Privacy Policy
Last updated: February 9, 2026
At BloomYourGut, we take your privacy seriously. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights regarding your data. We believe in transparency and want you to feel confident using our platform.
1. Information We Collect
Information you provide directly
- Account information: name, email address, and password when you create an account
- Health tracking data: symptom logs, food diaries, and GutScore entries you voluntarily submit
- Payment information: billing details processed securely through Stripe (we never store your full card number)
- Communications: messages you send to us via email or contact forms
- Newsletter preferences: your email address when you subscribe to our newsletter
Information collected automatically
- Device and browser information: browser type, operating system, device type
- Usage data: pages visited, time spent on pages, features used, and interaction patterns
- IP address and approximate location (country/region level only)
- Referral source: how you found our website
2. How We Use Your Information
- Provide and maintain our services, including personalized gut health tracking and article recommendations
- Process subscriptions and payments
- Send you relevant content, including weekly email digests (only if you opt in)
- Generate aggregated, anonymized health insights and research (your individual data is never shared)
- Improve our platform, content quality, and user experience
- Respond to your questions and support requests
- Detect and prevent fraud, abuse, and security issues
- Comply with legal obligations
3. Data Storage and Security
Your data is stored securely on Supabase, a trusted cloud database provider that uses enterprise-grade encryption. Specifically:
- All data is encrypted at rest and in transit (TLS 1.3)
- Database access requires authenticated, role-based permissions
- Health tracking data is stored in an isolated schema with additional access controls
- We perform regular security audits and maintain strict access controls for our team
- Passwords are hashed using industry-standard algorithms and are never stored in plain text
4. Third-Party Services
We use a limited number of trusted third-party services to operate our platform:
- Stripe -- Processes payments securely. Stripe is PCI DSS Level 1 certified. We never see or store your full credit card number. See Stripe's Privacy Policy.
- Google Analytics -- Helps us understand how visitors use our site. We use IP anonymization and do not share data with Google for advertising purposes. See Google's Privacy Policy.
- PostHog -- Product analytics that helps us improve the user experience. PostHog is GDPR compliant and we self-host where possible. See PostHog's Privacy Policy.
- ConvertKit -- Manages our email newsletter. Your email address is shared with ConvertKit only if you subscribe to our newsletter. See ConvertKit's Privacy Policy.
- Supabase -- Hosts our database and authentication services. See Supabase's Privacy Policy.
We do not sell your personal information to third parties. We do not share your health tracking data with any third party.
5. Cookies
We use cookies and similar technologies to:
- Essential cookies: Keep you signed in and remember your preferences. These are necessary for the site to function.
- Analytics cookies: Help us understand how visitors interact with our site. These can be disabled in your browser settings.
We do not use advertising or tracking cookies. You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of the site.
6. Your Rights
Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable data protection laws:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct any inaccurate or incomplete data
- Deletion: Request that we delete your personal data (right to be forgotten)
- Export: Request a portable copy of your data in a machine-readable format (JSON or CSV)
- Restriction: Request that we limit how we process your data
- Objection: Object to our processing of your data for certain purposes
- Withdraw consent: Where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, email us at privacy@bloomyourgut.com. We will respond within 30 days. For California residents: we do not sell personal information as defined by the CCPA.
7. Data Retention
We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in this policy:
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Health tracking data: Retained while your account is active. Permanently deleted within 30 days of account deletion.
- Payment records: Retained for 7 years as required by tax and financial regulations.
- Analytics data: Aggregated and anonymized after 26 months.
- Email communications: Retained for 3 years unless you request earlier deletion.
8. Children's Privacy
BloomYourGut is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@bloomyourgut.com and we will promptly delete that information.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by posting a notice on our website and, if you have an account, by sending you an email. We encourage you to review this page periodically. Your continued use of BloomYourGut after changes are posted constitutes your acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: