Privacy Policy Last updated: April 23, 2026 Effective date: April 23, 2026 This Privacy Policy describes how Tend & Mend ("we," "us," "our") collects, uses, shares, and protects information when you use our mobile applications, including Tend & Mend (for individuals with IBS and IBD), Tend & Mend: Feline, and Tend & Mend: Canine (collectively, the "Apps").

By using the Apps, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Apps.

  1. Who we are Tend & Mend is an independent software product developed by Ben McNair-Kim, an individual developer based in Toronto, Canada. We are the data controller for personal information collected through the Apps. Contact: [hello@tendandmend.co] — update to live address before launch
  1. Information we collect 2.1 Information you provide directly Depending on which App you use, we collect: Tend & Mend (human IBS/IBD app): Food and meal entries (name, time, optional notes) Bowel movement entries using the Bristol Stool Scale (BSS score 1–7, time, optional notes) Symptom entries (severity score on validated scales, time, optional notes) Suspected food triggers you nominate for tracking Free-text notes you choose to add Tend & Mend: Feline / Canine: Pet name, species, optional breed, optional age or weight Meal entries (food type, amount, time) Vomiting or other symptom entries (time, notes) All Apps: Optional account information (email address, if you choose to create an account for data sync) Subscription status (if you purchase a paid tier) Free-text content you type or speak into any voice/chat feature 2.2 Information collected automatically Device type, operating system version, App version (for diagnostics and compatibility) Crash reports and basic usage events (e.g., feature opens, session length), if you consent to diagnostics sharing in iOS Settings Approximate country or region, inferred from App Store locale (not precise GPS location) We do not collect: Precise location data Contacts Photos from your camera roll unless you explicitly select one to attach Microphone input unless you actively use a voice feature 2.3 Information we do NOT collect from you We do not knowingly collect any information from individuals we know to be under 18 years of age. The Apps are not directed to children. See Section 10 for more on children's data.
  1. Health data disclosure Important: The data you log in Tend & Mend (the human IBS/IBD App) qualifies as health data under several laws, including the EU General Data Protection Regulation (Article 9), the UK GDPR, the Washington My Health My Data Act, and the California Consumer Privacy Act. This includes: Bristol Stool Scale scores Symptom severity scores Information about suspected food triggers Any free-text content describing bodily functions, symptoms, medications, or diagnoses We treat this data with heightened protections as described in this Policy. The Apps are wellness tools, not medical devices. We do not diagnose, treat, cure, or prevent any disease. Information shown in the Apps (including posterior probabilities, risk estimates, and trigger confirmations) is for self-experimentation purposes only and is not medical advice. Always consult a qualified healthcare professional about your health.
  1. How we use your information We use the information we collect to: Operate the core functionality of the Apps (log entries, compute statistical estimates, display trends, generate reports you can export) Process subscription purchases and maintain your paid status Respond to your support requests Diagnose crashes and improve the Apps Comply with legal obligations We do not: Sell your personal information Share your personal information with advertisers Use your health data for advertising Use your data to train AI or machine learning models
  1. Third-party services we use 5.1 Anthropic (Claude API) Some features in Tend & Mend allow you to log food, symptoms, or bowel movements by typing or speaking a description in natural language. To interpret your input, we send the text of your message to the Claude API operated by Anthropic PBC, a US-based company. What is sent: Only the text content of your message (e.g., "I had yogurt at 9am and had loose stool an hour later"). We do not send your name, email address, device identifier, or account ID as part of the API request content. What Anthropic does with it: Anthropic processes the text to return a structured response (e.g., food item identified: yogurt; BSS score: 6; time: 10am). Under Anthropic's standard API terms, inputs and outputs are not used to train Anthropic's models without opt-in, and are retained for a limited period for abuse monitoring before deletion. See Anthropic's privacy policy at https://www.anthropic.com/legal/privacy. Where processing happens: Anthropic's servers, which are located in the United States. Your choice: If you do not want your text sent to Anthropic, do not use the natural-language logging feature. All logging can be performed using the manual entry interface, which does not send any data to Anthropic. 5.2 Apple App Store / StoreKit: subscription billing, handled entirely by Apple. We receive a subscription status flag, not your payment details. iCloud (optional): if you enable iCloud sync in iOS Settings, your App data is synced across your devices through your personal Apple iCloud account. Apple is the processor for this data; we do not access it. 5.3 Analytics and diagnostics We use Apple's standard crash reporting (included in iOS). We do not use Google Analytics, Firebase Analytics, Meta SDK, or any third-party advertising or tracking SDKs. 5.4 No other processors We do not share your personal information with any other third parties except as required by law (see Section 8).
