Gutrace Privacy Policy

Last Updated: March 2, 2026 This Privacy Policy explains how Gutrace ("Gutrace," "we," "us," or "our") collects, uses, shares, and protects information when you use the Gutrace mobile application and related services (collectively, the "Service"). By using the Service, you understand and agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service. Important disclosure: When you use AI-powered analysis features, your food/menu image and the text you provide are sent to a third-party AI provider (Google Gemini API) for processing to generate the analysis you request. This Privacy Policy explains what data is sent, to whom, and under what controls. Before your first AI analysis, we will present an in-app notice and ask for your explicit permission to send these data to Google Gemini API. 1) Who We Are (Controller / Operator) Operator: Opusflame Limited (靈焰科技有限公司) Email: info@gutrace.com Website: https://gutrace.com/ 2) Information We Collect A. Account & Identity Information We collect information to create and manage your account and authenticate you when you sign in: Email account: email address (and authentication-related metadata). Sign in with Apple: Apple sign-in identifier and, if you choose to share it, your name and email address (including Apple private relay email where applicable). Google Sign-In: Google account identifier and, if available, your name and email address. B. Health & Wellness Information (User-Provided) To support Service features, you may provide information related to digestive health and symptoms, including: Health profile questionnaire data (e.g., diagnosis type, symptom challenges, avoidance strategies). Symptom and reaction logs (e.g., symptoms, severity/intensity, timing/time-to-onset, notes, flare/remission status). Food diary entries and scan history linked to your account (if enabled). You can choose how much information to provide. Do not submit information you do not want stored or processed. C. User Content: Food/Menu Inputs To perform food analysis and enable tracking features, we collect: Food or menu images you capture or upload. Text inputs you submit (food names, ingredient lists, menu descriptions, notes). D. Purchases & Subscription Data If you purchase a subscription through the Apple App Store: We process transaction identifiers and subscription status data needed to validate entitlements (including free trial status where applicable). Payment details are processed by Apple via StoreKit; we do not receive your full payment card information. E. Device, Usage, and Diagnostics Data We collect certain information automatically for performance, analytics, attribution (if enabled), and debugging: Device/app information: device model, OS version, app version, language/locale, time zone. Usage data: feature usage events such as page views, button clicks, scan initiation, onboarding completion, and purchase funnel steps. Identifiers: app instance identifiers and device identifiers as permitted by platform rules. On iOS, IDFA is accessed only if App Tracking Transparency (ATT) permission is granted. Diagnostics: crash logs and performance data where available. Event payload (typical fields): We may collect analytics events through Firebase Analytics and, when enabled, through attribution SDKs. Event reports may include event name, timestamp, app version, device model, OS version, language/region, time zone, and non-sensitive context indicating which feature was used. Purchase-related events may include subscription status and, where applicable, transaction value and currency. Apple processes payments; we do not collect full payment card details. Firebase also collects certain events automatically by default (such as first_open, session_start, user_engagement, and app_update) along with device/app information as permitted by the platform and Firebase's SDK behavior. F. Push Notification Data If you enable notifications: We collect a push notification token (e.g., via Firebase Cloud Messaging) to deliver notifications such as trial reminders and service updates. G. Location Data (Optional) If you grant "Location (When In Use)" permission, we may process approximate location to localize certain content (e.g., region/language formatting). If you do not grant permission, we do not collect location data. 3) How We Use Information We use the information described above for the following purposes: A. Provide Core App Functions Authenticate users and maintain account sessions (including secure JWT session tokens). Create and maintain your digestive health profile and tracking history. Provide core app functionality such as scanning flows, history, and settings. B. AI Food Analysis Analyze food/menu images and text to estimate ingredients, potential triggers, risk signals, and allergen-related flags. Provide outputs such as "Safety Scores," ingredient risk levels, and educational estimates. C. Tracking & Personalization Features Store scan history and food diary entries (if enabled). Generate personal triggers and impact estimates based on your symptom/reaction logs. D. Subscription, Billing, and Entitlements Validate subscription status and enable paid features. Support purchase restoration flows. E. Analytics, Performance, and Product Improvement Understand feature usage and improve user experience (e.g., onboarding completion, scanning flows, dashboard engagement). Monitor stability via crash/performance diagnostics. Firebase Analytics may also automatically collect certain usage events by default (e.g., first_open, session_start, user_engagement, app_update) to help us understand app stability and usage patterns. F. Advertising Measurement & Attribution (Optional; configuration-based) We may measure advertising performance and attribute installs/subscriptions to campaigns using third-party SDKs (Meta, AppsFlyer, Adjust) only when enabled by our configuration. On iOS, IDFA-based tracking/attribution requires your permission via Apple's ATT prompt. If you do not allow tracking, we will not access IDFA and will rely on privacy-preserving methods where available (e.g., SKAdNetwork and aggregated/non-IDFA signals). We do not use your food images or health logs to personalize advertising. Advertising/attribution events, when enabled, are limited to app/feature usage and purchase-funnel signals. G. Notifications Send remote notifications such as trial expiration reminders and important service updates (if you enable notifications). H. Legal, Safety, and Fraud Prevention Detect abuse, secure the Service, comply with legal obligations, and enforce our terms. 4) How We Share Information (Recipients / Third Parties) We do not sell your personal information. We share data only as needed to operate the Service and as described below. 4.1 AI Processing Provider (Google LLC — Gemini API) User permission before sharing: Before the first time we send any data to our AI provider, we present an in-app notice and ask for your explicit permission. If you do not agree, we will not send your data and the AI analysis feature will not run. Data sent for AI analysis (current implementation): Prompt text: a system prompt template with variables replaced only by input_content and disease_type. input_content: Text analysis: the exact text you submit (text_input). Image analysis: a fixed string ("food or menu in the image"); we do not OCR your image into text in this step. disease_type: derived from your health profile diagnosis; defaults to not_diagnosed if unavailable. Image data (image analysis only): the image binary encoded as base64, sent as inline_data. Response schema (technical parameter): a non-personal output constraint sent as generationConfig.response_schema. Data NOT sent to the AI provider: user ID, JWT/session tokens, X-Device-Id, onboarding fields (e.g., biggest challenges, avoidance strategies, acquisition source), app version, platform metadata, analytics identifiers. We access the Gemini API via a billing-enabled Cloud Project (Paid Services). Under Google's Gemini API Additional Terms, prompts and responses are not used to improve Google products; Google may retain logs for a limited period for policy-violation detection and required disclosures. 4.2 Cloud Hosting and Storage (Google Cloud) We use cloud infrastructure to host the Service and store Service data: Google Cloud Run: hosts backend services Google Cloud Storage: stores food/menu images and other Service data required for processing, caching, and user history (where enabled) 4.3 Authentication (Keycloak) We use Keycloak (OpenID Connect) for authentication and session management. We store a JWT token securely on your device to maintain your session. 4.4 Analytics (Firebase Analytics) 4.4 Analytics (Firebase Analytics) We use Firebase Analytics to understand app usage and improve product performance and reliability. Firebase Analytics may process usage events and device/app identifiers as allowed by the platform. (1) Custom events we log (examples): We may log custom analytics events such as: app_install, photo_upload, feature_used, initiate_checkout, start_trial, purchase, page_view, page_time_spent, click, onboarding_step_completed, onboarding_completed, onboarding_skipped, and subscription_cancel (where used). (2) Automatically collected events (SDK default): Firebase Analytics may automatically collect certain events by default, such as first_open, session_start, user_engagement, and app_update, and related device/app information. Data typically included: event name, timestamp, app instance identifiers, and device/app context (e.g., OS/app version, device model, language/locale). Where required by law or platform policy, we provide relevant notices/controls. Some analytics may still be necessary to operate and secure the Service. 4.5 Push Notifications (Firebase Cloud Messaging) We use Firebase Cloud Messaging (FCM) to deliver remote notifications. FCM processes device push tokens for message delivery. 