Privacy Policy

This Privacy Policy applies to information we collect through:

• the Ibis Labs mobile application;
• our website and landing pages;
• your communications with us;
• integrations or permissions you choose to enable, including Apple Health where available; and
• other interactions with our Services.

This Privacy Policy does not apply to third-party websites, apps, services, or products that are not owned or controlled by Ibis Labs.

Ibis Labs is offered as a consumer wellness and informational service. Unless we expressly state otherwise in a separate written notice or agreement, this Privacy Policy is not a HIPAA Notice of Privacy Practices, and the Services are not offered as a covered healthcare provider, health plan, or healthcare clearinghouse service.

A. Information You Provide Directly

We may collect information you provide to us, such as:

• name, email address, login credentials, and account details;
• age range or date of birth, if provided;
• symptom logs and digestive health information;
• bowel movement entries, stool-related logs, urgency, pain, bloating, and similar wellness inputs;
• food, meal, ingredient, hydration, and nutrition entries;
• stress, mood, sleep, lifestyle, menstrual or cycle-related entries, if you choose to provide them;
• journal notes, free-text entries, responses to assessments, and preferences;
• customer support messages, survey responses, and feedback;
• any other information you choose to submit through the Services.

B. Information Collected Automatically

When you use the Services, we may automatically collect:

• device identifiers and app instance identifiers;
• device type, operating system, app version, language, and time zone;
• log data, crash data, diagnostics, and performance information;
• feature usage, session activity, screen views, and interaction data;
• approximate geolocation derived from IP address;
• referral data, campaign data, or install attribution data where enabled.

C. Information From Apple Health or Other Device Integrations

If you choose to connect Apple Health or another supported platform, we may receive the categories of data you explicitly authorize, such as:

• activity or movement data;
• sleep-related data;
• heart rate or related wellness metrics;
• other health or fitness data you choose to share.

You control these permissions through your device and app settings. You may revoke access at any time.

D. Information From Third Parties

We may receive limited information from service providers and third parties such as:

• authentication providers;
• app analytics and crash-reporting providers;
• customer support tools;
• subscription and payment platforms;
• marketing attribution providers; and
• anti-fraud and security vendors.

We may use information we collect to:

• create and manage your account;
• provide, operate, maintain, and secure the Services;
• enable symptom tracking, personalized wellness features, insights, and recommendations;
• synchronize and display data you choose to connect through authorized integrations;
• improve the quality, usability, safety, and reliability of the Services;
• troubleshoot bugs, monitor performance, and prevent misuse or fraud;
• communicate with you about your account, updates, support issues, or service notices;
• send onboarding, transactional, and service-related communications;
• send marketing communications where permitted by law and where you have not opted out;
• comply with legal obligations, enforce our agreements, and protect our rights;
• create de-identified and aggregated analytics for internal product improvement, reporting, forecasting, and business operations; and
• evaluate overall product usage trends and feature demand in a way that does not identify you personally.

We treat digestive, symptom, food, stress, sleep, cycle, and similar wellness information with heightened care.

We use health and wellness information to:

• provide tracking, logging, insights, and personalization features;
• improve the operation and accuracy of our wellness features;
• support customer service and technical troubleshooting where needed;
• maintain service safety, reliability, and fraud prevention; and
• comply with legal obligations.

We do not use HealthKit data, and we do not permit third parties to use HealthKit data, for advertising, marketing, or use-based data mining purposes.

We do not sell HealthKit data.

As a general product policy, we also do not use your health or symptom data for targeted advertising or behavioral ad profiling.

A. Service Providers

We may share information with vendors that help us operate the Services, such as providers of:

• cloud hosting and infrastructure;
• data storage and databases;
• authentication;
• customer support;
• analytics and diagnostics;
• email, SMS, or notification delivery;
• subscription management and payment support;
• security, fraud prevention, and compliance tools.

These providers are permitted to access information only as needed to perform services for us and subject to appropriate contractual restrictions.

B. Legal and Safety Reasons

We may disclose information where we believe disclosure is necessary to:

• comply with applicable law, regulation, legal process, or governmental request;
• enforce our Terms or other agreements;
• protect the rights, safety, or property of Ibis Labs, our users, or others;
• detect, investigate, or prevent fraud, security incidents, or illegal activity.

C. Corporate Transactions

We may disclose information in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar corporate transaction.

D. With Your Direction or Consent

We may disclose information to other parties where you direct us to do so or where you otherwise consent.

We do not:

• sell your HealthKit data;
• use HealthKit data for advertising, marketing, or use-based data mining;
• knowingly disclose health or symptom data to data brokers;
• knowingly use your health or symptom data to build targeted advertising audiences.

We retain information for as long as reasonably necessary to:

• provide the Services;
• maintain your account;
• comply with legal, tax, accounting, security, and enforcement obligations;
• resolve disputes; and
• enforce our agreements.

Retention periods vary depending on the category of information and the reason we collected it. When information is no longer reasonably necessary, we will delete it, de-identify it, or securely archive it as appropriate.

If you delete your account, we will delete or de-identify your personal information unless we are legally required or permitted to retain certain information.

Depending on your location and applicable law, you may have rights regarding your personal information, such as the right to:

• access certain personal information we hold about you;
• correct or update certain account information;
• request deletion of your personal information;
• withdraw consent where processing is based on consent;
• opt out of marketing emails by using the unsubscribe link;
• manage push notifications through your device settings;
• revoke Apple Health or similar integration permissions in your device settings.

You may also request account deletion by using the in-app deletion feature, where available, or by contacting us at support@ibislabs.io.

We may need to verify your identity before processing certain requests.

If you create an account through the Services, you may initiate deletion of your account from within the app or by contacting us at support@ibislabs.io. Some information may be retained where required or permitted by law, such as information needed for security, fraud prevention, compliance, dispute resolution, or financial recordkeeping.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your credentials and for using the Services in a secure manner.

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18 without appropriate authorization. If you believe a child has provided us personal information, contact us at support@ibislabs.io, and we will take appropriate steps.

Ibis Labs is operated from the United States. If you use the Services from another jurisdiction, you understand that your information may be transferred to, stored in, and processed in jurisdictions that may have different data protection laws than your own.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and, where appropriate, provide additional notice within the Services or by other means.

Your continued use of the Services after an updated Privacy Policy becomes effective means that the updated version applies going forward.

If you have questions or requests regarding this Privacy Policy, contact us at: