7-Day Gut Reset (7DGR)
Last updated: April 5, 2026
Effective date: April 5, 2026
What this means for you:
Your health data is personal. We built 7-Day Gut Reset for people who want to understand their gut. That means you are trusting us with sensitive information about your body. We have implemented technical and organizational measures designed to protect your data.
This policy explains exactly what we collect, why we collect it, how we protect it, and what rights you have over it. These terms are written in plain language. If something is unclear, contact us at [email protected].
7-Day Gut Reset ("7DGR", "we", "us", "our") is operated by Mount Nurture LLC. We operate the 7-Day Gut Reset progressive web application (the "App"). The App is an invite-only wellness program, not a medical service. 7-Day Gut Reset is not a HIPAA-covered entity. The health information you log is not protected health information (PHI) under HIPAA.
Contact:
Email: [email protected]
Website: 7daygutreset.com
This Privacy Policy covers personal data collected through the 7DGR App and website. It does not cover third-party websites or services you may reach through external links. For age requirements, see Section 12.
7DGR is not open to the general public. Access requires a direct invitation from a 7DGR administrator. This means:
We collect only what is necessary to run the program and support your progress. We do not collect real names (a display name is optional), location data, phone numbers, financial information, or social media accounts.
| Data | Why we collect it |
|---|---|
| Email address | Login credential and the only required identifier |
| Display name | Optional. Personalizes your in-app experience |
| Password | Stored as a bcrypt hash by Supabase. We never see your plaintext password. |
Collected during your initial gut-type quiz and onboarding. This is the most sensitive category of data we hold.
| Data | Why we collect it |
|---|---|
| Gut type classification | Determines which program track and protocols are shown to you |
| Symptom timing patterns | Helps surface relevant advice and protocol sections |
| Lifestyle flags (e.g., rushed_eater, coffee_heavy) | Personalizes protocol recommendations |
| Health conditions (e.g., IBS, GERD, SIBO, Crohn's) | Surfaces relevant guidance; not used for medical advice |
| Menstrual cycle phase | Optional. Helps contextualize symptom patterns |
| Dietary preferences | Filters recipes and meal suggestions |
| Reset motivation | Personalizes program framing and encouragement copy |
This information is disclosed voluntarily by you. None of it is verified, diagnosed, or used to provide medical care.
Daily self-reported check-ins you complete during the program.
| Data | Why we collect it |
|---|---|
| Date | Ties check-in to a program day |
| Symptoms (bloating, gas, constipation, diarrhea, heartburn, fatigue, cravings, nausea, feeling_good) | Tracks your symptom pattern over the 7 days |
| Symptom intensity (1–5 scale) | Measures severity trends |
| Suspected triggers | Your own observations for pattern recognition |
| Notes (free text) | Open-ended reflection field |
Optional daily logging of meals and associated reactions.
| Data | Why we collect it |
|---|---|
| Date and meal slot | Associates food with a specific meal and day |
| Foods eaten | Connects diet to symptom patterns |
| Symptoms and severity | Tracks food-symptom correlation |
| Hydration data | Part of the gut reset protocol tracking |
You are never required to log biometric data. These fields exist if you want a more complete picture of your reset.
| Data | Why we collect it |
|---|---|
| Weight | Tracks changes over the 7-day period |
| Waist circumference | Optional body composition data point |
| Sleep duration, quality, and times | Sleep is closely linked to gut health; logged for your awareness |
| Energy level (1–10) | Tracks program response |
| Mood (1–10) | Gut-brain axis tracking |
| Stress level (1–10) | Stress significantly affects gut function |
| Bowel movements | Core indicator of gut health during reset |
| Stool consistency (Bristol Stool Scale 1–7) | Widely used gut health reference scale |
| Data | Why we collect it |
|---|---|
| Completed days | Tracks your position in the program |
| Morning and evening reflections (free text) | Structured journaling prompts for your own reflection |
| Energy and readiness scores | Daily calibration for program intensity |
Collected during the post-reset reintroduction phase (Chapter 10).
| Data | Why we collect it |
|---|---|
| Foods tested | Identifies which foods are being reintroduced |
| Symptoms per day of test | Tracks reactions during 48-hour test windows |
| Severity | Measures reaction intensity |
| Safe/avoid observation | Your personal observation for future reference (not a clinical determination) |
| Data | Why we collect it |
|---|---|
| Recipe views, cooks, and favorites | Personalizes recipe recommendations |
| Adaptations used | Tracks which recipe modifications you apply |
If you opt in to push notifications:
| Data | Why we collect it |
|---|---|
| Subscription endpoint | Required to deliver push notifications to your device |
| Browser encryption keys | Required by the Web Push protocol for secure delivery |
| User-agent string | Identifies the browser/device for delivery compatibility |
| Notification preferences | Honors your opt-in and opt-out choices |
Push notifications are entirely opt-in. You can withdraw consent at any time in Settings or through your browser's notification settings.
| Data | Why we collect it |
|---|---|
| Achievement timestamps | Powers the achievements system |
| Streak data | Tracks consecutive program days |
| Last active timestamp | Allows the app to restore your session state |
For clarity:
We use two layers of data storage: your device and our servers. Each has its own security protections.
Most of your active program data (check-ins, food logs, biometrics, reflections, and reintroduction results) is stored directly on your device using your browser's localStorage.
This data is encrypted using AES-256-GCM before it is written to localStorage. The encryption key is derived using PBKDF2 with an industry-standard iteration count compliant with current NIST guidance and SHA-256 hashing. Iteration counts are reviewed periodically. This means:
Account data, profile information, and program state that needs to persist across devices is stored on our Supabase-hosted PostgreSQL database.
Supabase maintains automated database backups as part of its infrastructure. These backups are subject to the same encryption standards as live data.
We use a small number of third-party services to operate the App. We do not sell your data to any of them. Here is exactly what each receives and why.
What: Authentication service and database hosting
Receives: Email address, hashed password, encrypted profile and program data
Why: Core infrastructure for login and data persistence
Privacy policy: https://supabase.com/privacy
Supabase acts as a data processor on our behalf. Supabase's terms of service include data processing provisions that address GDPR requirements. They process your data only according to our instructions and applicable data protection law.
What: Application hosting and edge delivery
Receives: Standard server request logs (IP address, user-agent, request path, timestamp) in the normal course of serving web traffic
Why: The App is hosted and deployed on Vercel's infrastructure
Privacy policy: https://vercel.com/legal/privacy-policy
Vercel processes server logs for operational purposes. We do not configure Vercel to retain or analyze these logs beyond its standard practices.
What: Error monitoring and crash reporting (production environment only)
Receives: Error stack traces, browser environment context, request metadata
Does NOT receive: Passwords, authentication tokens, API secrets, or user health data. The following categories are explicitly excluded from error reports: health profile data, symptom logs, food logs, biometric fields, and reflection text. We configure data scrubbing rules designed to prevent these sensitive fields from being transmitted.
Why: Helps us identify and fix application bugs quickly
Privacy policy: https://sentry.io/privacy/
Sentry's terms of service include data processing provisions that govern their security obligations and limit their use of your data.
What: Customer relationship management and payment processing
Receives: Your email address and name (if provided) via webhook at the time of purchase, before you receive an App invite
Does NOT receive: Your health data, check-ins, symptom logs, or any in-app activity
Why: Manages the enrollment and payment workflow that precedes App access
Privacy policy: https://www.highlevel.com/privacy-policy
HighLevel handles the commercial relationship. Once you receive your App invite and log in, your in-app data is separate from and not shared with HighLevel.
The App's news section aggregates articles from public health sources including Harvard Health, Mayo Clinic, and similar publishers via RSS feeds.
We use only one category of cookies: Supabase authentication session cookies. These are:
We do not use advertising cookies, tracking pixels, or any third-party analytics cookies. There are no cookies from Google, Meta, or any advertising network.
As described in Section 6.1, your health data is stored in your browser's localStorage in AES-256-GCM encrypted form. This is not a cookie. It does not leave your device and is not transmitted to any server.
If you clear your browser data, this local data will be deleted. We recommend completing an in-app export or ensuring your data is synced to the server before clearing browser storage.
Push notifications are entirely opt-in. We may send:
To enable push notifications, your browser will prompt you for permission. You can revoke this permission at any time through your browser settings or in the App under Settings. Revoking permission will delete your push subscription data from our servers.
