Sign InComing Soon

Privacy Policy

Last updated: March 2026

1. Introduction

IBDLens ("we", "us", "our") is a personal health tracking application for people living with Inflammatory Bowel Disease. We take the privacy and security of your health data seriously. This policy explains what data we collect, why we collect it, how we store it, and your rights regarding your data.

2. Data We Collect

When you use IBDLens, we collect:

  • Account information: email address, display name, and password (hashed, never stored in plain text).
  • Health data: symptom logs, stool entries, medication records, diet/meal logs, sleep entries, mood/mental health entries, flare tracking data, and lab results. This constitutes "special category data" under GDPR Article 9.
  • Profile information: diagnosis type (Crohn's disease, ulcerative colitis, indeterminate, or not specified).
  • Technical data: browser type, device type, and IP address (collected automatically for security purposes).

3. Why We Collect Your Data

  • To provide the symptom tracking and logging service.
  • To generate clinical PDF reports that you can share with your healthcare team.
  • To show you trends, patterns, and correlations in your health data.
  • To authenticate you and keep your account secure.
  • To send you optional daily logging reminders (only if you opt in).

4. Legal Basis for Processing Health Data

Your health data is "special category data" under GDPR Article 9. We process this data based on your explicit consent, which you provide when you create an account and agree to this Privacy Policy. You can withdraw your consent at any time by deleting your account.

5. How We Store and Protect Your Data

Your data is stored in a Supabase database with the following protections:

  • Encryption at rest: all data is encrypted when stored.
  • Encryption in transit: all connections use TLS/SSL (HTTPS).
  • Row-Level Security: database policies ensure you can only access your own data.
  • Password security: passwords are hashed using industry-standard algorithms and never stored in plain text.

6. Data Sharing

We do not sell, rent, or share your personal or health data with any third parties. Your data is yours. The only way your data leaves IBDLens is when you explicitly generate and download a PDF report to share with your healthcare team.

7. Third-Party Services

We use the following third-party services:

  • Supabase: database hosting and authentication. Supabase acts as a data processor on our behalf under a Data Processing Agreement (DPA).
  • Vercel: application hosting. Vercel processes technical data (IP addresses, request metadata) for serving the application.

8. Cookies

IBDLens uses only essential cookies required for authentication and session management. We do not use any tracking, analytics, or advertising cookies. No third-party cookies are set.

9. Your Rights

Under GDPR, you have the right to:

  • Access: request a copy of all data we hold about you.
  • Correction: request that we correct any inaccurate data.
  • Deletion: request that we delete your account and all associated data.
  • Portability: request your data in a machine-readable format.
  • Withdraw consent: withdraw your consent at any time by deleting your account.

To exercise any of these rights, contact us at the email address below.

10. Data Retention

We retain your data for as long as your account is active. If you delete your account, all your data (including health logs, profile information, and any generated reports stored on our servers) will be permanently deleted within 30 days.

11. Children's Privacy

IBDLens is not intended for use by individuals under the age of 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us to have it removed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice within the app. Your continued use of IBDLens after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at: privacy@ibdlens.com