Your family's data belongs to your family.

The short version.

Who we are, in privacy terms.

Galet is a Consumer Electronic Service Provider (cESP) under the Ontario Personal Health Information Protection Act, section 54.1. A cESP is a service that helps individuals manage their own personal health information, distinct from a hospital, doctor, or pharmacy (a "Health Information Custodian"). Galet is not a custodian. We are not acting as anyone's agent. We are a tool you use to track and understand your child's data — and you remain in control of it.

A note on the law itself: PHIPA s. 54.1 was enacted by the Ontario legislature in 2020 (Bill 188) but has not yet been formally proclaimed in force as of this policy's date. We've chosen to follow the cESP framework anyway, because it reflects how the privacy regulator expects consumer health apps to operate, and because it's the right standard for a product that handles pediatric clinical data.

Where Galet is available.

Galet is currently available to residents of Ontario, Canada. We do not market to or serve residents of Quebec at this time. If you are a Quebec resident, the App Store will not show Galet as available in your region. We've made this choice deliberately: Quebec's Law 25 imposes specific privacy requirements (mandatory privacy impact assessments, French-language obligations, transfer-risk assessments) that we will address when we expand our resourcing. Until then, we'd rather decline service than serve you under a framework we're not prepared to meet properly.

If we eventually expand to Quebec or other provinces, we will publish updated policies that meet the local legal requirements before accepting users from those regions.

What Galet collects.

Only what the Service needs to work:

• Account data. Email address, your chosen display name, password, and basic device metadata (iOS version, app version) needed to keep the app working.
• Child profile data. Your child's first name or chosen nickname, age or date of birth, optional biological sex, and optional self-identification (autism, ADHD, sensory profile). We don't ask for a diagnosis. We don't ask for a last name.
• Meal and dietary data. Foods logged via camera or text, including texture, colour, hydration, and nutritional information processed by our AI systems. Photos used for AI analysis are not stored — see "About the AI in Galet" below.
• Bowel and symptom data. Bristol Stool Scale entries, frequency, and any symptoms you choose to note. Photos used for stool classification are not stored — see "About the AI in Galet" below.
• Food-expansion data. Food Chain progress and Food Stretching step completion.
• School Mode data. Schedule preferences and inferred meal occasions during school hours, if you enable the feature.
• Report data. Clinical reports generated from your tracked data.
• Audit metadata. A record of when your data was accessed by Galet's systems (for security and breach investigation), capturing who, what, and when. This log contains no actual clinical content.
• Mailing list. If you subscribe to updates, we store your email address. Nothing else.

What Galet never collects.

We also don't collect: full legal names of children, specific medical diagnoses (you can self-identify ASD/ADHD/ARFID for context but we don't validate against medical records), genetic data, family financial information beyond subscription billing handled by Apple, or precise location data.

How we use your data.

• Provide, maintain, and improve the Galet application.
• Generate descriptive correlations between dietary intake and bowel patterns.
• Calculate gut-health summaries based on stool quality, frequency, fibre, and hydration data.
• Power Food Chain and Food Stretching suggestions.
• Create clinical-ready PDF reports you can choose to share with your care team.
• Send you updates about Galet, but only if you've opted into the mailing list.

We do not sell your personal data to third parties. We do not use your child's health data for advertising. We do not use it to train third-party AI models.

Where it's stored.

The structured data we keep — food entries, Bristol Stool Scale classifications, gut scores, exposure progress, account settings — is stored on Supabase's Canadian region (ca-central-1), encrypted at rest and in transit (TLS 1.3, AES-256). Every user table has row-level security (RLS) enabled: data is scoped to the authenticated parent account and inaccessible to other users. We follow industry-standard security practices including authenticated-role-only access policies and hardened database function search paths.

Photos are not stored. When you take a meal photo or a stool photo for AI analysis, the photo is sent to Google's Gemini AI, analyzed for structured data (foods identified, Bristol type, etc.), and then discarded. The structured result is what we keep, not the image. This applies to both meal photos and bowel photos.

We chose Canadian residency for everything we do store, deliberately. Many pediatric health tools route data through US infrastructure, and we didn't want that for families on our caseload.

About the AI in Galet.

Galet uses Google's Gemini AI for three jobs: identifying foods in meal photos, classifying stool photos against the Bristol Stool Scale, and suggesting Food Chain steps. For all three, we send only what the analysis needs — the photo, the relevant food or chain context, and your child's age range and any sensory notes. We do not send your child's name, your identity, or unrelated log data.

Photos are not retained — by us or by Google. When you submit a photo, it travels to Gemini for analysis, the structured result comes back to us, and the photo is discarded. We never write the photo to our database or storage. Per Google's enterprise API terms, Gemini does not retain it either, and does not use it to train Google's models. We keep a local record of the structured output (foods identified, Bristol type, chain suggestions) so you can review, edit, or delete results later.

Google's Gemini API processes data in the United States. While processing, your data is briefly subject to US law and law enforcement requests. By using AI features in Galet, you consent to this cross-border processing. You can choose not to use AI features and use Galet without them — meal logging supports text entry without a photo, and bowel logging supports manual Bristol type selection without a photo.

Third-party services.

