Privacy Policy

Last updated: May 26, 2026

Gavia Health LLC ("Gavia," "we," "us," or "our") operates the Gavia mobile application and the gaviahealth.com website (together, the "Services"). This Privacy Policy explains what we collect, how we use it, who we share it with, and the rights you have over your data.

If anything here is unclear, email us at support@gaviahealth.com. We will rewrite the answer in better English and update this page.

1. What we collect

Account data

• Email address (provided directly, via Apple Sign-In private relay, or via Google Sign-In)
• Display name
• A randomly generated user ID
• Date of consent and consent version
• Birth year (for age verification only — exact date of birth is not collected)

Health data you log

• Symptom tracking (bowel movements, pain levels, fatigue, sleep quality)
• Bowel movement details (Bristol scale consistency, urgency, blood, nighttime, ostomy output)
• Medication information (names, doses, frequency, adherence)
• Nutrition data (meals, hydration, micronutrients)
• Flare history (start dates, end dates, severity, notes)
• Physical activity and weight (synced from Apple HealthKit on iPhone or Google Health Connect on Android, if you grant permission)
• Sleep, energy, brain fog
• Mental health screening responses (PHQ-2 baseline, PHQ-9, GAD-7)
• Mood and stress levels
• Morning and evening check-in responses
• Care team information (provider names, roles, practices, appointment dates)
• Documents you optionally upload (lab results, doctor notes, insurance, custom folders)
• Photos you optionally attach (e.g., for visual symptom logs)

Usage data

• App interaction events (what screens you visit, what features you use) — no PHI attached
• Crash reports via Sentry, with personal health information automatically scrubbed before transmission

Purchase data

• Your subscription status, managed through RevenueCat. We don't see your payment card; Apple does.

2. How we use it

• Health data: stored locally on your device and synced to your secure cloud account for backup and cross-device access. Used to power your dashboard, charts, reports, and reminders.
• AI features (GutGuide, biweekly reports, doctor reports, GI message drafting): a de-identified summary of your relevant health data is sent to our AI provider on demand. Names are replaced with placeholders. Phone numbers are stripped. Email addresses are stripped. The AI provider does not store these summaries.
• Crash reports: used only to fix bugs. PHI is scrubbed before transmission.
• Usage data: used in aggregate to improve the product. Not linked to your identity in any analytics dashboard.
• Purchase data: used to manage your subscription and Pro entitlements. Nothing else.

3. How we store it

• Profile, medications, and care team information: encrypted on your device. On iPhone, via the iOS Keychain (Secure Enclave) with application-specific key prefixes. On Android, via the Android Keystore.
• Tracking data: encrypted at rest in your local SQLite database. Synced over TLS 1.2+ to our cloud backend.
• Cloud database: PostgreSQL with Row Level Security — every query is scoped to your user ID at the row level. You can only read your own data. Gavia engineers cannot read individual user data through any internal dashboard.
• Preferences (appearance mode, notification settings, unit preferences): stored locally in standard device storage, not encrypted (contains no health information).
• In transit: all network traffic is encrypted with TLS 1.2 or higher.
• Backups: database backups are encrypted at rest with AES-256.

4. Who we share with

We use a small number of sub-processors, each scoped narrowly to a single purpose:

• Anthropic (AI provider): Receives de-identified, aggregated health summaries only. This includes computed averages, percentages, trend directions, and statistical distributions. Individual tracking entries, raw timestamps, personal notes, and medication names are not transmitted to AI providers. Medication names are replaced with drug class identifiers (e.g., "biologic" instead of the specific drug name) before any AI processing. AI-generated responses are not stored by Anthropic.
• Apple, Inc.: Apple Sign-In, in-app purchases, push notifications (APNs), and HealthKit integration on iPhone.
• Google LLC: Google Sign-In, in-app purchases, push notifications (FCM), and Health Connect integration on Android.
• Functional Software, Inc. (Sentry): Crash reporting and error monitoring. Receives device type, OS version, and app version only. All personal health information is scrubbed before transmission.
• RevenueCat (subscription management): Receives purchase and subscription state only. No health data.

Health data imported from Apple HealthKit or Google Health Connect is used within the Gavia app per the respective platform's guidelines.

We may share de-identified, aggregated health data for research purposes. Any such sharing will never include personally identifiable information. We will update this policy before any such sharing begins.

The Gavia app is currently ad-free. If we ever change our business model in a way that affects how your data is handled, we will notify you in-app at least 30 days in advance and require you to acknowledge the change.

5. Your rights

• Access: view all your data inside the app at any time.
• Export: Export your complete health history at any time as a structured JSON file from Profile, then Data and Privacy, then Export My Data. Available to all users — free and Pro — under GDPR Article 20 (data portability).
• Correction: edit or delete any record from the entry-detail screen.
• Deletion: delete your account and all data from Profile, then Account, then Delete Account. Server-side data is permanently removed within 30 days. You receive an email confirmation when deletion completes.
• Pause: pause your account at any time from Profile settings. Pausing preserves your data and signs you out; you may reactivate at any time.
• Offline-only mode: you can use Gavia without creating a cloud account. Your data stays on your device only.
• Withdraw AI consent: disable AI features from Settings at any time. Past de-identified summaries are not retained by the AI provider.

If you are a resident of California, the EU, the UK, or another jurisdiction with applicable data protection law, you may have additional rights including the right to portability, the right to object to processing, and the right to lodge a complaint with your local data protection authority. Email us to exercise any of these rights.

6. Children

Gavia is not intended for children under the minimum digital consent age in their jurisdiction. The app detects your region and enforces the applicable minimum age automatically — 13 in the United States and United Kingdom, 14 in Spain and Italy, 15 in France, 16 in Germany, the Netherlands, and Ireland, among others. We do not knowingly collect personal information from children below the applicable minimum age.

If you believe a child has provided us with personal information, please contact us immediately at privacy@gaviahealth.com and we will promptly delete all associated data.

7. Mental health data

Gavia includes validated mental health screening tools (PHQ-2, PHQ-9, GAD-7) for self-monitoring purposes. These screening results are stored with the same encryption as all other health data. They are not shared with AI features, third parties, or analytics services.

If screening results indicate distress, Gavia detects your region and displays your local crisis helpline — 988 in the United States, 116 123 (Samaritans) in the United Kingdom, 13 11 14 (Lifeline) in Australia, and 16+ countries supported. The app does not contact anyone on your behalf or transmit your screening results externally.

Screening tools included in Gavia are validated self-monitoring instruments, not clinical diagnostic tools. Screening results do not constitute a diagnosis of any mental health condition. If you are experiencing a mental health crisis, contact your local crisis helpline through the app's crisis resources screen, or in the United States contact 988 by call or text (24/7).

8. Data retention

We retain your data for as long as your account is active. After account deletion, your data is removed from our active systems immediately and from backups within 30 days. Aggregated, fully anonymous usage statistics may be retained indefinitely.

9. International transfers

Our servers are located in the United States. If you use Gavia from outside the United States, your data will be transferred to and processed in the United States. By using the Services, you consent to this transfer.

10. Security incidents

If we discover a security incident that affects your data, we will notify you by email within 72 hours of confirmation. We will tell you what happened, what data was affected, what we have done in response, and what you can do to protect yourself.

11. Changes to this policy

We may update this Privacy Policy. Material changes — anything that expands what we collect, how we use it, or who we share with — will be announced inside the app at least 30 days before they take effect, and you will be asked to acknowledge the change. Non-material wording fixes will be quietly published with the updated date at the top of this page.

12. Contact

Gavia Health LLC
United States
support@gaviahealth.com