Privacy Policy
Effective date: pending pre-launch review by health-tech counsel.
Unsibo helps you track digestive patterns and daily lifestyle. Because the data you log is sensitive, we've designed the Service to collect only what's necessary and to give you granular control.
1. Who we are
The Controller of your personal data is Unsibo (the “Company”). For users in the EU, our Article 27 representative will be listed here before EU launch.
Contact:
- Email: privacy@unsibo.com
- Postal address: to be listed before launch
- Data Protection Officer: dpo@unsibo.com
2. What we collect
Account data
- Email address (for sign-in)
- Display name (optional, your choice)
- Date of birth (used to confirm you are 16 or older; we do not store age)
- Authentication identifier from Apple or email plus password (Google planned)
Health and wellness data (special-category data under Article 9 GDPR)
Only with your explicit, separate consent:
- Meals you log (food items, quantities, timestamps)
- Symptoms you log (severity scores, notes)
- Bowel movements (Bristol scale, urgency, optional notes)
- Medications and supplements you choose to track
- Meal spacing timings
- Phase selections (Reset, Rhythm, Routine)
- Reintroduction challenge results
- Breath-test results (if you choose to enter them)
- Apple Health or Health Connect data you choose to sync (sleep, HRV, weight, menstrual cycle)
Quiz responses (web)
If you take the landing-page quiz, your answers are stored client-side in your browser. If we add a server-side quiz response store later, this section will be updated and you will be notified.
Technical data
- Device type, OS version, app version
- Crash logs (with personal data scrubbed)
- Anonymous product analytics (only with your separate, opt-in consent, disabled by default)
What we do not collect
- Precise location
- Contacts, photos, or files beyond what you explicitly upload
- Browser history
- Marketing or advertising identifiers
- Cross-site tracking
3. Why we process your data (lawful bases)
| Purpose | Lawful basis | Special-category basis |
|---|---|---|
| Provide the core Service (logging, sync, history, on-device pattern insights) | Performance of contract (Art. 6(1)(b)) | Your explicit consent (Art. 9(2)(a)) |
| Anonymous product analytics | Your explicit consent (Art. 6(1)(a)) | n/a (analytics never include health data) |
| Crash reporting | Legitimate interests (Art. 6(1)(f)), debugging | n/a (personal data scrubbed) |
| Legal compliance (eg. consent records) | Legal obligation (Art. 6(1)(c)) | Substantial public interest (Art. 9(2)(g)) |
4. Your two consents
When you create an account, you will see two separate, unchecked switches. Each is independent. You can change either anytime in Settings.
- Health-data tracking. Required for the app to do anything useful. Insights you see in the You tab are computed on-device from data you have already consented to store, so no separate consent applies.
- Anonymous product analytics. Opt-in only, never includes your health entries.
Revoking #1 will trigger account-deletion confirmation, because the app cannot function without it.
Future server-side AI features (for example weekly LLM-generated reflections) will ship behind a new, separately-toggled consent on the consent screen at the time of launch. We do not run any such processing today.
5. Sharing your data
We never sell your data. We never share it for advertising. We never send your health data to third-party advertising or marketing pixels.
We share data only with the limited set of processors we need to run the Service:
| Processor | Purpose | Data shared | Jurisdiction |
|---|---|---|---|
| Supabase (database and auth) | Storage of your account and logs | All app data, encrypted at rest | US (DPF-certified) |
| Vercel (web hosting) | Landing site | None from the app; quiz answers stay in your browser | US (DPF-certified) |
| Sentry (crash reporting) | Debug app errors | Scrubbed crash logs only, no health data | US (DPF-certified) |
| PostHog (product analytics) | Opt-in analytics | Allowlisted events only, never includes health data | EU residency on request |
| Apple and Google (auth and IAP) | Sign-in and subscriptions | Auth identifiers, purchase receipts | per platform terms |
Standard Contractual Clauses or DPF certification covers all transfers to the US.
6. AI features
The current Service does not send your logged data to any AI provider. The insights you see in the You tab (trigger ranking, symptom trends, meal-spacing summary) are computed on your device from your own logs, then displayed. Nothing is sent off-device for AI processing.
If we add server-side AI features in the future (for example weekly LLM-generated reflections), they will ship behind a new, separately-toggled consent and this section will be updated to describe exactly what is sent, to whom, and for how long.
7. International transfers
If you are in the EU or UK, your data may be transferred to the US via:
- The EU-US Data Privacy Framework (Supabase, Vercel, and Sentry are DPF-certified)
- Standard Contractual Clauses with a Transfer Impact Assessment for non-DPF processors
You can request a copy of the relevant agreements at privacy@unsibo.com.
8. How long we keep your data
- Account and health data: as long as your account exists
- Backups: rolled out within 30 days of deletion
- Consent log: retained for the lifetime of the account plus 3 years (legal accountability)
- Anonymous analytics: aggregated and not personally identifiable after rollup
- Crash logs: 90 days
9. Your rights
If you are in the EU, UK, California, Washington, or similar privacy-law jurisdictions, you have the right to:
- Access: get a copy of your data
- Rectify: correct inaccurate data
- Erasure: delete your data (in-app: Settings, then Delete account)
- Restrict processing: pause specific uses
- Data portability: export your data in a machine-readable format (in-app: Settings, then Export data)
- Object: to processing based on legitimate interests
- Withdraw consent: anytime; equally easy as giving consent (in-app: Settings, then Privacy)
- Lodge a complaint with your supervisory authority
To exercise any right, email privacy@unsibo.com.
10. Security
We use:
- TLS in transit for all data
- Encryption at rest (Supabase-managed disk encryption on our database)
- Row-level security on every database table, only you can read your own data
- Authentication tokens stored in the device Keychain (iOS) or Keystore (Android), never in plaintext
- Strict third-party SDK isolation, no advertising or marketing pixels on health screens
No system is perfectly secure. If we ever experience a breach affecting your data, we will notify you and the relevant supervisory authorities within 72 hours as required by GDPR.
11. Children
Unsibo is not directed at children under 16. At sign-up we ask for your date of birth and block account creation if it indicates an age under 16. We harmonize to the EU's highest minimum (Germany, 16) globally as a safe default, even where local law allows 13 or 15. We do not knowingly collect data from children under 16. If you become aware that a child has provided us with data, contact privacy@unsibo.com so we can delete it.
12. Changes
If we make material changes to this Privacy Policy, we will notify you in the Service before they take effect.
13. Contact
- General: privacy@unsibo.com
- DPO: dpo@unsibo.com
- EU representative: to be listed before EU launch
Questions? Email privacy@unsibo.com.