MeNome Privacy Policy

Effective date: June 2, 2026

Your body, your data. At MeNome, your privacy comes first. We will never sell your data, and we will never use your health information to advertise to you. We hold ourselves to the highest global standard of data protection — the EU General Data Protection Regulation (GDPR) — and we extend those same protections to every MeNome user, no matter where you live.

This Privacy Policy explains, in plain language, how we handle your personal data. Below is a quick summary, but please read the full policy as well as our Terms of Service and Medical Disclaimer.

At a glance

  • One standard for everyone. Wherever you are in the world, we give you the same core privacy rights that GDPR provides — access, correction, deletion, portability, and the right to withdraw consent. We do not offer a weaker version of privacy to anyone.
  • We never sell your data. We do not sell or rent your personal data to anyone, and we do not share it with advertising networks or data brokers.
  • Your health data is never used for ads. We do not use your symptoms, cycle information, BioScan results, Apple Health data, or any other health information to advertise or market to you, and we never share it with third parties for their own purposes.
  • You're in control. You can export a summary of your data, delete your account, and turn any device connection (camera, microphone, Apple Health, calendar, notifications) on or off at any time, directly in the App. A full copy of your data is available on request.
  • You decide about health data. Before we collect any health information, we ask for your separate, specific consent. You can withdraw it whenever you want.
  • Questions? Email us at support@belly-md.com.

1. Who we are and what this policy covers

This Privacy Policy explains how BellyMD, Inc. ("BellyMD," "MeNome," "we," "us," or "our"), a Delaware corporation, collects, uses, shares, and protects your personal data when you use the MeNome mobile application and related services (the "App").

MeNome is a consumer wellness and educational product. It helps you track gut and digestive symptoms, generates a wellness indicator called your BellyScore, includes an assistant called Cora, can connect to Apple Health, and offers an optional camera-and-microphone BioScan feature. MeNome is not a medical device, does not diagnose, treat, cure, or prevent any disease, and does not provide medical advice. Please see our Medical Disclaimer and Section 12 below.

BellyMD is the data controller responsible for your personal data in the App. This policy is separate from, and additional to, the BellyMD e-commerce privacy policy, which covers our supplement store. This App policy is hosted at its own URL.

We may update this Privacy Policy from time to time. We review it at least once a year. If we make material changes — especially any change that affects your health data — we will tell you by email or through the App and update the "Effective date" above.

2. A note about health data and HIPAA

MeNome handles information about your body and symptoms that you would reasonably consider sensitive. We treat it accordingly, and this policy is designed around protecting it.

The U.S. Health Insurance Portability and Accountability Act ("HIPAA") generally applies to healthcare providers, health plans, and their business associates. When BellyMD provides MeNome directly to you as a consumer, we are not acting as a HIPAA covered entity or business associate, so HIPAA does not govern the information you provide through the App. Instead, your information is protected by this policy, by GDPR-level commitments we extend to all users, and by the consumer-privacy and consumer-health-data laws described below. If MeNome ever integrates with a healthcare provider or other covered entity, we will revisit this analysis before that feature launches and tell you what changes.

3. Personal data we collect

3.1 Information you provide directly

Account and profile information

  • Email address
  • Age or age range
  • Biological sex
  • Whether you choose to enable menstrual-cycle tracking
  • Your stated goals and your "gut signature" selections (primary symptom, suspected trigger, chronicity)

Daily check-in and symptom information

  • Symptom ratings: abdominal pain, bloating, nausea, bowel symptoms, and fatigue
  • Lifestyle ratings: sleep, food, hydration, mood, and physical activity
  • Context you log or that is drawn from your check-in: food intake, hydration, vomiting episodes, hours and quality of sleep
  • Foods you report eating and any foods in your personal trigger library

Health history you choose to enter (this is special-category / sensitive data)

  • Medical history: diagnoses (including year and whether active) and surgeries
  • Medications and supplements: current and past, what they are for, and whether they helped
  • Treatments you have tried and how effective they were
  • Family history of gastrointestinal conditions
  • Lifestyle context: diet, exercise, work stress, sleep quality, alcohol, and smoking
  • Free-text narrative ("My Story") and any notes you enter
  • Questionnaire responses and results, including Rome-criteria and Bristol Stool Scale entries
  • Menstrual-cycle information, if you enable cycle tracking

Communications. If you contact support, we collect your messages and related correspondence.

