Privacy Policy

Your privacy is important to us. This policy outlines how we collect, use, and protect your information.

Effective as of November 14, 2025

Introduction

GutMate ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS mobile application (the "App").

Your privacy is important to us. This App is designed with a privacy-first approach: all core features work offline, and we only transmit data to third-party services when you explicitly use optional AI-powered features (Menu Scanner and Food Plate Tracker).

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the App.

Information We Collect

1. Information You Provide Directly

Account Information (Optional)

  • Email address (if you create an account with email/password authentication)
  • Authentication credentials (managed by Firebase Authentication)

Food Tracking Data (Stored Locally and Synced via iCloud)

  • Favorite foods
  • Scan history (menu scan results)
  • Food consumption logs (manual entries and plate scan results)
  • Symptom logs (if you use the symptom tracking feature)
  • Photos of restaurant menus (when using Menu Scanner)
  • Photos of food plates (when using Food Plate Tracker)

User Preferences

  • App settings and preferences (stored locally via UserDefaults)
  • Consent preferences (image sharing consent status)

2. Information Collected Automatically

Device Information

  • Device model and operating system version (for compatibility and crash reporting)
  • App version (for debugging and support)
  • Unique device identifiers (Firebase Installation ID for analytics)

Usage Data

  • Feature usage statistics (e.g., number of scans performed, premium feature access)
  • Scan timestamps and rate limiting data (stored in Firebase Firestore)
  • App performance data (crash logs, error reports)

3. Images Uploaded to AI Services (Optional Features Only)

When You Use Menu Scanner or Food Plate Tracker:

  • JPEG images of restaurant menus or food plates
  • Images are converted to JPEG format with 0.8 compression quality
  • Images are base64-encoded and uploaded to our Firebase Cloud Functions
  • Images are forwarded to OpenRouter API (Google Gemini vision model) for analysis
  • IMPORTANT: OpenRouter has a zero-retention policy - images are processed in real-time and immediately discarded after analysis
  • Images are NOT stored on our servers or by OpenRouter
  • Scan results (text analysis output) are saved locally and synced via iCloud

How We Use Your Information

  1. Provide Core App Functionality
    • Display FODMAP ratings for 1,670 foods and 2,885 serving sizes (offline, no data transmission)
    • Search and browse food database (offline, no data transmission)
    • Save and sync your favorites, scan history, and food logs via Apple iCloud
  2. Provide AI-Powered Features (With Your Consent)
    • Analyze menu images to identify dishes and ingredients (Menu Scanner)
    • Analyze food plate images to estimate portions and track consumption (Food Plate Tracker)
    • Match detected ingredients against our FODMAP database
    • Return traffic-light ratings for detected foods
  3. Manage Subscriptions and Payments
    • Process in-app purchases via RevenueCat
    • Manage premium subscription status
    • Enforce rate limits (5 free scans/day, 100 for premium users)
  4. Improve App Quality
    • Monitor app crashes and errors (Firebase Crashlytics)
    • Analyze feature usage to prioritize improvements (Firebase Analytics)
    • Track rate limit quotas to prevent abuse

How We Share Your Information

We do NOT sell your personal information to third parties. We only share your information with the following trusted service providers:

1. Firebase (Google Cloud Platform)

Services Used: Firebase Authentication, Firebase Firestore, Firebase Cloud Functions, Firebase Crashlytics, Firebase Analytics

Privacy Policy: https://firebase.google.com/support/privacy

2. OpenRouter API (Google Gemini Vision Model)

Purpose: AI-powered menu and plate image analysis

Data Retention: ZERO-RETENTION POLICY - OpenRouter processes images in real-time and immediately discards them after analysis. Images are NOT logged, stored, or used for model training.

Privacy Policy: https://openrouter.ai/privacy

3. RevenueCat

Purpose: In-app purchase and subscription management

Privacy Policy: https://www.revenuecat.com/privacy

4. Apple iCloud (CloudKit)

Purpose: Cross-device sync for user data

Important: iCloud sync only occurs when you are signed in to iCloud on your device. We do NOT have access to your iCloud data - it is controlled entirely by you via your Apple ID.

Privacy Policy: https://www.apple.com/legal/privacy/

Data Retention

Local Data (Stored on Your Device): Retained indefinitely until you delete them or uninstall the App

Cloud Data (Firebase Firestore): Usage tracking data retained for 2 years, then automatically deleted

iCloud Data: Retained until you delete it via the App or iCloud settings

Third-Party Services:

  • OpenRouter: ZERO retention - images immediately discarded after analysis
  • RevenueCat: Purchase history retained per App Store requirements

Your Privacy Rights

All Users

  • Access: View what data we have about you (use "Export My Data" in Profile settings)
  • Correction: Update your email or account info via Profile settings
  • Deletion: Delete your account and all data via "Delete My Account" in Profile settings
  • Portability: Export your data as JSON via "Export My Data" button
  • Opt-Out: Disable image sharing via toggle in Profile settings (disables AI features)

GDPR Rights (EEA, UK, Switzerland Users)

Under the General Data Protection Regulation (GDPR), you have additional rights including right to access, rectification, erasure, restrict processing, data portability, object to processing, and withdraw consent. Contact us at contato@2xm.com.br to exercise these rights.

CCPA Rights (California Users)

Under the California Consumer Privacy Act (CCPA), California residents have rights to know what personal information we collect, request deletion, and opt-out of sale. We do NOT sell your personal information.

Children's Privacy (COPPA Compliance)

The App is NOT intended for children under 13 years of age (or under 16 in the EEA).

We do NOT knowingly collect personal information from children under 13/16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contato@2xm.com.br and we will delete it immediately.

Security Measures

We implement industry-standard security measures to protect your information:

  • End-to-End Encryption: All data transmitted to Firebase and OpenRouter uses HTTPS/TLS 1.3 encryption
  • iCloud Encryption: All synced data encrypted by Apple (AES-256)
  • Authentication: Firebase Authentication with secure token management
  • Rate Limiting: Prevents brute-force attacks and API abuse
  • Zero-Retention Policy: OpenRouter does not store images

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You use the App at your own risk.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

Notification of Changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will display an in-app notification on your next launch
  • Continued use of the App after changes constitutes acceptance of the updated policy

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contato@2xm.com.br

Subject Line: "GutMate Privacy Inquiry"

Website: https://janchristian.com.br/fodmap-app/

Response Time: We will respond to privacy inquiries within 7 business days.

Consent and Acceptance

By using the GutMate app, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For AI Features (Menu Scanner, Food Plate Tracker): You must explicitly consent to image sharing via the in-app consent toggle before using these features. You can withdraw consent anytime in Profile settings.