  1. Legal basis for processing (GDPR / UK GDPR users) If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases: Processing activity Legal basis Operating the core logging and analysis features Performance of a contract (Art. 6(1)(b)) Processing health data (symptom logs, Bristol Stool Scale) Your explicit consent (Art. 9(2)(a)) Sending text to Anthropic for natural-language logging Your explicit consent Crash diagnostics Legitimate interest (Art. 6(1)(f)) Complying with legal obligations Legal obligation (Art. 6(1)(c)) You may withdraw consent at any time by disabling the relevant feature or deleting your account. Withdrawal does not affect processing carried out before withdrawal.
  1. International data transfers The Apps are operated from Canada. If you are outside Canada, your data will be transferred to and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection for commercial organizations subject to PIPEDA. If you use the natural-language logging feature, your message text is transferred to the United States to be processed by Anthropic. For users in the EEA, UK, or Switzerland, this transfer is made under Anthropic's Standard Contractual Clauses (SCCs) with their API customers.
  1. How long we keep your data App data you log (foods, symptoms, BSS scores, etc.): stored locally on your device and, if you enable iCloud sync, in your iCloud account. We retain this data for as long as you keep the App installed or maintain your account. Text sent to Anthropic: Anthropic retains API inputs for a limited abuse-monitoring period (typically 30 days) and then deletes them. We do not retain a separate copy of the text on our servers. Account information (if you created an account): retained until you request deletion. Subscription records: retained as long as required for tax, accounting, and legal purposes. If you delete your account (see Section 9), we delete your account-associated data from our systems within 30 days. Data that has already been transmitted to Anthropic's API remains subject to Anthropic's retention schedule.
  1. Your rights Regardless of where you live, you have the following rights with respect to your personal data: Access: request a copy of the personal data we hold about you Correction: correct inaccurate data Deletion: request deletion of your account and associated data Portability: receive your data in a structured, machine-readable format Withdraw consent: at any time, without affecting prior processing Object or restrict: object to or restrict certain processing (where applicable) Lodge a complaint: with a supervisory authority in your country To exercise these rights: email hello@tendandmend.co, or use the "Delete Account" and "Export Data" functions in the App Settings. We will respond within 30 days (GDPR), 45 days (CCPA), or the period required by your applicable law. 9.1 EU / UK / Swiss users (GDPR) You have the rights listed above under Articles 15–22 of the GDPR / UK GDPR. You may lodge a complaint with your local Data Protection Authority. 9.2 California users (CCPA / CPRA) You have the right to know, delete, correct, and opt out of sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA. You also have the right to limit the use of sensitive personal information; we only use sensitive personal information (health data) for the purposes described in this Policy and not for inferring characteristics about you. 9.3 Washington State users (My Health My Data Act) Washington residents have specific rights with respect to "consumer health data," which the Act defines to include information about bodily functions, symptoms, and inferences about health status — all of which the Tend & Mend human App processes. You have the right to: Confirm whether we are processing your consumer health data Access that data Withdraw consent to processing Delete your consumer health data Appeal a denial of any of these requests We do not sell your consumer health data. We obtain your consent before processing it (through in-App consent flows) and before sharing it with any processor (including Anthropic). To exercise these rights, email hello@tendandmend.co. If we deny a request, you may appeal by replying to our denial, and if the appeal is denied, you may contact the Washington State Attorney General at https://www.atg.wa.gov/file-complaint. 9.4 Canadian users (PIPEDA) You have the right to access, correct, and request deletion of your personal information. If you have a complaint about our handling of your data, you may contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
  1. Children's privacy The Apps are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 18. If we discover that we have collected data from a child under 18 without verified parental consent, we will delete it. If you are a parent and believe your child has provided us with personal data, please contact hello@tendandmend.co.
  1. Security We implement reasonable technical and organizational measures to protect your data: Log data is stored locally on your device with iOS file-level encryption Optional iCloud sync uses Apple's end-to-end encryption where available Text sent to the Claude API is transmitted over HTTPS (TLS 1.2 or higher) We do not operate a central server that stores your health data in identifiable form No method of electronic transmission or storage is 100% secure. In the unlikely event of a data breach that affects your personal information, we will notify you and any applicable regulator as required by law.
  1. Changes to this Policy We may update this Privacy Policy from time to time. When we do, we will: Update the "Last updated" date at the top Notify you in-App before the new Policy takes effect for material changes Obtain fresh consent where required by law (e.g., for new processing of health data)
  1. Contact For any questions about this Privacy Policy or to exercise your rights: Email: hello@tendandmend.co Website: https://tendandmend.co

End of Privacy Policy.

Back to Tend & Mend