3.2 The optional BioScan feature

The BioScan is optional and runs only when you start it. If you use it, MeNome accesses your camera and microphone during a short guided session and processes:

  • Camera-derived cardiovascular signals (rPPG). We analyze subtle color changes in video of your face to estimate heart rate and heart-rate variability. The raw video frames are processed on your device and are not sent to us. Only the derived signals are sent to a BellyMD digital-signal-processing ("DSP") server to compute your results.
  • Microphone-derived voice signals. We analyze acoustic features of your voice (pitch, energy, jitter, speaking rate, and similar) to produce a "voice stress" indicator.
  • Speech transcript. If you speak, your speech may be transcribed to help fill in your check-in (for example, to detect mentioned foods or symptoms). Where transcription uses Apple's speech recognition, audio may be sent to Apple; Apple is then a recipient (see Section 7).
  • Derived measurements. The resulting estimates (resting heart rate, HRV values, a stress score, signal-quality assessments).

We do not use the camera or microphone for any purpose other than a BioScan session you start, and we never access them in the background.

3.3 Apple Health (HealthKit)

If you grant permission, MeNome reads the following from Apple Health to improve pattern detection and build your profile: heart rate, heart-rate variability, resting heart rate, sleep, steps, active energy/calories, body weight, and workouts, plus your date of birth, biological sex, and height. We request read access only and never write data back. Data obtained through Apple Health is never used for advertising or marketing, is never sold, and is never shared with third parties for their own use (see Section 12).

3.4 Calendar (optional "Life Pattern Sync")

If you enable Life Pattern Sync, MeNome reads event titles and times from your device calendar to help connect life events (like travel) with your symptom patterns. We do not read attendee lists, locations, or event notes.

3.5 Information collected automatically

  • Device and technical information: device model, OS version, app version, language, time zone, and general diagnostics.
  • Usage information: how you interact with features, used to operate and improve the App.
  • Crash and performance data.

MeNome does not integrate third-party advertising or cross-app tracking SDKs. Any analytics or crash-reporting tool in the production build is named as a processor in Section 7 and reflected in our Apple privacy labels.

3.6 Subscription and payment information

MeNome offers a free tier and paid subscriptions, processed by Apple through in-app purchase. We do not collect or store your payment card number. We receive your subscription status and related transaction identifiers from Apple. Any subscription-management service we use is named in Section 7.

3.7 What we do NOT collect

We do not knowingly collect your precise location, your contacts, your photos (other than live camera frames during a BioScan you start), or payment card numbers.

4. How we use your personal data, and our legal bases

We extend GDPR-style legal bases to all users. Depending on the feature, we rely on:

Purpose Legal basis
Provide the core service: record check-ins, compute your BellyScore, surface trends, power Cora, run the BioScan, unlock features as you log more Consent (for health data); performance of our contract with you
Personalize your insights, prompts, and educational content Consent
Connect optional features (camera, microphone, Apple Health, calendar) Consent
Improve and develop the App: debug, analyze aggregate usage, improve our algorithms and content Legitimate interests, balanced against your rights
Communicate with you: service messages, support responses Legitimate interests / contract
Send you marketing about MeNome and BellyMD products (see Section 6) Consent
Maintain safety and security: detect and prevent fraud, abuse, and security incidents Legitimate interests / legal obligation
Comply with law and enforce our Terms Legal obligation

You can withdraw consent at any time, and we will stop the processing that relied on it. We may use de-identified or aggregated data (which does not identify you) to analyze trends and improve our methods. Any use of your identifiable health data for research is governed by a separate, specific in-app consent. We do not use your identifiable health data to train models for unrelated purposes.

