Privacy Policy

Kefir — Gut Health TrackerLast updated: April 14, 2026

1. Introduction

Kefir ("we", "our", "the app") is a gut health tracking application developed and operated by an independent developer. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Kefir mobile app on Android (Google Play) and iOS (Apple App Store).

By using Kefir, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.

2. Data Controller

The data controller responsible for your personal data is:

John Signer

Independent Developer

Switzerland

Contact: johnsig76@gmail.com

3. Legal Basis (GDPR)

We process your data on the following legal bases under the General Data Protection Regulation (EU) 2016/679:

  • Contractual necessity (Art. 6(1)(b)): to provide the core features of the app (meal logging, scoring, tracking).
  • Legitimate interest (Art. 6(1)(f)): to improve app stability and user experience through anonymous analytics.
  • Consent (Art. 6(1)(a)): for optional features such as photo uploads and personalized AI recommendations. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): where required by applicable law.

As Kefir processes health-related data (dietary habits, gut health scores), this constitutes special category data under Art. 9 GDPR. We process this data solely based on your explicit consent, which you provide when creating your profile during onboarding.

4. Data We Collect

4.1 Data you provide directly

  • Onboarding preferences: your goal, diet type, gut health concerns, and biological sex (used solely to calculate your daily water intake goal).
  • Meal logs: meal name, serving size, and optionally a photo of your meal.
  • Water intake logs: amount of water consumed per day.
  • Custom recipes: recipe name, ingredients, instructions, and optional photos.

4.2 Data generated automatically

  • Anonymous user ID: a randomly generated UUID created on first launch via Supabase anonymous authentication. This ID is not linked to your name, email, or any other identifying information.
  • Health scores: AI-generated scores (Microbiome Support, Digestibility, Anti-Inflammatory, Fiber) derived from your meal logs.
  • Usage streaks and timestamps: dates of meal logs used to calculate consistency streaks.

4.3 Data collected by third-party services

  • RevenueCat: processes subscription and payment data (purchase history, subscription status) for purchases made through Google Play and the Apple App Store. RevenueCat does not share your payment card details with us.
  • PostHog: collects anonymized event analytics (e.g., "meal logged", "paywall viewed") to help us understand app usage. No personally identifiable information is sent to PostHog.
  • Google Gemini API: meal names, serving sizes, and optionally meal photos are sent to Google's Gemini API for nutritional analysis. Google processes this data subject to their own privacy policy.
  • Supabase: stores your meal logs, scores, preferences, and anonymous user ID on secure cloud servers located in the European Union.

5. Photos and Health Data

When you choose to upload a photo of a meal:

  • The photo is transmitted to Google's Gemini API solely for the purpose of identifying the food and estimating nutritional content.
  • The photo may be stored in Supabase Storage associated with your anonymous user ID.
  • We do not use your photos for any purpose other than meal analysis.
  • You may delete any photo at any time from within the app.

Health-related data (gut health scores, dietary preferences, fiber intake) is considered sensitive personal data under GDPR. This data is stored securely and never sold, shared, or used for advertising purposes.

6. How We Use Your Data

We use your data exclusively to:

  • Provide and personalize the core features of the app (meal scoring, dashboard, progress tracking).
  • Calculate your daily gut health score and hydration tracking.
  • Generate AI-powered nutritional insights via Google Gemini.
  • Process and manage your subscription via RevenueCat.
  • Improve app stability and performance via anonymized analytics (PostHog).
  • Respond to support requests if you contact us directly.

We do not:

  • Sell your data to third parties.
  • Use your data for advertising or profiling.
  • Share your data with any party other than those listed in Section 4.3 above.

7. Data Retention

Data typeRetention period
Meal logs and scoresUntil you delete them or request account deletion
Onboarding preferencesUntil account deletion
Anonymous user IDUntil account deletion
PhotosUntil you delete them or request account deletion
Analytics events (PostHog)12 months, anonymized
Subscription data (RevenueCat)As required by applicable financial regulations

8. Data Storage and Security

  • Your data is stored on Supabase servers located in the European Union, ensuring compliance with GDPR data residency requirements.
  • All data transmitted between the app and our servers is encrypted using TLS 1.2 or higher.
  • Access to your data is restricted to your anonymous user ID — no employee or third party can access your personal health data.
  • We implement row-level security (RLS) policies on all Supabase tables to ensure users can only access their own data.

9. Your Rights Under GDPR

As a resident of the European Union (or where applicable law grants equivalent rights), you have the following rights:

  • Right of access (Art. 15): request a copy of all data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate data.
  • Right to erasure (Art. 17): request deletion of all your data ("right to be forgotten").
  • Right to restriction (Art. 18): request that we limit processing of your data.
  • Right to data portability (Art. 20): receive your data in a machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)): withdraw consent for health data processing at any time.

To exercise any of these rights, contact us at: johnsig76@gmail.com

We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with your local data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch

10. Children's Privacy

Kefir is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

11. Third-Party Services

The following third-party services are integrated into Kefir. Each operates under its own privacy policy:

ServicePurposePrivacy Policy
SupabaseDatabase and authenticationsupabase.com/privacy
Google Gemini APIAI meal analysispolicies.google.com/privacy
RevenueCatSubscription managementrevenuecat.com/privacy
PostHogAnonymous analyticsposthog.com/privacy

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For material changes, we will notify you through the app. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or to exercise your rights:

Email: johnsig76@gmail.com

Address: Lausanne, Switzerland

See also: Terms and Conditions — Kefir