The Gut Health Collective Privacy Policy

Last Updated: August 16, 2025

This Privacy Policy (“Policy”) explains how The Gut Health Collective (“we,” “us,” or “our”) collects, uses, discloses, and protects information relating to individuals (“you”) who access or use our online community and any related mobile or downloadable applications (collectively, the “Community”). This Policy forms part of, and is incorporated into, our Terms of Service.

Important health note. We are not a medical practice, the Community is not a HIPAA environment, and information you choose to share may include health‑related information. Please do not post Protected Health Information (PHI) (e.g., full name with medical details, medical record numbers, etc.). See “Health Information & HIPAA Notice” below.

If we make material changes to this Policy, we will update the “Last Updated” date and provide additional notice where required (e.g., in‑product notice or email).

1) Scope & Roles

This Policy applies to personal information we process about Community members and visitors. The Community runs on the platform operated by CircleCo, Inc. (“Circle”), which acts as our service provider/processor. We may also use additional third‑party service providers (survey tools, payment processors, analytics, email, video, support, cloud hosting) as described below.

2) Quick “Notice at Collection” (California) — Summary

Category (examples)SourcesPurposesRetention (criteria)Selling/SharingIdentifiers (name, email, account ID), Account ProfileYou; your device; CircleCreate/manage account; support; security; communicationsFor life of account + as needed for legal/operational purposesNot sold. May be shared for cross‑context behavioral advertising only if you opt in (where required); you can opt out at any time.Commercial info (purchases)You; payment processorMembership, billing, fraud preventionAs required for tax/audit, disputes, and our recordsNot sold/shared for advertising.Internet/Network activity (device data, cookies, usage)Your device/browser; analytics toolsOperate, secure, improve the Community; analytics; (optional) advertisingBased on business need and security; usually shorter durations; aggregated/de‑identified may be kept longerMay be shared for cross‑context behavioral advertising unless you opt out/enable GPC.Geolocation (coarse from IP)Your device/browserLocalization, security, analyticsSee above criteriaNot sold.Audio/visual (event recordings you join)You (participation); event platformsProvide replays; moderation; safetyFor the life of the Community program or as required by lawNot sold/shared for advertising.User content (posts, comments, messages)You; other membersProvide social features; moderation; safetyFor life of account or until you remove; backups may persist for limited timeNot sold/shared for advertising.Sensitive personal information (you choose to share: health‑related info in posts or Challenge Survey responses)You; Survey ProviderEducation, your individual feedback, aggregate/subgroup analysesBased on program and legal/operational needs; aggregated/de‑identified data may be retainedNot sold. Not shared for advertising. Limited disclosure to processors.

• You can exercise your privacy choices at “Your Privacy Choices” (including Do Not Sell or Share and Limit Use of Sensitive Personal Information) where available in the Community or by contacting us (see Contact).

• We honor Global Privacy Control (GPC) signals for California residents where required.

3) Information We Collect

A. Information you provide

• Registration & Profile. Name, email, username, photo, biography, and other details you choose to add.

• Content & Interactions. Posts, comments, reactions, uploads, participation in groups or events, and messages exchanged with other members (we and Circle may process message content and metadata for operations, safety, moderation, and to deliver the service).

• Support & Communications. Information you send us (e.g., forms, surveys, help requests, email).

• Payments. If you purchase membership or other offerings, your payment card data is collected and processed directly by our payment processor; we receive limited information (e.g., last 4 digits, status, billing zip) for records and fraud prevention.

B. Information collected automatically

• Device & Usage Data. IP address, device/browser type, operating system, language, referring/exit pages, clickstream, timestamps, feature usage, and error/crash data.

• Cookies & Similar Technologies. We and our partners use cookies, pixels, and SDKs to operate the Community, measure performance, remember preferences, and (if you allow) tailor ads on our sites and elsewhere. See Your Choices.

C. Information from other sources

• Other members (e.g., when they mention or share content with you).

• Social sign‑in (if you connect a social account, we receive certain profile information per that service’s settings).

