Privacy Policy

Operated by Soban Studios LLC · Effective April 15, 2026

Overview

Bellyweather is a meal tracking and gut health app that helps you understand how food affects how you feel. This privacy policy explains what data we collect, why, how we use it, and your rights.

Data We Collect

Account Information

• Name
• Email address (via sign-in provider)
• Timezone
• Account creation date

Health and Wellness Data

This is considered “special category” data under GDPR and requires your explicit consent.

• Health profile: Motivations (e.g., “reduce bloating”), symptom history, symptom frequency ratings, dietary preferences (e.g., gluten-free, vegan), allergen avoidances, and health aspects (e.g., low FODMAP, anti-inflammatory)
• Meal logs: Meal type, time, text descriptions, voice transcripts, detected ingredients with portions and preparation methods
• Meal photos: Images of meals you photograph within the app
• Check-in data: Self-reported scores for stomach comfort, energy, bloating, mood, and mental clarity, plus discrete symptoms (e.g., headache, nausea, brain fog)
• Daily scores: Algorithmically calculated pulse scores and daily health summaries derived from your check-in data
• Personal ingredient profiles: Algorithmically derived correlations between specific ingredients and your reported symptoms over time

Chat Data (Ask Belli)

• Conversation history (your messages and AI responses)
• Photos shared in chat (food, menus, product labels)
• AI-generated assessments, menu analyses, and product analyses

Device and Usage Data

• Device model and app version
• App usage events (e.g., app opened, features used, errors encountered)
• Crash reports
• Push notification tokens

Data We Do NOT Collect

• Location or GPS data
• Biometric data (heart rate, sleep, etc.)
• Contacts, calendar, or other device data
• Raw audio recordings (voice input is transcribed on your device and only the text is stored)

How We Use Your Data

• Personalized insights: We analyze your meals and check-ins to identify patterns between what you eat and how you feel.
• AI-powered features: Meal photos, text descriptions, and your health profile are sent to AI services to detect ingredients, generate health insights, and provide chat responses.
• Notifications: We use your meal schedule and timezone to send check-in reminders.
• Product improvement: We use anonymized usage data and crash reports to improve the app.

We do not sell your personal data, including your health and wellness data. We do not share your health data for advertising or marketing purposes. We may de-identify or aggregate data for product improvement and research purposes, but de-identified data cannot be used to identify you.

Third-Party Services

We use third-party service providers to operate and improve the App. These include:

• Cloud infrastructure and data storage — for authentication, database, file storage, push notifications, and crash reporting
• AI services — for ingredient detection, health insights, chat responses, and menu/product analysis. Meal descriptions, photos, health profile data, and conversation history may be sent to AI providers for processing.
• Analytics — for understanding app usage and improving the product. Usage events, device info, and aggregated profile preferences may be shared.
• Subscription management — for processing payments and managing subscription status
• Voice transcription — our default transcription runs entirely on your device with no data sent to any server. An optional fallback uses Apple’s speech recognition, which sends audio to Apple’s servers for transcription only.

Soban Studios LLC acts as the data controller for your personal data. Our third-party service providers act as data processors and are bound by data processing agreements compliant with GDPR Article 28. We do not permit service providers to use your data for their own purposes.

Data Storage and Security

• Your data is stored on cloud servers in the United States.
• Meal and chat photos are stored in cloud file storage.
• Data is encrypted in transit (TLS) and at rest.
• Security rules enforce user-level data isolation — you can only access your own data.
• API access is rate-limited to prevent abuse.

Data Retention

• We retain your data for as long as your account is active.
• When you delete your account, your data is retained for up to 30 days to allow reactivation. After 30 days, all your data is permanently and irreversibly deleted, including your profile, meal logs, check-ins, insights, chat conversations, and photos.
• Local cache data on your device is automatically pruned after 7 days and excluded from iCloud backup.

Your Rights

All Users

• Access: You can request a copy of your data at any time.
• Deletion: You can delete your account and all associated data from within the app.
• Withdraw consent: You can withdraw your consent to health data processing at any time. This will require deleting your account, as the app cannot function without processing health data.

EU/EEA Users (GDPR)

In addition to the above:

• Legal basis: We process your health and wellness data based on your explicit consent as the lawful basis under Article 6(1)(a) and the exception for special category data under Article 9(2)(a) GDPR. We process account and device data based on legitimate interest (Article 6(1)(f)) for account security and product improvement.
• How we obtain consent: Before you begin logging health data, we present a dedicated consent screen. You must affirmatively agree before any health data is collected. This consent is separate from your acceptance of the Terms of Service.
• Data portability: You can request an export of your data in a machine-readable format.
• Rectification: You can request correction of inaccurate data.
• Restriction: You can request that we restrict processing of your data.
• Complaint: You have the right to lodge a complaint with your local data protection authority.
• Right to object: You have the right to object to processing based on legitimate interest.
• Data transfers: Your data is transferred to the United States. These transfers are protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses, as applicable per service provider.

California Users (CCPA/CPRA)

Categories of personal information we collect: identifiers (name, email), health information (meal logs, symptoms, check-in scores), internet or electronic activity (app usage events, device info), and commercial information (subscription status). This information is collected directly from you through your use of the App.

• You have the right to know what personal information we collect, use, and disclose.
• You have the right to request deletion of your personal information.
• You have the right to request correction of inaccurate personal information.
• You have the right to limit use and disclosure of sensitive personal information. Health data collected by the App is considered sensitive personal information under CPRA.
• You have the right to opt out of the sale of personal information. We do not sell your personal information.
• We will not discriminate against you for exercising your rights.
• We do not respond to Do Not Track signals.

Washington Users (My Health My Data Act)

• You have the right to know what consumer health data we collect and with whom it is shared.
• You have the right to request deletion of your consumer health data.
• You may withdraw your authorization for health data collection at any time.
• We do not sell, as defined under RCW 19.373, your consumer health data. We do not exchange your consumer health data for monetary or other valuable consideration.
• We do not use geofencing technology to identify or track consumers seeking health care services, and we do not collect consumer health data within a geofence around any health care facility.
• Our service providers who process consumer health data are contractually required to maintain confidentiality and are prohibited from using your health data for any purpose other than providing services to us.
• Consumer health data we collect includes: meal logs, health profile, check-in scores, symptom data, personal ingredient profiles, and meal photos.

Medical Disclaimer

Bellyweather is a wellness and food tracking app. It is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or health condition. AI-generated insights, scores, and recommendations are informational only and are not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider with any questions about a medical condition or before making changes to your diet based on information from this app.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify applicable regulatory authorities within 72 hours of becoming aware of the breach (where required by GDPR) and will notify affected users without undue delay. We will provide details of the breach, the data affected, and steps we are taking to mitigate harm.

Children

Bellyweather is not intended for anyone under the age of 16. We do not knowingly collect data from anyone under 16. If we learn that we have collected data from someone under 16, we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through the app or by email, and will seek consent where required by law. Continued use of the app after notification constitutes acceptance of the updated policy.

Contact

For privacy questions, data requests, or to exercise any of your rights:

Email: support@bellyweather.com

Soban Studios LLC