Privacy Policy for Bariatrack

Effective Date: February 17, 2026 | Last Updated: February 17, 2026

1. Introduction

SpiritWise Studios (“we,” “us,” or “our”) operates the Bariatrack mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Bariatrack is a health and wellness application designed to help users track their recovery following bariatric surgery. Due to the sensitive nature of health data, we take your privacy very seriously.

By using Bariatrack, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Health & Recovery Information You Provide

To support your recovery journey, the App collects the following health-related data that you enter:

• Surgery Information: Surgery date and surgery type (e.g., Gastric Bypass, Gastric Sleeve, Lap Band, Duodenal Switch)
• Body Measurements: Starting weight, current weight, goal weight, and height
• Fluid Intake: Daily fluid logs including amount, fluid type, and associated protein/calories
• Meal Logs: Meals including food items, portion sizes, calories, protein, carbohydrates, and fat
• Protein Intake: Daily protein consumption tracking
• Supplement Logs: Vitamin and supplement intake records (e.g., multivitamin, calcium, iron, B12, biotin)
• Activity Logs: Exercise type, duration, and calories burned
• Symptom Logs: Symptom type, severity, and notes
• Weight Logs: Weight entries over time with optional notes
• Food Intolerances: Foods that cause adverse reactions, with severity and descriptions

2.2 Personal Information

• Doctor’s Phone Number: Optionally stored for quick access (not shared or transmitted)
• Dietary Goals: Target fluid intake, protein goals, and calorie targets
• Phase Configuration: Custom dietary phase durations for your recovery plan

2.3 Automatically Collected Information

• App Usage Analytics: Local-only usage events (e.g., feature usage counts) — these are never transmitted off your device
• Dietary Phase: Automatically calculated from your surgery date, not manually entered

2.4 Information We Do NOT Collect

• Your name or email address
• Your physical address or location data
• Device contacts, photos, or personal files
• Advertising identifiers or tracking data
• We do not use any third-party analytics services (no Firebase Analytics, no Mixpanel, no similar services)

3. How We Use Your Information

All data you enter is used exclusively to provide app functionality:

• Recovery Tracking: Monitoring your daily fluid, protein, supplement, and exercise progress
• Phase-Based Guidance: Filtering recipes, foods, and fluids appropriate for your current dietary phase
• Goal Monitoring: Tracking progress toward your daily hydration, protein, and calorie targets
• Health Alerts: Local notifications for sipping reminders, supplement schedules, meal buffer timers, and dehydration risk
• Analytics: Local-only trend analysis of your weight, nutrition, and activity — computed entirely on your device
• Data Export: Allowing you to export your data as a JSON file or PDF report for your own records or to share with your healthcare provider

4. Data Storage

4.1 On-Device Storage

Your data is stored locally on your device using the following mechanisms:

• Core Data: All health and recovery data (fluid logs, meals, supplements, activities, symptoms, weight) is stored in a local database on your device
• iOS Keychain: Sensitive items such as encryption keys and iCloud identifiers are stored securely in the iOS Keychain with hardware-backed protection
• UserDefaults: App preferences and settings (notification preferences, display settings, privacy toggles)

4.2 iCloud Sync (Optional)

The App supports iCloud sync via Apple’s CloudKit framework. When enabled, your recovery data is synced to your personal iCloud account so it can be accessed across your Apple devices. Important details:

• iCloud sync is optional and can be disabled at any time in the App’s Privacy Settings
• When enabled, data is synced to your personal iCloud account — we do not operate our own servers and cannot access your iCloud data
• Data is encrypted in transit and at rest by Apple’s CloudKit infrastructure
• You are responsible for maintaining the security of your Apple ID and iCloud account
• Apple’s privacy policy governs how iCloud data is handled: https://www.apple.com/legal/privacy/

4.3 Apple Watch & Widgets

• Apple Watch: Limited data (daily fluid/protein progress, meal buffer status, dietary phase, and goals) is shared with the companion Watch app via Apple’s WatchConnectivity framework. This communication is encrypted and stays between your paired devices.
• Home Screen Widgets: Summary data (hydration progress, protein progress, meal buffer status) is shared with WidgetKit via a shared App Group container on your device. No data leaves your device.

5. Data Security

• Encryption: The App uses AES-256-GCM encryption for sensitive data, with encryption keys stored in the iOS Keychain
• Transport Security: All network requests use HTTPS encryption
• No User Accounts: The App does not have a login system or store passwords — there are no credentials to be compromised
• Local-First Design: Your data is stored on your device first. Cloud sync, when enabled, uses Apple’s secure CloudKit infrastructure

6. Third-Party Services

The App integrates with a limited number of third-party services. We do not use any third-party advertising, analytics, or tracking services.

6.1 Apple HealthKit

With your explicit permission, the App can read and write health data via Apple HealthKit:

• Data Read: Body weight, BMI, body fat percentage, lean body mass, dietary water, dietary protein, calories consumed, carbohydrates, fat, fiber, and sugar
• Data Written: Weight measurements, water intake, and nutrition data (protein, calories, carbohydrates, fat, fiber, sugar)

HealthKit access requires your explicit consent via the iOS permissions dialog. You can revoke access at any time in your device’s Settings > Privacy & Security > Health. HealthKit data is governed by Apple’s privacy policy and is never sent to us or any third party.

