

No Third-Party Tracking

We do not use third-party analytics that "leak" your health habits to data brokers. No Facebook Pixel, no Google Analytics tracking your cycle, no advertisers knowing when you're ovulating.

How We Handle Your Sensitive Data

Different types of health data require different levels of protection. Here's how we handle each category:

🥗 Nutrition & Meal Logs

We process your food entries and macronutrients solely to provide you with personal insights. This data is never used to build a "consumer profile" for food companies. Your meal descriptions are encrypted, and AI analysis happens in a privacy-preserving manner—we don't train models on your eating habits or sell your food preferences to third parties.

🌸 Cycle & Period Tracking

We recognize the extreme sensitivity of reproductive health data. Your cycle information receives our highest level of protection:

  • No Predictive Profiling: We do not use your cycle data to serve you targeted ads based on your hormonal phases or fertility status.
  • Encrypted at Rest: Your cycle history, period dates, symptoms, and personal notes are stored in an encrypted database, making them inaccessible to unauthorized access.
  • Never Sold or Shared: We will never sell your menstrual data to pharmaceutical companies, insurance providers, or data brokers. Your reproductive health is private, period.
  • Self-Contained Predictions: Cycle predictions are calculated using your personal data only—we don't pool your cycle information with other users to "improve" our algorithms unless you explicitly opt into anonymized research.

Privacy Policy Details

GutGraph ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health tracking application.

We understand that health data is among the most sensitive personal information, and we take our responsibility to protect it seriously. Please read this policy carefully to understand our practices regarding your data.

Your Data Security

All sensitive personal health data is encrypted using industry-standard AES-256-GCM encryption before being stored in our database. This includes your weight, height, date of birth, personal notes, and mood labels.

Information We Collect

Account Information

  • Name: Your first and last name for personalization
  • Email Address: For account authentication and communication
  • Password: Securely hashed and never stored in plain text
  • Google Account ID: If you choose to sign up with Google
  • Profile Picture: Optional avatar for your account

Health Profile Data (Encrypted)

  • Weight: Your body weight (encrypted at rest)
  • Height: Your height (encrypted at rest)
  • Date of Birth: For age-related health insights (encrypted at rest)
  • Average Cycle Length: Your typical menstrual cycle duration
  • Average Period Length: Your typical period duration
  • Last Period Date: For cycle predictions

Menstrual Cycle Data

  • Cycle Start and End Dates: To track your menstrual cycles
  • Flow Intensity: None, light, medium, or heavy
  • Period Start Indicators: To accurately predict future cycles
  • Cycle Notes: Personal notes about your cycle (encrypted at rest)

Daily Health Logs

  • Symptoms: Type and severity (1-5 scale) of symptoms you experience
  • Mood Entries: Your emotional state and mood scores
  • Meal Quality: General assessment of daily nutrition
  • Personal Notes: Any notes you add to daily logs (encrypted at rest)

Nutrition Data

  • Meal Logs: Breakfast, lunch, dinner, and snack entries
  • Meal Descriptions: What you ate (encrypted at rest)
  • Nutritional Information: Calories, protein, carbohydrates, and fat
  • Ingredients: Individual food items with portion sizes
  • AI Analysis Results: Nutritional data derived from AI processing

Mood Tracking Data

  • Mood Scores: Daily mood ratings on a 1-5 scale
  • Mood Labels: Descriptive labels like "Happy," "Calm," or "Anxious" (encrypted at rest)
  • Mood Notes: Additional context about your emotional state (encrypted at rest)

How We Use Your Information

  • Provide Core Services: Track your menstrual cycles, predict future periods, and log health data
  • Generate Insights: Analyze patterns in your data to provide personalized health insights
  • Improve Predictions: Use your historical data to improve cycle and ovulation predictions
  • AI-Powered Features: Process meal descriptions to estimate nutritional content
  • Account Management: Authenticate your identity and maintain your account
  • Communication: Send essential service updates and respond to your inquiries
  • Research (Optional): If you opt-in, use anonymized data to improve our algorithms

How We Protect Your Data

Encryption at Rest

Sensitive health data is encrypted using AES-256-GCM before storage

Encryption in Transit

All data transfers use HTTPS/TLS encryption

Access Controls

Strict authentication and authorization for data access

Password Security

Passwords are hashed using bcrypt with secure salt rounds

Third-Party Services

We use carefully selected third-party services to provide our application:

Authentication

  • Google OAuth: If you choose to sign in with Google, we receive your name, email, and profile picture from Google. We do not have access to your Google password.

Payment Processing

  • Stripe: Our payment processor handles all payment information. We never store your credit card details. Stripe is PCI-DSS compliant. Please review Stripe's Privacy Policy.

AI Services

  • Nutrition Analysis: We use AI services to analyze meal descriptions and estimate nutritional content. Only meal descriptions are sent; no personally identifiable information is included.

Infrastructure

  • Cloud Hosting: Our application is hosted on secure cloud infrastructure with appropriate security certifications.
  • Database: PostgreSQL database with encryption enabled.

Your Rights

You have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Export

Export your data in a portable format (available in Premium)

Right to Rectification

Correct any inaccurate personal data

Right to Deletion

Request complete deletion of your account and data

To exercise any of these rights, please contact us at [email protected].

Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Account Deletion: Upon account deletion, all personal data is permanently removed within 30 days
  • Backup Retention: Encrypted backups may be retained for up to 90 days for disaster recovery
  • Anonymized Data: If you opted into research sharing, anonymized data may be retained indefinitely

Children's Privacy

GutGraph is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or in-app notification.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

[email protected]