Settled

Settled — Privacy Policy

Last Updated: April 2, 2026

Settled Health ("Settled Health," "we," "us," or "our") operates the Settled mobile application ("App"). This Privacy Policy explains how we collect, use, store, and protect your personal information.

1. Information We Collect

1.1 Account Information

• Apple User ID (a unique identifier provided by Apple)
• Email address (optional — Apple may provide a private relay address)

1.2 Health and Wellness Data

• Food logs and meal data
• FODMAP calculations and tolerance profiles
• Symptom entries (type, severity, timing)
• Wellness data (stress level, sleep quality, exercise, menstrual phase)
• IBS-SSS symptom severity scores
• Eating habits screening (SCOFF) responses and scores
• Reintroduction challenge progress and results

1.3 Product Data

• Barcode scan results
• Ingredient analysis results
• Product name edits

1.4 Device and Usage Information

• Device type and operating system version
• App version
• General usage patterns (features accessed, not content of entries)
• Crash reports and error logs (via Sentry — includes device type, OS version, app version, and crash stack traces; no health data, food logs, or personal information is sent to Sentry)

1.5 Notifications

• If you enable symptom check-in reminders, the App schedules local notifications on your device based on when you log meals. These notifications are processed entirely on-device and are not sent to our servers.

We do NOT collect:

• Location data
• Contact lists
• Photos (OCR scanning is processed on-device; images are not uploaded)
• Browsing history
• Data from other apps

2. How We Use Your Information

We use your information solely to:

• Provide and operate the App's features
• Calculate FODMAP loads and display traffic light ratings
• Generate symptom correlations and insights
• Track your diet phase progress
• Manage your subscription
• Respond to support requests
• Improve the App's functionality (using aggregated, de-identified data only)

We do NOT use your health data for:

• Advertising or marketing
• Selling to third parties
• Data mining or profiling
• Training AI models on individual user data

3. How We Store and Protect Your Information

• All data is transmitted via HTTPS (encrypted in transit)
• Authentication tokens are stored as cryptographic digests, not plain text
• Your data is stored on secure servers managed by our hosting provider
• We do not store health data in Apple iCloud
• Access to production databases is restricted to authorized personnel

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

• Service providers: Hosting infrastructure providers who process data on our behalf under contractual data protection obligations
• Sentry (sentry.io): For crash reporting and error tracking. Receives device type, OS version, app version, and error stack traces. Does not receive health data, food logs, or personal information.
• Open Food Facts: For barcode product lookup. Only the barcode number is sent; no user identity or personal data is transmitted.
• Legal requirements: When required by law, court order, or government regulation
• Safety: To protect the safety of users or the public in urgent circumstances
• Aggregate data: We may share de-identified, aggregated statistical data that cannot identify any individual user

5. Your Rights

5.1 Access and Export

You may request a copy of your personal data by contacting us at support@settledhealth.app.

5.2 Deletion

You may delete your account and all associated data at any time through the App's settings. Data will be permanently deleted within 30 days, except where retention is required by law.

5.3 Correction

You may update or correct your personal information through the App at any time.

5.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Request correction of inaccurate personal information
• Limit the use and disclosure of sensitive personal information
• Opt out of the sale of personal information
• Non-discrimination for exercising your privacy rights

We do not sell or share your personal information as defined by the CCPA.

We will verify your identity before processing any privacy rights request, using information associated with your account.

To exercise these rights, contact us at support@settledhealth.app.

5.5 European Residents (GDPR)

If you are a resident of the EU/EEA/UK, you have additional rights including:

• Right to access, rectification, and erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Our lawful basis for processing health data is your explicit consent, which you provide when creating an account and using health tracking features.

5.6 Washington Residents (My Health My Data Act)

If you are a Washington resident, you should be aware that we collect consumer health data, including symptom entries, wellness data (stress, sleep, exercise, menstrual phase), SCOFF eating habits screening responses, and IBS-SSS symptom severity scores.

This collection is based on your consent, which you provide when using the App's health tracking features. You have the right to:

• Withdraw your consent to the collection and use of your health data at any time
• Request deletion of your health data

We do not sell or share your health data.

To exercise these rights, contact us at support@settledhealth.app.

5.7 FTC Health Breach Notification

In the event of a breach of your health information, we will notify you within 60 days in accordance with the FTC Health Breach Notification Rule. Notification will be sent via email and in-app notification.

6. Data Retention

• Health data (food logs, symptoms, wellness entries, screening scores): Retained while your account is active. Deleted within 30 days of account deletion.
• Subscription records: Billing-related records may be retained for up to 7 years for tax and legal compliance.
• Crash reports (Sentry): Retained for 30 days.
• Feedback submissions: Retained for up to 2 years.

7. Children's Privacy

The App is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

8. Third-Party Services

The App uses the following third-party services:

• Apple App Store: For subscription billing and management
• Open Food Facts: For barcode product lookup. Only the barcode number is sent; no user identity or personal data is transmitted.
• Sentry (sentry.io): For crash reporting and error tracking. Receives device type, OS version, app version, and error stack traces. Does not receive health data, food logs, or personal information.

We do not use third-party analytics, advertising, or tracking services.

9. Cookies and Tracking

The App does not use cookies, web beacons, or tracking pixels. We do not track you across other apps or websites.

We honor Do Not Track browser signals. Since our App does not track users across other apps or websites, no change in behavior is necessary.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Your continued use of the App after changes take effect constitutes acceptance.

11. Settled Health Is Not a HIPAA-Covered Entity

Settled Health is not a healthcare provider, health plan, or healthcare clearinghouse. Your data is protected under this Privacy Policy and applicable consumer privacy laws, not under HIPAA.

12. Contact

For privacy questions, data requests, or concerns:

Settled Health

Sacramento, CA

support@settledhealth.app