1. Overview
IBDriven ("we", "our", "us") is an AI-assisted health companion app for people living with Inflammatory Bowel Disease (IBD), including Crohn's disease and Ulcerative Colitis. This Privacy Policy explains what personal information we collect, how we use it, how we protect it, and your rights in relation to it.
By downloading and using IBDriven, you agree to the practices described in this policy. If you do not agree, please do not use the app.
2. Data we collect
2.1 Information you provide directly
- Account information: Email address and password (used for authentication via Supabase Auth)
- Health profile: Name, age, gender, diagnosis (Crohn's disease / Ulcerative Colitis), disease status, disease location, dietary type, city, country
- Medical information: Medications and dosages, known allergies, doctor's name, bowel movement frequency
- Lifestyle data: Work situation, travel frequency, caregiver status, research participation preference
- Weight logs: Weight entries with date and optional notes
- Medication logs: Medication taken timestamps and notes
- Flare check-ins: Daily symptom scores (pain, fatigue, mood, stool frequency, urgency, appetite, sleep, stress)
- Food baseline: Personal safe, caution and trigger food lists
- AI conversations: Messages you send to Amul (the AI copilot)
- Medical documents: Reports and files uploaded to the Report Interpreter feature
2.2 Information collected automatically
- App usage patterns (which modules you use) โ stored locally via AsyncStorage only
- Device type and operating system (for crash reporting and compatibility)
- We do not use advertising trackers, analytics SDKs or third-party tracking pixels
3. How we use your data
We use the information we collect for the following purposes:
| Purpose | Data used |
|---|---|
| Personalise AI responses (Amul) | Health profile, medications, dietary type, disease status |
| Generate personalised meal plans | Dietary type, liked/disliked foods, disease status, weight logs |
| Generate personalised travel plans | Diagnosis, dietary type, medications, destination |
| Food safety assessments | Disease type, status, personal food profile |
| Flare pattern tracking | Daily check-in scores |
| Medication reminders | Medication names, reminder times |
| Report interpretation | Uploaded medical documents (sent to Anthropic API) |
| Restaurant recommendations | City, dietary type (sent to Google Places API) |
| Account authentication | Email address |
We do not use your data for advertising, profiling for commercial purposes, or sale to third parties.
4. Supabase โ Database & Authentication
IBDriven uses Supabase (Supabase Inc.) as our backend database and authentication provider. Your health profile, medication data, weight logs, flare check-ins, food baseline and medication logs are stored in a Supabase PostgreSQL database.
- Data is stored in Supabase's cloud infrastructure (AWS data centres)
- Access is protected by row-level security (RLS) โ you can only access your own data
- Authentication uses encrypted tokens; passwords are never stored in plain text
- Supabase is SOC 2 Type II compliant
Supabase Privacy Policy: supabase.com/privacy
5. Anthropic AI (Claude)
IBDriven's AI features โ including the Amul copilot, meal plan generation, travel plans, food assessments, reframing tool and report interpretation โ are powered by Anthropic's Claude API.
When you use AI features in IBDriven, the following data is sent to Anthropic's API:
- Your health profile details (diagnosis, status, medications, dietary type)
- Your message or question
- For meal plans: your liked and disliked foods
- For travel plans: your destination and trip duration
- For the Report Interpreter: your uploaded document (converted to base64)
This data is transmitted over encrypted HTTPS connections and is subject to Anthropic's Privacy Policy: anthropic.com/privacy
5.1 Report Interpreter โ important notice
The Report Interpreter feature allows you to upload medical documents (PDF, images) which are sent to the Anthropic API for analysis. Before your first upload, IBDriven displays an in-app disclosure. By proceeding, you consent to this processing. Do not upload documents containing information you are not comfortable sharing with a third-party AI provider.
