Privacy Policy

Last updated: February 22, 2026

1. Introduction

Mouth To Gut ("we," "our," or "us") is committed to protecting your privacy and the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health tracking application (the "Service").

We understand that health data is highly sensitive. We have designed our Service with privacy and security as core principles.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password when you register.
  • Health Profile: Date of birth, biological sex, height, weight, and other baseline health information you choose to provide.
  • Health Entries: Food logs, symptoms, medications, supplements, vital readings, exercise, sleep, mood, and other health data you track.
  • Medical Documents: Lab results, doctor visit notes, prescriptions, and other medical documents you upload.
  • Photos: Images of meals, symptoms, or medical documents you choose to upload.
  • Chat Messages: Conversations with our AI health assistant.
  • Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store full card numbers).

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, and device identifiers.
  • Usage Data: Pages visited, features used, and interaction patterns.
  • IP Address: Used for security, fraud prevention, and approximate location.
  • Timezone: Automatically detected to display times correctly.
  • Analytics Data: We use Google Analytics 4 (GA4) to collect anonymized usage statistics including page views, session duration, and feature engagement. Google may set cookies on your device to facilitate this tracking. Google's use of this data is governed by the Google Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

2.3 Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Google Analytics cookies (e.g., _ga, _ga_*) to understand how visitors use our site. These are optional.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Generate personalized health insights and recommendations using AI
  • Identify patterns and correlations in your health data
  • Process your subscription payments
  • Send you important service updates and notifications
  • Send weekly health summaries (if you opt in)
  • Respond to your questions and support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. AI Processing of Your Health Data

Our Service uses artificial intelligence to analyze your health data and provide insights. We use Anthropic's Claude for health analysis and recommendations, and OpenAI's Whisper for transcribing audio recordings of doctor visits. Here's what you should know:

  • Data De-identification: Before sending data to our AI provider, we remove personally identifying information such as your name and healthcare provider names, and convert dates to relative timeframes (e.g., "3 days ago" instead of specific dates). Your health data content (symptoms, foods, vitals) is sent to generate insights but is not linked to your identity in the AI provider's system.
  • Audio Transcription: When you record a doctor visit, the audio is sent to OpenAI's Whisper API for transcription. Audio data is processed and not retained by OpenAI after transcription is complete.
  • No Training on Your Data: Neither Anthropic nor OpenAI use your data to train their AI models. Your data is processed and then discarded by these providers.
  • Secure Transmission: All data sent to AI providers is encrypted in transit.
  • Purpose Limitation: AI processing is used solely to provide you with health insights, not for advertising or profiling.

5. How We Share Your Information

We do not sell your personal information. We may share your information only in these limited circumstances:

5.1 Service Providers

  • Anthropic: AI processing for health insights (de-identified data only; see Section 4)
  • OpenAI: Audio transcription of doctor visit recordings via the Whisper API (see Section 4)
  • Stripe: Payment processing
  • Railway/Vercel: Cloud hosting and database services

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5.3 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when you choose to export a health summary for your doctor.

6. Data Security

We implement industry-standard security measures to protect your health data:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest.
  • Access Controls: Strict access controls limit who can access your data.
  • Audit Logging: We maintain logs of access to health data for security and compliance purposes.
  • Session Security: Sessions expire after 30 days and are refreshed automatically with activity.
  • Password Security: Passwords are hashed using bcrypt; we never store plaintext passwords.
  • Rate Limiting: API rate limits protect against brute force attacks.

7. Data Retention

We retain your data as follows:

  • Active Accounts: Your data is retained as long as your account is active.
  • Deleted Accounts: Upon account deletion, your personal data is deleted within 90 days, except where retention is required by law.
  • Audit Logs: Security audit logs are retained for 2 years for compliance purposes.
  • Aggregated Data: We may retain de-identified, aggregated statistical data (e.g., average number of entries per user) for service improvement purposes.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data.
  • Export: Export your health data in a portable format.
  • Opt-Out: Opt out of marketing communications at any time.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise these rights, contact us at privacy@mouthtogut.com.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in compliance with applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Email: privacy@mouthtogut.com

See also our Terms of Service and Medical Disclaimer.