• Supabase. Database hosting and authentication (ca-central-1, Canada).
• Google Gemini. AI-powered food identification, Food Chain suggestions, and nutritional analysis (United States, transient processing only).
• Apple App Store. Subscription billing.
• Resend. Service emails (only your email address; no clinical data).
• Cloudflare. DNS and content delivery for galet.app (no health data).
• Tally. Pilot-screener form hosted for the Toronto beta.
• Loops. Mailing-list management for the waitlist.

Each is contractually bound to confidentiality and data-protection obligations consistent with this policy. We will update this list when subprocessors change. Material changes will be communicated to you in advance.

Who can see your data.

• You. Always, fully, exportable at any time.
• Clinicians you choose to share with. Only what you explicitly export as a PDF and hand to them. Galet does not email reports on your behalf, and does not run a clinician portal that pulls data without your action. Sharing is your choice, your channel, your responsibility.
• Galet's founder. Only in narrow, documented cases: debugging a bug you've reported, or responding to a support request. We do not browse user data.
• Nobody else. We do not sell data. We do not share it with advertisers, researchers, insurers, schools, or third parties outside the infrastructure providers listed above.

How long we keep it.

Ontario law (PHIPA s. 13) requires us to dispose of personal health information when it's no longer necessary for the purpose it was collected. Here's how we apply that:

• Active accounts. Your data stays available as long as you use Galet.
• Deleted accounts. When you delete your account, your data is purged from active databases immediately. The deletion is permanent — there is no recovery window. If you delete by mistake, you'll need to start a new account.
• Backups. Database backups expire on a 7-day rolling cycle. Within 7 days of account deletion, your data is no longer in any backup either.
• Photos. Not retained — discarded after each AI analysis.
• Audit logs. Records of system access (who, what, when — no clinical content) are retained for 7 years for security and compliance investigation.
• Aggregate, de-identified data. Statistical summaries with no identifiers may be retained indefinitely for product improvement. See the next section.

De-identification, and what we don't do with aggregate data.

If we ever produce statistical summaries from how Galet is used (for example: "the average family completes their first Food Chain in 21 days"), we strip every identifier first. No user IDs, no child IDs, no names, no demographics specific enough to identify anyone.

Ontario law (PHIPA s. 11.2) prohibits attempts to re-identify de-identified data. We follow this seriously: our internal policy bars Galet personnel from attempting to re-identify any aggregate dataset. Anyone with access to aggregate data signs a written acknowledgment of this rule.

Children's data.

Galet is designed for parents and caregivers to use on behalf of a child. Children do not have their own accounts. All child-profile data is entered, controlled, and managed by the parent or guardian who holds the account. Additional safeguards include row-level security policies tied to the authenticated parent account. We do not knowingly collect information directly from children under 13.

For children old enough to understand the conversation, we encourage parents to involve them in the choice to use Galet. This is a value, not a legal obligation, but it reflects how we think about the children whose data we hold.

Your rights.

• Access (PHIPA s. 52, general). Request a copy of any data Galet has about your family. We respond within 30 days.
• Access in electronic format (PHIPA s. 52, electronic clause). Receive your data in a portable, electronic format. Galet's PDF export feature satisfies this right — clinical reports are produced as standard PDFs you can save, view, or share.
• Correct (PHIPA s. 55). Edit anything you've logged, at any time, directly in the app.
• Withdraw consent (PHIPA s. 19). Disable optional features (analytics, AI processing, mailing list) in Settings, or delete your account entirely.
• Delete. Delete your account and all associated data. This is irreversible and immediate — there is no recovery window. Backups expire within 7 days, after which your data is fully gone from all systems.
• Complain (PHIPA s. 56). File a complaint with us, with the Information and Privacy Commissioner of Ontario, or with the Office of the Privacy Commissioner of Canada. Contact details are at the bottom of this page.
• Ask. Email us with any question about your data. We respond within five business days.

If something goes wrong.

If there is ever a data breach affecting your family's information, we will notify you at the first reasonable opportunity, describe what happened in plain language, and tell you what we're doing about it. We will also notify the Ontario Information and Privacy Commissioner where the breach is significant or where reporting is otherwise required by law.

Internally, we target notification within 72 hours of confirming a breach — that's a goal we set for ourselves, not a regulatory clock. The legal standard in Ontario is "first reasonable opportunity," and we follow that standard.

Changes to this policy.

We may update this Privacy Policy from time to time. Material changes — new categories of data, new subprocessors with health-data access, new cross-border transfers — will be announced in-app and on this page, with a revised "Last updated" date. For changes that affect your consent, we'll give you the chance to review and re-consent before the change takes effect for your account.

Contact.

Privacy questions, requests, or concerns: maxime@galet.app. Every privacy-related email is answered by the founder, who serves as Galet's designated Privacy Officer.

If we can't resolve a concern to your satisfaction, you have the right to contact:

• Information and Privacy Commissioner of Ontario. 2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8 · ipc.on.ca · 1-800-387-0073 · info@ipc.on.ca
• Office of the Privacy Commissioner of Canada. 30 Victoria Street, Gatineau, QC K1A 1H3 · priv.gc.ca · 1-800-282-1376