Legal

Privacy Policy

Effective date: March 27, 2026

This Privacy Policy explains how Tummer collects, uses, stores, and shares information when you use the service. Tummer is designed to help users track digestive-health-related patterns, meals, symptoms, and community activity. By using Tummer, you agree to the practices described in this Policy.

Information We Collect

  • Account and profile information, such as your email address, password credentials handled by Supabase Auth, first and last name, username, avatar, selected condition, gender, and stated reason for using the app.
  • Health and wellness information you choose to log, including meals, meal items, food reactions, symptoms, bowel entries, daily log details, medication changes, hydration, sleep, energy, stress, weight, flare data, notes, and related timestamps.
  • Community content you choose to share, such as posts, comments, likes, and condition tags associated with community activity.
  • Basic technical and service information needed to operate the app, such as authentication session data, database record metadata, and storage references for uploaded profile images.

How We Use Information

  • Provide the core Tummer experience, including account access, profile management, symptom and meal tracking, and community features.
  • Personalize the app based on the information you enter, such as your selected condition and logged trends.
  • Maintain account security, support password resets, troubleshoot errors, and keep the product functioning.
  • Improve features, safety, and reliability. If we use information for analytics, product improvement, or research, we will aim to use aggregated or de-identified data where reasonably possible.

When Information May Be Shared

  • With service providers that help us operate the app, such as hosting, authentication, database, and storage vendors, subject to contractual or operational controls.
  • With other users when you intentionally post in community spaces. Your username, avatar, posts, comments, and related engagement may be visible to other users.
  • If required by law, regulation, legal process, or to protect rights, safety, security, or the integrity of the service.
  • As part of a business transfer such as a merger, acquisition, financing, or sale of assets, subject to applicable law.

Health Information and HIPAA

  • Tummer is a consumer health-tracking product. Based on the product flow currently implemented, Tummer appears to collect health-related information directly from users rather than on behalf of a hospital, health plan, or other HIPAA covered entity.
  • HIPAA generally applies to covered entities and their business associates. If Tummer is not acting as a covered entity or business associate for a covered entity, HIPAA may not apply to all data processed in the app even though the information may be sensitive health information.
  • Even where HIPAA does not apply, we treat health-related information as sensitive and aim to protect it with reasonable administrative, technical, and organizational safeguards.
  • If Tummer later provides services to a HIPAA covered entity or receives protected health information on behalf of one, additional HIPAA obligations, including a business associate agreement where required, may apply.

Security

  • We use reasonable safeguards designed to protect personal and health-related information from unauthorized access, loss, misuse, or disclosure.
  • No method of storage or transmission is completely secure, so we cannot guarantee absolute security.
  • You are responsible for maintaining the confidentiality of your login credentials and for notifying us if you believe your account has been compromised.

Security Incidents

  • If we become aware of a breach involving personal or health-related information, we will investigate, mitigate, and provide any notices required by applicable law.
  • Depending on the nature of the service and the data involved, this may include obligations under consumer privacy, breach-notification, or health-data laws that can apply even when HIPAA does not.

Data Retention

  • We retain information for as long as needed to provide the service, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements.
  • Community content and health logs may remain in backups or archival systems for a limited period after deletion requests, where reasonably necessary for security, continuity, or legal compliance.

Your Choices and Rights

  • You may update certain profile information within the app.
  • You may request password resets and may be able to request account-related changes by contacting us.
  • Depending on where you live, you may have rights to access, correct, delete, or receive a copy of personal information, or to appeal a privacy decision, subject to applicable law and exceptions.

Children

  • Tummer is not intended for children under 13, and we do not knowingly collect personal information from children under 13 without appropriate authorization.
  • If you believe a child has provided personal information to us, contact us so we can review and take appropriate action.

Changes to This Policy

  • We may update this Privacy Policy from time to time. If we make material changes, we may update the effective date and provide additional notice where appropriate.
Because privacy and health-data rules can depend on how a product is offered, this Policy should be reviewed by qualified counsel before production launch, especially if Tummer will be marketed to providers, plans, or other HIPAA-regulated organizations.

Contact

Questions about this Privacy Policy can be sent to martinganen10@gmail.com.

You can also review our Terms of Service.

TummerBuilt for real daily tracking

A calmer place to log meals, symptoms, and health patterns so small daily entries can turn into useful insight over time.

Begin TrackingGet Support

Creator

Made by a Crohn's patient with a focus on making health tracking feel more supportive and less overwhelming.

Made by a Crohn's patient.

© Tummer 2026