We do not use your health-related information for advertising, and we do not sell any of your personal data.

5. How we share information

We do not sell your personal data, and we do not share it with advertising networks or data brokers. We share information only as described here:

  • Service providers / processors who handle data on our behalf under contract — for example, cloud hosting, the BioScan signal-processing server, analytics and crash tooling, and customer-support tooling. They act only on our instructions.
  • Apple, as needed to deliver the App, process in-app purchases, and (if applicable) perform speech transcription.
  • Professional advisors and authorities where required by law, to enforce our Terms, or to protect rights, safety, and property.
  • Corporate transactions: if BellyMD is involved in a merger, acquisition, financing, or sale of assets, information may transfer subject to this policy.

Our current processors, and what each one handles, are:

  • Amazon Web Services (AWS) — cloud hosting and system email: stores your account and check-in data, and sends transactional messages such as account and security notices.
  • Sentry — crash and error monitoring: diagnostic and stability data, not your health entries.
  • Apple — app delivery, in-app purchases, and, if you use voice entry, speech transcription.
  • Klaviyo — marketing email only: your email address and marketing preferences, never your health data.

Where a law such as the Washington My Health My Data Act requires us to name the specific entities that receive consumer health data, we identify those recipients with the required specificity and keep that list current. Data obtained through Apple Health is handled under the additional restrictions in Section 12 and is never used for advertising, never sold, and never shared for others' own purposes.

6. Marketing, and how we use your email

We may use your email address to send you marketing about MeNome and other BellyMD products, including our own supplement line, but only if you opt in, and you can unsubscribe at any time using the link in every marketing email or in your App settings. Opting out of marketing will not stop essential service messages (like security or account notices).

We keep marketing first-party: we use your email ourselves and do not sell or share it with third parties for their marketing. Importantly, we do not use your health data to decide what to market to you. Our supplement and product messages are based on the fact that you are a MeNome user — not on your symptoms, cycle, diagnoses, BioScan results, or Apple Health data. If we ever want to tailor product recommendations using your health information, we will ask for your separate, explicit consent first.

7. Your privacy rights — the same for everyone

Regardless of where you live, we are committed to giving you the same core privacy rights that GDPR provides, which is widely regarded as the highest global standard. You have the right to:

  • Access / know what personal data we hold about you and how we use it.
  • Correct inaccurate personal data.
  • Delete your personal data ("erasure").
  • Portability: receive your data in a structured, portable format.
  • Withdraw consent for any processing based on consent, including health-data processing and device-permission features.
  • Object to or restrict certain processing, including direct marketing.
  • Opt out of any "sale," "sharing," or "targeted advertising" as defined under U.S. state laws. We do none of these.
  • Non-discrimination: we will never deny you service or charge you more for exercising your rights.
  • Appeal a decision on your request, and lodge a complaint with your local data protection or supervisory authority.

How to exercise your rights. You can export a summary of your data and delete your account directly in the App, and you can revoke camera, microphone, Apple Health, calendar, and notification permissions any time in your device settings. To request a full copy of your data, or for anything else, email support@belly-md.com. We will verify your identity, respond within the time required by applicable law (generally within one month), and never charge you for a legitimate request.

Region-specific notes

  • EEA / UK / Switzerland: International transfers of your data rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism, with transfer risk assessments. You may complain to your local supervisory authority.
  • California (CCPA/CPRA): You have the rights above, including to know, delete, correct, and opt out of "sale" or "sharing." We do not sell or share personal information or use sensitive personal information beyond permitted purposes, and we honor Global Privacy Control signals.
  • Other U.S. states (Colorado, Connecticut, Virginia, Utah, Oregon, Texas, and others as they take effect): you have comparable rights, exercisable through the contact above.