• Service providers (analytics, anti‑fraud, survey tools) and publicly available sources.

4) Challenge Surveys (Optional; Collected Outside Circle)

On a monthly basis we run challenges. Participants may optionally complete a baseline and post‑challenge survey via a third‑party Survey Provider (outside Circle).

• What we collect (examples). Self‑reported symptoms, habits, lifestyle patterns, well‑being markers, sleep/energy/mood, digestion patterns, goal progress, and limited demographics (you choose what to provide). Do not include PHI (e.g., medical record numbers).

• How we use it.

  1. Your individual feedback: we calculate and return your results to you (e.g., change over time).

  2. Aggregate/subgroup analysis: we combine responses to evaluate challenge outcomes, produce insights, and improve programs. We do not share your individual results with other participants or third parties; we may publish aggregated findings (e.g., “X% reported improvement”), and may perform subgroup analyses (e.g., by age range).

• Legal basis/consent. Participation is voluntary. For EEA/UK, we rely on consent; you may withdraw by contacting us (see Your Rights).

• Disclosure. Survey data is processed by our Survey Provider under contract; we may share aggregated/de‑identified findings publicly or with partners. We do not sell survey responses.

• Retention. We retain identifiable survey responses consistent with the criteria in Retention below; aggregated/de‑identified results may be retained for research and program improvement.

5) How We Use Information

We use personal information to:

• Provide, secure, and improve the Community and related programs; enable features; personalize content; prevent fraud and abuse.

• Operate challenges and surveys, deliver individual feedback, and conduct aggregate/subgroup analyses.

• Communicate with you (service, transactional, and—if you opt in or as permitted—promotional).

• Moderate and protect the Community (detect, investigate, and prevent violations and harmful or illegal activity).

• Comply with laws, enforce our Terms, and protect our rights.

• Develop new features, insights, and educational materials, including through de‑identified or aggregated data.

• Advertising & measurement (only with appropriate notice/choice): measure the effectiveness of our outreach and (if you allow) tailor ads.

EEA/UK legal bases. We process personal data where necessary to perform a contract (provide the Community), based on our legitimate interests (e.g., security, improvement, analytics), with your consent (e.g., challenge surveys, certain cookies/marketing), or to comply with law.

6) How We Disclose Information

We disclose information to:

• Service Providers/Processors. Circle (platform), payment processors, cloud/hosting, email and communications tools, analytics, customer support, survey tools, event/streaming tools, and security/fraud partners—only to perform services on our behalf under contracts restricting their use.

• Other Members. Content you post (per your settings) is viewable by others; we cannot control what others do with content they can access. Avoid sharing information you would not want public.

• Legal, Safety, and Rights. To courts, regulators, law enforcement, or advisors when required by law or to protect rights, safety, and the Community.

• Business Transfers. In connection with a merger, acquisition, financing, or sale of assets.

• With your consent or direction.

No sale of personal information for money. We do not sell your personal information for money. Where the law defines “share” to include cross‑context behavioral advertising, we may “share” limited identifiers and device data for that purpose only to the extent you have not opted out (see Your Privacy Choices). We do not sell or share Challenge Survey responses or other sensitive information.

De‑identified/aggregated data. We may use and disclose de‑identified or aggregated data (e.g., challenge outcomes). We will not attempt to re‑identify such data, and we require recipients not to do so.

7) Health Information & HIPAA Notice

We are not a covered entity or business associate under HIPAA, and the Community is not a HIPAA‑regulated environment. Do not upload PHI. Health‑related details you choose to share (e.g., symptoms, experiences, lifestyle) are processed under this Policy and applicable consumer privacy laws (e.g., California “sensitive personal information,” EEA/UK “special category data”). If you are in the EEA/UK and share health information, you explicitly consent to our processing for the purposes described here, which you may withdraw at any time (we will honor your request prospectively).

8) Your Choices

• Account Information. Update profile information in your account settings. Contact us to request account deletion (we may retain certain information as required by law or for legitimate business purposes).

