Belly Bestie Privacy Policy
Last updated: October 6, 2025
Your privacy is important to us. This Privacy Policy explains our collection, use, and disclosure of personal information on the websites owned and operated by Belly Bestie, LLC. (“Belly Bestie,” “we,” “our,” or “us”), including the www.bellybestie.org Website, our mobile application (the “App”), and through email, text, and other electronic communications (together, the “Services”).
This policy does not apply to any solutions or services that display, reference, or link to a different privacy statement.
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use our Services. By accessing or using our Website and/or App, you are deemed to have read and understood this Privacy Policy. This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of our Website or Application after we make changes is deemed to be an acknowledgment that you have reviewed those changes, so please check this Privacy Policy periodically for updates. This Privacy Policy is referenced in the Terms of Use, which is hereby incorporated into this policy.
Belly Bestie is not HIPAA-covered and does not provide medical advice. We nonetheless apply strong privacy and security practices to protect your information.
Personal Information We Collect
We collect and process personal information about you with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests. We collect information about you in various ways when you use our Services, including information you provide directly, information we collect automatically, and information from third-party data sources.
Information You Provide Directly
We collect personal information you provide to us directly when using the Website or App. For example:
When you sign up for a product demonstration, enroll in our newsletter or product updates, or otherwise communicate with us to request information, we may ask you to provide your Contact Information, such as name, email address, company name, address, and phone number.
We may also collect Content Information about the emails or communications that you send us.
When you use the App, you may choose to provide: Account information (e.g., name, email, password), Onboarding information (e.g., digestive health conditions such as celiac disease or IBS, dietary preferences, goals), Health & lifestyle logs (e.g., meals/ingredients, symptoms, bowel habits, stress levels, sleep patterns, activities, personal notes), Community interactions (posts, comments, reactions you choose to share), Support content (details you provide when contacting support from within the App).
Information Collected Automatically
We collect some personal information automatically when you visit our Website, use our App, or when you receive our marketing emails. For example:
Website usage data: when you visit our websites, access times, the website that led you to us, search terms used, error information, and browsing activity (pages visited, time on site, clicks).
Device information: operating system, internet connection, IP address, browser type, language settings.
Email engagement: whether you opened a marketing email or clicked on a link.
Usage data: feature taps, log events, screens viewed, timestamps, recipes viewed/saved.
Device data: mobile OS and version, device model, App version, crash logs, performance diagnostics.
Approximate location: derived from IP address, used to localize certain features such as recipes.
Third-Party Sources
We occasionally obtain information from third parties. These include:
Applications and services, such as social networks, that make users’ information available.
Partners with which we jointly provide services.
Publicly available sources (open databases, public domain).
If you enable integrations (now or in the future), we may receive information from connected services (e.g., single sign-on providers, analytics, hosting, crash monitoring).
Information We Create or Generate
We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“Inferences”). For example, we may infer your general geographic location from your IP address.
Based on your logs and activity, we may generate insights and patterns (e.g., correlations between meals and symptoms, summaries of sleep/stress data). These inferences personalize your App experience and help you understand trends.
Cookies and Similar Technologies
We use cookies and similar technologies to operate our Websites and to help collect certain data. Cookies are small text files placed on your device to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.
We use cookies to operate and improve our website and enhance your experience, such as determining which areas and parts of our Websites are popular, counting visits to our websites, and fulfilling other business purposes.
Our Websites may also contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies, count users, and gather usage and other Website and browser performance data. We may also include web beacons in our email messages or newsletters to determine whether you open and interact with the content in the emails.
Our websites and emails may include web beacons and cookies from third-party service providers. In some cases, that is because we have hired a third party to provide services on our behalf, such as web hosting, site functionality, site analytics, or email delivery. Because your browser connects to those third parties' web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services.
You can use browser controls to help limit how the websites you visit are able to use cookies. Instructions for blocking or deleting cookies may be available in each browser's privacy or help documentation. Please be aware that if you choose to block cookies, certain website features that depend on cookies may no longer function. If you choose to delete cookies, settings and preferences controlled by those cookies may be deleted and may need to be recreated.
The App may also use mobile SDKs (software development kits) provided by partners for analytics, performance monitoring, messaging, and error reporting. SDKs may collect App usage and device information similar to cookies. You can manage some of this collection via device settings (e.g., resetting advertising identifiers, limiting ad tracking).
How We Use Your Personal Information
We use personal information collected through our Services for purposes described in this Privacy Policy or disclosed to you otherwise. For example, we use personal information to:
Purpose of Use
Categories of Personal Information
Business Operations. To operate our Website and Business functions, such as billing and accounting when applicable, for improving our internal operations, securing our systems, detecting fraudulent or illegal activity, verifying your identity, and meeting our legal obligations. Additionally, to protect or enforce our rights and properties.
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Communications. To fulfill your communication requests for information or support, schedule solution demonstrations, respond to any questions you have sent us, and to update you on important solution and service features.