8. Consumer health data (Washington My Health My Data Act and similar laws)

The Washington My Health My Data Act ("MHMDA") and similar consumer-health-data laws (including Nevada's SB 370 and Connecticut's health-data provisions) apply broadly to "consumer health data," which includes much of what MeNome collects. These laws can protect consumers in those states regardless of where BellyMD is located.

For consumers covered by these laws:

  • We collect consumer health data as described in Section 3 and use it for the purposes in Section 4.
  • We obtain your consent before collecting consumer health data beyond what is needed for a feature you requested, and separate authorization before any "sale" — which we do not do. BellyMD does not sell consumer health data.
  • You may confirm whether we collect, share, or sell your consumer health data, access it, withdraw consent, and have it deleted. Contact support@belly-md.com.
  • We honor deletion requests, including by directing our processors to delete the data, except where retention is legally required.
  • We restrict access to consumer health data to personnel and processors who need it to provide the App.

This Section 8 serves as BellyMD's Consumer Health Data Privacy Policy for MeNome. Where the MHMDA or a similar law requires it, we present and link this section as a distinct, prominently-labeled Consumer Health Data Privacy Policy.

Biometric identifiers. Where the BioScan's camera-derived (rPPG) and voice-derived signals are treated as biometric data under laws such as the Illinois Biometric Information Privacy Act (BIPA), the Texas CUBI, or Washington's biometric law, we obtain your consent before a BioScan, never sell or lease this data, use it only to generate your BioScan results, and retain and destroy it per Section 9.

9. Data retention

We keep your information only as long as needed to provide the App and for the purposes in this policy, unless a longer period is required or permitted by law.

  • Longer tracking history stays on your device until you delete it, delete the App, or delete your account.
  • Server-side copies of BioScan-derived values are kept only as long as needed to compute and return your results.
  • When you delete your account, after a 30-day grace period (during which you can cancel) we delete or irreversibly anonymise your personal data, except limited records we are legally required to retain (for legal, security, accounting, or fraud-prevention reasons).

10. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your data, including encryption of personal data in transit and at rest, restricted internal access on a need-to-know basis, and regular security testing. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. To report a security concern, email support@belly-md.com.

11. Children's privacy

MeNome is intended for users 18 and older. You must be at least 18 to use the App, in every country where it is available. We do not knowingly collect personal data from anyone under 18; if we learn we have, we will delete it. Contact support@belly-md.com if you believe someone under 18 has provided us information.

We do not serve targeted advertising to any user.

12. Apple Health (HealthKit) specific terms

Consistent with Apple's requirements, for data we obtain through HealthKit:

  • We use it only to provide health, wellness, and fitness features in MeNome, and only with your permission.
  • We do not use it for advertising, marketing, or any use-based data mining, including by third parties.
  • We do not sell it to anyone.
  • We do not share or disclose it to third parties except to provide a service you requested, and never for their independent use.
  • We do not store it in iCloud or any third-party cloud in a way that violates Apple's requirements.

13. International users and transfers

BellyMD is based in the United States. If you use the App from outside the U.S., your information will be transferred to and processed in the U.S., where privacy laws may differ from those in your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (see Section 7).

14. The Cora assistant

In the current build, Cora returns pre-written responses and does not use a third-party AI model or send your messages to an external provider. If a future build uses a generative or third-party AI service, we will update this policy and our Apple privacy labels and name the provider before that change ships.

15. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "Effective date" and, where required, give additional notice. Material changes affecting health data will be communicated through the App.

16. Contact us

BellyMD, Inc. Email: support@belly-md.com

This policy is governed by the laws of the State of Delaware, and disputes relating to it are handled as set out in the MeNome Terms of Service. Your home-jurisdiction consumer-protection and consumer-health-data laws may still apply to you regardless of this choice.