Real privacy,
not promises.
Introduction
MyLoo (“we”, “us”, “our”) operates the MyLoo mobile application, a personal digestive-health tracker. This Privacy Policy explains what data we collect, how we use it, and how we protect it. MyLoo handles sensitive health data and we treat it accordingly.
What we collect
- Account data: email address and authentication credentials (or Apple ID via Sign in with Apple).
- Entry data: Bristol type, color, symptoms, optional notes, timestamp.
- AI vision fields (only when you take a photo): volume, texture, moisture, color uniformity, undigested particles. These are derived from the photo, not the photo itself.
- Onboarding selections: tracking reasons (Curious / Medical mode) for personalisation.
- Device data: push notification token (only if you enable reminders).
- Subscription state: entitlement (free / premium), managed via RevenueCat.
Photos: device only
Photos are stored exclusively in the app sandbox at App/Documents/photos/ on your own device and are never uploaded to our servers. iOS and Android encrypt the app sandbox automatically with your device passcode. You can delete all photos at any time in Settings.
AI classification: pass-through, not stored
When you classify a photo, it is sent once to Anthropic (Claude AI Vision, US servers)for analysis. The AI extracts the Bristol type, color, and the five vision fields listed above. According to Anthropic's published policy, the photo is not retained and not used for AI training. We do not store the photo server-side either, only the extracted fields land in your account.
Account data in the EU
All entry data is encrypted on Supabase servers in the European Union (eu-central-1, Frankfurt). Row-Level-Security ensures only your account can access your entries. We use TLS/SSL in transit and AES-256 at rest.
Health data (GDPR Art. 9)
Stool tracking is special-category personal data(“data concerning health”) under GDPR Art. 9. We process it on the legal basis of your explicit consent, which you give during onboarding. You can withdraw consent any time by deleting your account in Settings.
Third parties
- Supabase, database, authentication, storage (EU/Frankfurt).
- Anthropic (Claude AI), one-time image analysis. No storage, no AI training.
- RevenueCat, subscription state for App-Store-mediated purchases.
- Apple Push Notification Service / Firebase Cloud Messaging, push notifications (token-based, no content).
- Apple (Sign in with Apple), authentication only, when you choose this method.
- Vercel, hosts myloo.org including the influencer click logger (7-day-TTL hashed IP, no raw IP stored).
We do not sell, rent, or share your personal data with advertisers, data brokers, or any third party not listed above.
Your rights (GDPR)
- Access your personal data
- Correct inaccurate data
- Delete your account and all data (in-app: Settings → Account → Delete account)
- Export your data (the Doctor PDF report covers entries)
- Withdraw consent any time
Contact: support@myloo.org
Data retention
Data is kept while your account is active. On account deletion, all personal data is irreversibly removed within 30 days, account, entries, photo path references, push tokens.
Children's privacy
MyLoo is not intended for children under 16. We do not knowingly collect data from children under 16.
Not a medical device
MyLoo is a tracking and educational tool, not a medical device. Tips, scores, and AI classifications are general gut-health guidance, not individual medical advice or diagnosis. For persistent symptoms or uncertainty, please consult a healthcare professional.
Changes
We may update this Privacy Policy. Significant changes will be communicated via in-app notification or email. The “Last updated” date above reflects the current version.
Contact
Questions about this Privacy Policy: support@myloo.org