Settle← Back to app

DRAFT — not legal advice, requires review by a licensed attorney before use.

Settle — Privacy Policy

Effective date: [EFFECTIVE DATE PLACEHOLDER] Operator: Desert Services Group LLC ("DSG," "we," "us") Service: Settle, an elimination-diet planning tool at wellsettled.vercel.app Contact: jeff.jones@desertservicesgroup.com

Settle helps an individual plan and run a structured elimination diet — establish a baseline, remove suspected foods, then reintroduce them one at a time — to surface foods that may be behind IBS-type gut symptoms. Settle provides diagnostic information, not a diagnosis. See our Terms of Service and the in-app medical disclaimer.

This policy explains what we collect, why, how it is protected, and the choices and rights you have. Washington residents: a separate Consumer Health Data Privacy Notice also applies to your health data; please read it together with this policy.


1. Privacy at a glance


2. What we collect and why

a. Your symptom diary (consumer health data)

When you use Settle you may record: daily discomfort severity (0–10); symptom-type selections (bloating, abdominal pain, gas, diarrhea, constipation, urgency, nausea, reflux, fatigue, headache); free-text notes; the food-trigger groups you choose to eliminate and reintroduce; and your plan dates and phase windows. We use this only to run your plan and to compute your own Insights (comparing symptom severity across phases). This is regulated health data and we treat it accordingly.

By default this data lives only in your browser's local storage. It leaves your device only if you (i) enable cloud sync or (ii) export a backup yourself.

b. Account data (only if you enable cloud sync)

To sync across devices you create an account using your email address. We use email solely to sign you in (via a magic link — there is no password) and to send account/security messages. Your email is stored separately from your encrypted diary blob.

c. Encrypted diary blob (only if you enable cloud sync)

We store the encrypted version of your diary so it can sync between your devices. We store only ciphertext — see Section 3.

d. Technical logs

Our hosting and database providers generate standard server logs (e.g., IP address, browser type, timestamps) to deliver the service and protect it against abuse. These logs are not combined with your diary content and are not used for advertising or profiling.

We do not collect analytics-SDK data, advertising identifiers, location beyond incidental IP, or (at launch) payment information.


3. How zero-knowledge cloud sync works (and its limits)

If you enable cloud sync, Settle encrypts your diary in your browser using AES-GCM, with the encryption key derived from your passphrase (and a separately generated recovery key) using PBKDF2. Only the resulting encrypted blob is uploaded. Your passphrase, recovery key, and decryption key never leave your device and are never sent to us. As a result:

What this protection does NOT cover — please read:

We describe this as zero-knowledge encryption of your synced diary — we do not claim end-to-end encryption of your email or of local-only data.


4. We do not sell your data, and we do not use it for ads


5. Sub-processors (service providers)

Provider Role What they can access
Supabase Magic-link authentication + encrypted vault storage Your email (readable), sign-in/session metadata, and your encrypted diary blob (which they cannot read)
Vercel Hosting / delivery of the web app Standard server/request logs (e.g., IP, browser, timestamps)

These providers act on our behalf under their terms and may not use your data for their own purposes. We do not authorize any provider to read your diary content, and the encryption prevents it for the synced blob.


6. Your privacy rights

Depending on where you live (including under CCPA/CPRA in California, the Washington My Health My Data Act, Nevada SB 370, and the GDPR in the EU/EEA/UK), you may have the right to:

How to exercise them:

Because synced diary content is stored only as an unreadable encrypted blob, the content we can return for an "access" request is what you can already export yourself; we can also confirm and delete the encrypted blob and your account email.

[ATTORNEY: confirm response-deadline language, verification standards, and appeals/authorized-agent handling for CCPA/CPRA, WA MHMD, NV SB370, and GDPR.]


7. Data retention

When you delete your account, we delete your account email and your stored encrypted blob; residual copies in routine backups, if any, are purged on the provider's normal backup cycle.


8. Security

We protect your data with client-side AES-GCM encryption for synced diaries, PBKDF2 key derivation, transport encryption (HTTPS), passwordless magic-link sign-in, and database row-level security so each account can reach only its own row. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security. If a breach affecting your data occurs, we will notify you and regulators as required by law (see our internal breach process).


9. Children

Settle is for adults. It is not directed to children and is not intended for anyone under 18. We do not knowingly collect data from children under 13. If we learn we have collected data from a child under 13, we will delete it. Do not use Settle if you are under 18.


10. International users

Settle is operated from the United States and your data is processed in the U.S. If you access Settle from the EU/EEA/UK, your symptom diary is special-category (health) data under GDPR Article 9, and we process it only on the basis of your explicit consent, which you may withdraw at any time. By using cloud sync from those regions you consent to processing and transfer to the U.S. as described here. [ATTORNEY: confirm transfer mechanism / SCCs and whether EU launch is in scope at all.]


11. Changes to this policy

We may update this policy. We will change the effective date above and, for material changes, provide a more prominent notice (e.g., in-app). Continued use after an update means you accept the revised policy.


12. Contact

Desert Services Group LLC — privacy Email: jeff.jones@desertservicesgroup.com Governing law: State of Arizona, USA (see Terms of Service).