6.2 Open Food Facts

The App uses the Open Food Facts API (world.openfoodfacts.org) to look up nutritional information for foods and barcodes:

• Data Sent: Food search terms or barcode numbers, and a generic app user agent identifier (“BariatricRecoveryTracker-iOS/1.0”)
• Data NOT Sent: No personal information, health data, device identifiers, or user-identifiable data
• Data Received: Product names, brands, and nutritional information, which is cached locally on your device

Open Food Facts is a free, open-source food database. Their privacy policy is available at: https://world.openfoodfacts.org/privacy

6.3 Apple App Store (StoreKit)

The App offers optional premium subscriptions (monthly and yearly) processed entirely through Apple’s App Store. We do not collect or store any payment information. All subscription management, billing, and transaction processing is handled by Apple. Apple’s privacy policy applies to these transactions.

7. Camera Usage

The App uses your device’s camera solely for barcode scanning to look up food products. Camera access requires your explicit permission. No images or video are stored, recorded, or transmitted — camera frames are processed in real-time on your device for barcode detection only, and are immediately discarded.

8. Notifications

All notifications sent by the App are local notifications generated on your device. We do not use push notification services or remote servers. Notification types include sipping reminders, walking reminders, supplement schedules, meal buffer alerts, phase advancement notifications, and health alerts. You can configure or disable all notifications within the App’s settings, and you can set quiet hours to prevent notifications during specific times.

9. Data Retention

• Your data is retained on your device for as long as the App is installed
• If iCloud sync is enabled, data persists in your iCloud account according to Apple’s data retention policies
• Uninstalling the App removes all locally stored data
• You can delete all data within the App at any time using the “Delete All Data” feature in Privacy Settings

10. Your Rights and Choices

10.1 Data Control

• Export Your Data: You can export all your recovery data as a JSON file at any time from the App’s Privacy Settings
• Delete Your Data: You can delete all locally stored data from the App’s Privacy Settings
• Disable iCloud Sync: You can turn off cloud syncing at any time in the App’s Privacy Settings
• Disable Analytics: You can disable local analytics tracking in the App’s Privacy Settings
• Revoke HealthKit Access: You can revoke HealthKit permissions at any time via your device’s Settings
• Revoke Camera Access: You can revoke camera permissions at any time via your device’s Settings

10.2 Data Portability

The data export feature provides your complete recovery data in a standard JSON format that can be read by other applications or reviewed by your healthcare provider.

11. Information Sharing and Disclosure

11.1 We Do Not Share Your Data

We do not sell, trade, rent, or otherwise share your personal or health information with any third parties. Your recovery data stays on your device (and in your personal iCloud account if you choose to enable sync).

11.2 No Server Infrastructure

We do not operate backend servers. The App communicates only with Apple services (iCloud, HealthKit, App Store) and Open Food Facts for food lookups. We have no ability to access, view, or retrieve your data.

11.3 Legal Requirements

Because we do not collect or store your data on our servers, we are unable to provide your data in response to legal requests. Your iCloud data, if applicable, is subject to Apple’s legal compliance processes.

12. Children’s Privacy

Bariatrack is designed for adults recovering from bariatric surgery and is not intended for use by children under 13. We do not knowingly collect information from children under 13. If you believe a child has used this App, please contact us and we will take appropriate steps.

13. International Users

If you are accessing the App from outside the United States, please note that if you enable iCloud sync, your data may be transferred to and stored on Apple servers in various locations worldwide in accordance with Apple’s data handling practices. Food lookup requests to Open Food Facts are processed by their servers. By using the App, you consent to such transfers.

14. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information is collected and how it is used. Since we do not sell personal information, do not share data with third parties for marketing, and store all data locally on your device, most CCPA provisions are satisfied by default. You can still contact us with any questions about your data.

15. European Users (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access your data (available via the App’s data export feature)
• Right to correct inaccurate data (editable within the App)
• Right to delete your data (available via the App’s “Delete All Data” feature)
• Right to data portability (available via JSON data export)
• Right to restrict processing (available by disabling analytics and iCloud sync)

The legal basis for processing your data is your explicit consent (provided when you enter data into the App) and the performance of the service you requested.

16. Health Data Disclaimer

Bariatrack is a personal tracking tool and is not a medical device. The App does not provide medical advice, diagnosis, or treatment. Always consult your healthcare provider regarding your bariatric recovery. The data stored in this App should not be considered a substitute for professional medical records.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page and in the App
• Updating the “Last Updated” date at the top of this policy

Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

18. Contact Information

If you have questions about this Privacy Policy, your health data, or our privacy practices, please contact us:

This Privacy Policy is effective as of February 17, 2026 and was last updated on February 17, 2026.

By using Bariatrack, you acknowledge that you have read and understood this Privacy Policy.