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Solution and Service Improvement, development and research. To develop, test, or improve the Solutions and Services. Additionally, to identify or create new Solutions and Services and to analyze traffic and user behavior or activity on the Website.
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Personalization. To understand you and your preferences, and to enhance your interaction with the Website.
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Marketing. To provide you with information about solution and service offerings, updates,
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Advertising. To promote and market Belly Bestie Solutions and Services offered.
Contact information, Usage Information, Device Information, Inferences. Sensitive Information: Content and Files
Core Functionality. To enable logs (meals, symptoms, sleep, stress, activity), deliver recipes, and support community features you choose to use.
Account Information, Onboarding Information, Health & Lifestyle Logs, Community Interactions, Usage Information, Device Information. Sensitive Information: Health & Lifestyle Logs, Community Content
AI-Driven Insights. To analyze your logs and generate summaries, trends, and personalized insights. These insights are informational only and do not replace professional medical advice.
Onboarding Information, Health & Lifestyle Logs, Usage Information, Inferences. Sensitive Information: Health & Lifestyle Logs
Personalization. To tailor in-App content, recipes, insights, and notifications to your preferences and activity.
Account Information, Onboarding Information, Health & Lifestyle Logs, Usage Information, Inferences. Sensitive Information: Health & Lifestyle Logs
Research & Quality. To monitor App performance, fix bugs, improve reliability, and conduct aggregated/de-identified analyses.
Usage Information, Device Information, Crash Logs, Aggregated/De-identified Data, Inferences. Sensitive Information: none beyond de-identified/aggregated data
In carrying out these purposes, we may combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
We may also de-identify your personal information so that it no longer reasonably identifies you. In this case, we may use this de-identified data without restriction and for any purpose, including to improve our Website, solutions, and Services.
We retain personal information only as long as necessary to fulfill the purposes for which it was collected and in accordance with applicable laws. App account data and logs are retained while your account is active. If you request deletion, we will securely delete or anonymize your data except where legally required to retain it.
Use of Artificial Intelligence (AI)
Some features of Belly Bestie use artificial intelligence.
Purpose: AI may generate summaries of logs or highlight and present patterns.
Data protection: We pseudonymize/anonymize data before processing with third-party AI providers when feasible.
No training use: Data submitted via third-party AI APIs (e.g., OpenAI) is not used to train or improve their models.
Provider role: Where we use third-party AI providers (e.g., via API), they act as our processors/service providers and must handle information consistent with our instructions.
Not medical advice: AI outputs are purely informational and should never be a substitute for medical advice, diagnosis, or treatment.
How We Disclose Your Personal Information
We may disclose your personal information for our business purposes in the following ways: Affiliates & Subsidiaries. We may disclose your personal information to deliver solutions and services to you, ensure a consistent level of service across our solutions and services, and enhance our solutions, services, and your customer experience.
Service providers. We provide access to or disclose your information to select third parties who use the information to perform services on our behalf. They provide a variety of services to us, including billing, content/service enhancements, sales, marketing, advertising, analytics, research, customer service, data hosting and storage, IT and security, fraud prevention, payment processing, and auditing, consulting, and legal services. These Service providers must only use your personal information to support the work that they perform for us, and may not use your personal information for unrelated purposes.
Advertising Partners. We may disclose your personal information to advertising partners and third-party advertisers that use cookies, pixels, and other tracking technologies to deliver you content about our solutions on other websites that you visit or applications that you use.
Applicable Law. We may disclose your personal information when we believe that doing so is necessary to comply with applicable law or to respond to a valid legal process, or to protect our rights or property, including enforcing our Terms of Use and this Privacy Policy, or any billing or collection actions necessary.
Security of Systems. We may disclose your personal information to operate and maintain the security of our services, including to prevent fraud or stop attacks on our computer systems or networks.
Business Transactions. We may disclose your personal information in connection with a business transaction, such as an equity raise, or a purchase of or merger with another company. In which case, your personal information may be among the assets transferred along with our other solutions, data, and assets.
Processors: We share data with service providers supporting hosting, analytics, crash reporting, AI processing, messaging, and support. They may only use data as instructed.
Community: Content you share (posts, comments) is visible to other users. Share only what you’re comfortable making public.
Aggregated data: We may share de-identified or aggregated information for research, development, or education.
No Sale of Health Data. We do not sell your health or lifestyle log data to advertisers or data brokers.
With Your Consent. We may disclose your personal information to third parties that you choose or as allowed under this Privacy Policy with your consent.
Choice and Control of Your Personal Information
You have certain rights and choices that you may make about how we use and disclose your information, subject to certain limitations.
Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal information about you that we hold, you can do so by contacting us as described at the bottom of this privacy statement. You may request an export of your data or deletion of your account and associated logs by emailing support@bellybestie.org. We will verify your identity and fulfill requests as required by law. However, to the extent permitted by applicable law, we reserve the right to charge a fee or decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates.