• Marketing Communications. Unsubscribe using the link in our emails. You will still receive service/transactional messages.

• Push Notifications. Control via your device or in‑app settings.

• Cookies & Analytics/Ads. Manage preferences via our cookie banner or settings, and your browser settings. Note: disabling cookies may limit some features.

• Global Privacy Control (GPC). We honor GPC signals for California residents by treating them as an opt‑out of sale/share where applicable.

9) Your Rights

A. U.S. state privacy rights (where applicable, e.g., CA, CO, CT, UT, VA, OR, TX, and others).You may have the right to know/access, correct, delete, port, and opt out of (i) sale or sharing for cross‑context behavioral advertising and (ii) certain profiling/targeted advertising. California residents may also limit the use and disclosure of Sensitive Personal Information to what is necessary to provide requested services.

• How to submit a request. Use Your Privacy Choices in the Community or email support@theguthealthmd.com with “Privacy Request” in the subject. We will verify your identity (and your agent’s, if applicable).

• Appeals. If we deny your request, you may appeal by replying to our decision; we will review and respond within the time required by law.

• Non‑discrimination. We will not discriminate against you for exercising your privacy rights.

• Shine the Light (CA). California residents may request a list of certain third parties to whom we disclosed personal information for their own direct marketing in the preceding year (we do not currently disclose for such purposes).

B. EEA/UK data subject rights.You have rights to access, rectify, erase, restrict, object, and port your data, and to withdraw consent where we rely on consent. You may lodge a complaint with your local supervisory authority.

10) Retention

We keep personal information only as long as necessary to fulfill the purposes described in this Policy, including to meet legal, accounting, or reporting requirements, resolve disputes, and enforce agreements. We consider:

• the nature and sensitivity of the information (including whether it is health‑related),

• the purposes for which we process it and whether we can achieve those purposes by other means, and

• applicable legal requirements and operational needs.

Challenge Survey aggregated/de‑identified results may be retained for research, education, and program improvement.

11) Security

We use administrative, technical, and physical safeguards designed to protect personal information. No system is completely secure, and we cannot guarantee security. If we learn of a data incident affecting your information, we will notify you as required by law.

12) Children’s Privacy

The Community is intended for individuals 18+ or 13–17 with verifiable parental consent, consistent with our Terms. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, please contact us and we will take appropriate steps to delete it. Where local law sets a higher age of consent (e.g., EEA/UK), we will obtain parental consent when required.

13) International Users & Transfers

The Community is hosted in the United States. If you access the Community from outside the U.S., you understand your information may be transferred to, stored, and processed in the U.S. and other countries with different data‑protection laws. Where required (e.g., EEA/UK), we rely on Standard Contractual Clauses (SCCs) and supplementary measures for transfers to our service providers. You may request a copy of the SCCs by contacting us.

14) Social Features, Links, and Recordings

The Community includes social features; information you post may be viewable by others. The Community may link to third‑party sites or tools (including event platforms and survey tools). Their privacy practices are governed by their policies. Events or sessions may be recorded; by participating you may be captured in the recording—adjust your settings if you do not wish to be recorded.

15) Do Not Track

There is no widely accepted industry standard for responding to Do Not Track (DNT) signals. We do not respond to DNT, but we honor GPC where required.

16) Contact Us

If you have questions or wish to exercise your rights:

Email: support@theguthealthmd.comMail: The Gut Health Collective, 641 Palisades Drive, Mount Pleasant, SC 29464

If you require this Policy in an alternative format due to a disability, please contact us at the email above.

17) Your Privacy Choices (How to Opt Out / Limit Sensitive PI)

Where available in the Community, visit Your Privacy Choices to:

• Do Not Sell or Share My Personal Information (opt out of cross‑context behavioral advertising), and

• Limit the Use and Disclosure of My Sensitive Personal Information (we already restrict such use, but provide the mechanism where required).

You may also email support@theguthealthmd.com if you cannot find this link.