← Back

Privacy Policy

Last updated: 17.06.2026

This Privacy Policy explains how Thesos ("we", "us") collects, uses, and protects information when you use the Thesos website, web app, and related services (the "Service"). We aim to handle your data with the same care we would want for our own gut-health logs.

1. What we collect

We collect the following categories of data:

  • Quiz answers: symptoms, history, lifestyle inputs, and preferences you provide during onboarding.
  • Account info: first name and email address, when you provide them.
  • App usage: pages viewed, actions taken in the funnel, device type, and approximate region, used to improve the Service.
  • Logs you add: any notes, food entries, or symptom logs you choose to record in Thesos.

Some of the data you provide is health-related and we treat it as sensitive personal data.

2. How we use it

  • Generate your personal IBS profile and insights.
  • Operate, secure, and improve the Service.
  • Send you product-related emails (such as your results, account confirmations, or important updates). You can opt out of non-essential email at any time.
  • Comply with legal obligations and respond to lawful requests.

We do not sell your personal data. We do not use your health-related data to train third-party advertising models.

3. Legal bases

Where the GDPR applies, we rely on (i) your consent for processing health-related data, (ii) the performance of a contract to provide the Service you signed up for, and (iii) our legitimate interests in operating and improving Thesos in ways that do not override your rights.

4. Sharing

We share data only with service providers ("processors") that help us run Thesos, for example hosting, email delivery, analytics, and payment processing. These providers act on our instructions and under contractual obligations to protect your data. We may also disclose data when required by law or to protect the rights and safety of users.

5. Storage and security

Your data is stored on infrastructure operated by reputable cloud providers in the EU and/or the US. We use industry-standard safeguards such as encryption in transit, access controls, and regular reviews of our practices. No system is perfectly secure, and we cannot guarantee absolute security.

6. Retention

We keep your data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. You can ask us to delete your data at any time, subject to those obligations.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to restrict or object to certain processing, and to withdraw consent. You can also complain to your local data-protection authority. To exercise these rights, email support@thesos.app.

8. Children

Thesos is not directed to children under 16. We do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Cookies and analytics

We use a small number of cookies and similar technologies to keep the Service working and to understand aggregated usage patterns. You can control cookies through your browser settings; blocking some cookies may affect how the Service works.

10. International transfers

When we transfer personal data outside your country (for example between the EU and the US), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

11. Changes

We may update this Privacy Policy from time to time. If a change is material, we will give you reasonable notice in the app or by email.

12. Contact

Questions about this Privacy Policy or how we handle your data? Email support@thesos.app.