Communications preferences. You can choose whether you wish to receive promotional communications from us, such as by email, phone, or physical mail. If you receive promotional email messages from us and would like to stop, you can do so by following the directions in the messages, or by contacting us as described at the bottom of this privacy statement.
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or solutions on our Website.
Do Not Track. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative (NAI) websites (www.aboutads.info and www.networkadvertising.org ). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
Privacy Information for California Residents
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you have certain rights with respect to that information. We may collect sensitive personal information (health logs) that you voluntarily provide. This is used only to provide the Services requested (logging, insights) or as permitted by law. We do not sell or share your App health/lifestyle data for cross-context advertising.
Notice at Collection. At or before the time of collection, you have a right to receive notice of our privacy practices, including the categories of personal information collected, purposes for which your information is collected or used, whether the information is sold or shared, and how long the information is retained. For additional details about this information, see the sections above: Personal Information We Collect, How We Use Your Personal Information, How we Disclose Your Personal Information, and Choice and Control of Your Personal Information.
Right to Know. You have a right to request that we disclose to you the personal information we have collected about you, and how it has been used, disclosed, or sold. Information about how we use, disclose, and the information which might constitute a “sale” is available in this Privacy Policy, but you may also make a “request to know” or access by contacting us at support@bellybestie.org. Please note, that if making this request, we may require you to provide us with additional information so that we may verify your identity.
Rights to Request a Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions, including how we use and maintain Protected Information subject to HIPAA. To make a request to correct or delete, email us at support@bellybestie.org.
Right to Opt-Out / Do Not Sell or Share My Personal Information. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA. We do not knowingly collect, sell or share the personal information of minors under 18 years of age.
Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data sharing described in this Privacy Policy may be considered a “sale” or “sharing” under those definitions. In particular, we allow advertising and analytics providers to collect your identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, mouse movements), device data, and geolocation data through our sites and when you use our services. We do not “sell” or “share” any other types of personal information (see How We Disclose Your Personal Information for additional details).
If you don't want us or our partners to "sell" or "share" your personal information for advertising, you can use a Global Privacy Control to opt out. We will respect your choice and not share your data in ways defined as "sale" or "sharing" under the CCPA. However, we may still share some personal information with service providers to help us perform our certain advertising functions. Additionally, opting out won't affect previously "sold" or "shared" data or stop all interest-based advertising.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law.
To opt-out from such additional purposes, please contact us as described at the bottom of this page.
Authorized Agent. You can appoint an authorized agent, either in writing or through a power of attorney, to submit your requests or exercise your rights under the CCPA. Before we accept a request from your agent, we’ll need proof that you have authorized them to act for you, and we may ask you to verify your identity directly with us.
Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
We will not discriminate against anyone exercising these CCPA rights.
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, gives residents of California the right under certain circumstances to request information from us regarding the manner in which we disclose certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their own direct marketing purposes.
Children
We do not knowingly collect personal data from anyone under the age of 18 through our Website or App, and our Website, App, and Services are not directed to children under the age of 18. If we discover we have received any “personal information” (as defined under the Children’s Online Privacy Protection Act) from a child under the age of 18 in violation of this Privacy Policy, we will take reasonable steps to delete that information as quickly as possible.
Security of Personal Information
We take reasonable steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction. While no method of transmission or storage is 100% secure, we implement administrative, technical, and physical safeguards appropriate to the nature of the data we process, including:
Encryption in transit: All communication between the frontend and backend is secured using HTTPS (TLS encryption).
Encryption at rest: We use encryption at rest where supported by our infrastructure.
Password protection: Passwords are securely stored in hashed form using the platform’s built-in authentication mechanisms (e.g., Django’s authentication system).
Authentication & session security: We use JWT tokens for secure user authentication and API access, with appropriate token lifetimes and revocation practices.
Secrets management: Sensitive credentials (e.g., API keys, database configurations) are stored in environment variables (.env) and not committed to source control.
Access controls: Access to specific URLs, endpoints, systems, and data is restricted based on defined roles and permissions (principle of least privilege).
Input validation & security testing: We apply input validation across the application to mitigate injection and other malicious inputs, alongside routine monitoring and remediation of security issues.
Monitoring & logging: We maintain operational logs to aid in detecting and investigating anomalies, abuse, or security incidents.
Vendor oversight: Service providers with access to personal information are bound by contractual obligations and must implement security appropriate to the data they process.
You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account.
Changes to this Privacy Policy
We will revise this Privacy Policy as needed to comply with changes in applicable laws or how we process and use personal information. Any updates to the policy will be reflected by changing the "Last Updated" date at the top of this Privacy Policy. If we make material changes to the statement, we will provide notice on the Website or obtain consent regarding such changes when it may be required by law. For material App-related changes, we may notify you in-App or request consent if required.
Contact Us
If you have any questions or concerns about this Privacy Policy, or if you have a complaint, please contact us by email at support@bellybestie.org. We will attempt to respond to your questions or concerns promptly after we receive them.