6. Google Places API
The Restaurant Companion and Travel Companion modules use the Google Places API for location autocomplete functionality. When you type a city or location name:
- The text you type is sent to Google's Places API to generate autocomplete suggestions
- Google may log API requests in accordance with their usage policies
- We do not share your health information with Google
Google Privacy Policy: policies.google.com/privacy
7. Third-party services summary
| Service | Purpose | Data shared | Retention |
|---|---|---|---|
| Supabase | Database & auth | Full health profile, logs | Until you delete your account |
| Anthropic (Claude API) | AI responses | Profile + messages + documents | Zero retention (real-time only) |
| Google Places API | Location autocomplete | Location text input only | Per Google's policy |
We do not use Facebook, Google Analytics, Firebase, Mixpanel, Amplitude, or any other analytics or advertising services.
8. Data security
We take data security seriously and implement appropriate technical and organisational measures:
- All data in transit is encrypted using TLS/HTTPS
- Supabase database uses row-level security (RLS) so users can only access their own records
- Authentication tokens are stored securely using platform-standard secure storage
- API keys are stored as environment variables and never exposed in client code
- We do not log or cache AI conversations beyond what is needed to display them in-session
No system is 100% secure. If you discover a security vulnerability, please contact us at support@ibdrivenai.com before disclosing it publicly.
9. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you
- Right to rectification: Correct inaccurate or incomplete data (you can do this directly in the app's Profile screen)
- Right to erasure: Request deletion of your account and all associated data
- Right to data portability: Request your data in a machine-readable format
- Right to object: Object to processing of your data in certain circumstances
To exercise any of these rights, contact us at support@ibdrivenai.com. We will respond within 30 days.
9.1 Account deletion
You can request deletion of your IBDriven account and all associated data by emailing support@ibdrivenai.com with the subject line "Delete my account". We will process your request within 14 days and confirm deletion by email.
10. Children's privacy
IBDriven is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@ibdrivenai.com and we will delete it promptly.
Users aged 13โ17 should use IBDriven only with parental consent and supervision.
11. Sensitive health data
IBDriven collects and processes sensitive health data including medical diagnoses, medication information and symptom data. This data is classified as special category personal data under GDPR and equivalent regulations.
We process this data on the legal basis of explicit consent โ by creating a profile and entering your health information, you consent to this processing for the purposes described in this policy. You may withdraw consent at any time by deleting your account.
We implement additional safeguards for sensitive health data including enhanced encryption, strict access controls and minimal data collection principles.
12. Report Interpreter โ medical documents
The Report Interpreter feature allows you to photograph or upload medical reports, blood test results and other health documents for AI-assisted explanation. Important notices:
- Documents are converted to base64 format and sent directly to Anthropic's Claude API over an encrypted connection
- Anthropic processes documents with zero data retention โ they are not stored on Anthropic's servers
- IBDriven does not store copies of your uploaded documents
- An in-app consent prompt appears before your first upload explaining this process
- The AI-generated interpretation is for educational purposes only and does not constitute a medical diagnosis
- Always discuss your results with your healthcare provider
13. Data retention
| Data type | Retention period |
|---|---|
| Account & health profile | Until you delete your account |
| Weight logs | Until you delete individual entries or your account |
| Medication logs | Until you delete your account |
| Flare check-ins | Until you delete your account |
| AI conversations | Session only โ not persisted to database |
| Uploaded medical documents | Not stored โ processed in real-time only |
| Food cache (AI results) | Stored in Supabase to reduce API calls; deleted with account |
14. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the app, our practices or legal requirements. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Display an in-app notification for material changes
- Email registered users for changes affecting their rights
Continued use of IBDriven after changes constitutes acceptance of the updated policy.
15. Contact us
If you have questions, concerns or requests regarding this Privacy Policy or your personal data, please contact us:
IBDriven
๐ง Privacy & data: support@ibdrivenai.com
๐ Website: ibdrivenai.com
๐ฌ Response time: We aim to respond within 5 business days
If you are located in the European Economic Area (EEA) and you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.