4.6 Advertising, Attribution & Measurement SDKs (Optional; configuration-based) We may use the following SDKs to measure advertising performance, attribute installs/subscriptions to campaigns, and improve marketing effectiveness only when enabled by our configuration. If these SDKs are not enabled, we do not initialize them and do not send events to them. (a) Meta — Facebook App Events (Meta SDK) Purpose: conversion measurement, attribution, campaign optimization. ATT/IDFA: On iOS, we request ATT permission before accessing IDFA or engaging in tracking across apps and websites. If you decline ATT, we do not access IDFA, and measurement may rely on privacy-preserving methods where available (e.g., SKAdNetwork/aggregated signals). Events we may send (examples): app_install photo_upload feature_used fb_mobile_initiated_checkout (mapped from initiate_checkout) StartTrial (mapped from start_trial) fb_mobile_purchase (mapped from purchase) fb_mobile_complete_registration (mapped from onboarding_completed) plus: subscription_cancel, page_view, page_time_spent, click, onboarding_step_completed, onboarding_skipped (when enabled) (b) AppsFlyer (Mobile Measurement Partner; MMP) Purpose: mobile attribution and marketing measurement. Events we may send (examples): app_install, photo_upload, feature_used, initiate_checkout, start_trial, purchase, subscription_cancel, page_view, page_time_spent, click, onboarding_step_completed, onboarding_completed, onboarding_skipped Data processed may include: event name, timestamp, app/device information (e.g., OS/app version), network information (e.g., IP address/user agent as part of requests), and attribution signals permitted by platform rules. ATT/IDFA & SKAdNetwork: On iOS, IDFA is accessed only if ATT is granted. If ATT is not granted, AppsFlyer may rely on SKAdNetwork and other permitted non-IDFA signals. (c) Adjust (Mobile Measurement Partner; MMP) Purpose: mobile attribution and marketing measurement; may support purchase/revenue event reporting where enabled. Events we may send (examples): app_install, photo_upload, feature_used, initiate_checkout, start_trial, purchase, subscription_cancel, page_view, page_time_spent, click, onboarding_step_completed, onboarding_completed, onboarding_skipped Purchase/revenue data (where applicable): purchase events may include subscription status and transaction value/currency needed for revenue measurement. Apple processes payments; we do not receive full payment card information. ATT/IDFA & SKAdNetwork: On iOS, IDFA is accessed only if ATT is granted. If ATT is not granted, Adjust may rely on SKAdNetwork and other permitted non-IDFA signals. Important: These SDKs are disabled by default unless explicitly enabled by our configuration (e.g., environment variables). You can control iOS tracking permission via ATT at any time in iOS Settings. 4.7 App Store & Payment Processing Subscriptions and purchases are processed by Apple via StoreKit. Our backend may process Apple transaction identifiers via an endpoint (e.g., POST /subscriptions/orders) to validate entitlement status. 4.8 Service Providers We may share information with vendors that help operate the Service (e.g., hosting, security, customer support) under contractual obligations to protect data and use it only for providing services to us. We require third parties to protect personal data with safeguards consistent with this Privacy Policy. 4.9 Legal and Safety We may disclose information if required by law, lawful requests, or to protect the rights, safety, and security of users and the Service. 5) Permissions and Controls 5.1 iOS Permissions Camera: take food photos for analysis Photo Library: choose food photos for analysis Location (When In Use): localize certain content (optional) Microphone: for features that require audio/video capture (if enabled) Tracking (ATT): optional; required for IDFA-based tracking/attribution on iOS You can change permissions anytime in iOS Settings. 5.2 Tracking Choices (ATT) If you decline ATT permission, we will not access IDFA for tracking. You can change your choice anytime in iOS Settings. 5.3 App Tracking (Advertising & Attribution) Advertising/attribution SDKs (Meta, AppsFlyer, Adjust) are optional and may be enabled or disabled by our configuration. If disabled, we do not initialize these SDKs and do not send events to them. On iOS, we request permission via Apple's ATT prompt before accessing IDFA or engaging in tracking across apps and websites. If you do not allow tracking, we will not access IDFA and will rely on privacy-preserving measurement where available (e.g., SKAdNetwork, aggregated/non-IDFA signals). You can change your choice anytime in iOS Settings. 5.4 AI Processing Choice AI processing is required to provide AI-powered analysis features. Explicit consent: Before the first AI analysis, we show an in-app AI Processing Notice that (a) lists the data categories that will be sent, (b) identifies Google LLC (Gemini API) as the recipient, and (c) asks for your explicit permission (Agree/Cancel). We only send data to the AI provider after you tap Agree. Withdrawal / turning off AI processing: You can withdraw your AI processing permission at any time in Settings (where available). If you withdraw permission, we will not send new inputs to the AI provider and AI analysis features will be unavailable until you grant permission again. What happens if you decline: If you tap Cancel or decline AI processing, we will not send your data to the AI provider and the AI analysis feature will not run. 6) Data Retention We retain personal data only as long as necessary to provide the Service and features you use, maintain your account and logs, comply with legal obligations, prevent fraud and abuse, resolve disputes, and enforce agreements. Retention periods depend on data type (e.g., account data, logs, images, analytics). If you request deletion, we will delete or de-identify data unless retention is required for legal or security reasons. Examples (for clarity): Account data: retained until account deletion, plus limited retention as required for security/legal compliance. Food/menu images & analysis history: retained to provide scan history/personalization (if enabled) until deleted by you or upon account deletion, subject to legal/security retention. Health logs: retained until deleted by you or upon account deletion, subject to legal/security retention. Analytics/diagnostics: typically retained for a limited period to improve reliability and performance. 7) Security Measures We use reasonable technical and organizational safeguards designed to protect your information, including: HTTPS/TLS for network transmission Secure token storage via iOS Keychain (e.g., Flutter Secure Storage) Access controls and least-privilege practices for backend systems We do not use custom encryption algorithms. No method of transmission or storage is 100% secure. 8) International Transfers Your information may be processed in countries other than where you live (e.g., where Google Cloud or other providers operate). We take steps intended to provide appropriate protections consistent with applicable law. 9) Children's Privacy The Service is not intended for children under 13 (or the minimum age required by law in your jurisdiction). If we learn we have collected personal information from a child without appropriate consent, we will delete it. The AI-powered analysis features are not intended for users under 18. We do not knowingly allow users under 18 to use AI analysis features. If we become aware that AI analysis data was submitted by a user under 18, we will take reasonable steps to delete such data and restrict further AI feature access. 10) Legal Bases (Where Applicable) Depending on your location, we process personal data under one or more lawful bases. General (non-special-category) personal data: - Contract necessity (GDPR Art. 6(1)(b)): to provide the Service you request (account, core app functionality, subscriptions/entitlements). - Consent (Art. 6(1)(a)): where required (e.g., ATT/IDFA-based tracking; optional permissions). - Legitimate interests (Art. 6(1)(f)): to secure and improve the Service (e.g., diagnostics, fraud prevention), balanced against your rights. - Legal obligation (Art. 6(1)(c)): where applicable. Special Category (Health) Data (EEA/UK where applicable): Some data we process (e.g., diagnosis category, symptom/reaction logs, severity, onset timing, flare/remission status, and related health notes) may be considered data concerning health and therefore "special category" personal data. Where GDPR/UK GDPR applies, we process health data based on: - An Article 9 condition: primarily your explicit consent (GDPR/UK GDPR Art. 9(2)(a)) for the purposes described in this Privacy Policy (health tracking and personalization; and for AI analysis personalization using limited health context, currently diagnosis category only); and - A corresponding Article 6 lawful basis (typically contract necessity for providing the requested Service, and/or consent where required), as applicable. You may withdraw health-data consent at any time (e.g., via in-app controls where available or by contacting info@gutrace.com). Withdrawal does not affect processing that occurred before withdrawal and may limit or disable health-related features. California "Do Not Sell or Share" Rights (CCPA/CPRA): California residents have the right to direct us not to sell or share their personal information for cross-context behavioral advertising. We do not sell personal information for monetary payment. However, when advertising/attribution SDKs are enabled, certain identifiers and usage signals may be considered "sharing" under California law. You can submit an opt-out request by: - Emailing info@gutrace.com with the subject line: "California Opt-Out Request". We will honor your opt-out request and stop "sale"/"sharing" covered by California law unless you later direct us to do so. Where applicable for online collection, we also honor opt-out preference signals such as Global Privacy Control (GPC). 11) Your Rights Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal information, and to withdraw consent where applicable. To exercise these rights, contact us at info@gutrace.com. 12) Account Deletion You can request account deletion in one of the following ways: Option A — In-app (if available): Go to Settings → Account → Delete Account and follow the prompts. Option B — Email request: Email info@gutrace.com from the email associated with your account with the subject line: "Delete my Gutrace account" What deletion means: We will delete or de-identify your account profile and associated Service data within a reasonable timeframe, except where we must retain certain data for legal, security, fraud prevention, or compliance purposes. Important: Deleting your Gutrace account does not automatically cancel subscriptions purchased through the Apple App Store. You must cancel subscriptions in your Apple account settings. 13) Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will update the "Last Updated" date and may provide additional notice in the app for material changes. Continued use after updates means you accept the revised policy. 14) Contact Us For privacy questions or requests: info@gutrace.com https://gutrace.com/