We do not use push notifications for marketing purposes.
Your data is retained for as long as your account exists. After account deletion, server-side records are purged immediately. Infrastructure backup copies (Supabase) are overwritten within 30 days. Operational server logs (Vercel) are retained for up to 90 days. Error monitoring data (Sentry) is retained for 30 days.
You can permanently delete your account at any time via Settings → Delete Account. This action:
Deletion is initiated immediately and is irreversible. We do not retain backup copies of deleted accounts beyond the standard backup retention window (30 days for Supabase infrastructure backups, after which your data will no longer exist in any system we actively maintain). For EEA residents exercising the right to erasure, note that backup copies may persist for up to 30 days before permanent deletion from all systems.
If you cannot access the in-app deletion option, email [email protected]. We will process erasure requests in a reasonable timeframe, typically within 30 days, subject to any legal retention obligations.
We do not automatically delete inactive accounts. If you wish to stop participating and remove your data, please use the in-app deletion option or email [email protected].
Regardless of where you are located, we honor the following rights.
You can view all your data directly in the App at any time. Your profile, check-ins, food logs, biometrics, and program progress are all accessible from within the interface.
You can update or correct your profile information and tracked data at any time within the App.
You can delete your entire account and all associated data at any time via Settings → Delete Account. See Section 10.2 for details.
You can export your data at any time via Settings → Data & Backup, which offers:
If you are unable to use the in-app export, contact us at [email protected] and we will provide your data in a structured format within 30 days.
If you are located in the EEA, your additional rights under the General Data Protection Regulation include:
Our legal bases for processing your data are:
For special category health data (symptoms, biometrics, health conditions, menstrual cycle data), we rely on explicit consent (Article 9(2)(a)). You provide this consent when you complete the onboarding quiz and log health data in the App. You may withdraw this consent at any time by deleting the relevant data or your account.
We have not appointed a formal Data Protection Officer as we do not meet the threshold criteria under GDPR Article 37. Privacy inquiries are handled directly by the 7DGR team at [email protected].
If you are located in the United Kingdom, the UK GDPR applies. Your rights are equivalent to those described in Section 11.5. You may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
If you are a California resident, you have rights under the California Consumer Privacy Act and the California Privacy Rights Act (CPRA):
Sensitive personal information under CPRA:
Certain information we collect qualifies as sensitive personal information (SPI), including health data, symptom logs, biometric data, and menstrual cycle information. We use and disclose this information only as necessary to provide the program services you enrolled in. We do not use it for inferring characteristics unrelated to the program. You have the right to request that we limit our use of your sensitive personal information to these stated purposes.
Categories of personal information collected (CCPA categories):
We do not sell or share personal information to or with third parties. We share data only with the service providers listed in Section 7, for the operational purposes described.
To exercise your California privacy rights, contact us at [email protected].
The 7-Day Gut Reset program is intended for adults. Users must be at least 18 years of age or have the consent of a parent or guardian. We do not knowingly collect personal information from individuals under 18 without parental consent. If you believe someone under 18 has created an account without parental consent, please contact us at [email protected] and we will delete the account and all associated data promptly.
7-Day Gut Reset is a wellness and educational program. It is not a medical device, medical practice, or healthcare service.
The health conditions listed in your profile (IBS, GERD, SIBO, etc.) are used only to surface relevant program content. They are self-reported and are not verified, treated, or transmitted to any medical authority.
Gut type classifications (such as "candida," "toxic," "stressed," or "balanced") are organizational categories used to personalize your program experience. They are not medical classifications, clinical assessments, or diagnoses.
Our primary infrastructure is based in the United States. Supabase database hosting is in the US. Vercel edge servers are distributed globally but application data is processed in the US. If you are accessing the App from outside the United States, your data may be transferred to and processed in the United States.
Where required by applicable law (including GDPR and UK GDPR), we rely on appropriate safeguards for such transfers. The terms of service of our primary service providers (Supabase, Vercel) include data processing provisions and standard contractual clauses that address international transfer requirements.
In the event of a data breach that affects your personal information, we will:
Breach notifications will be delivered to the email address associated with your account and will include the nature of data affected, likely consequences, and steps taken.
Given that most health data is encrypted on your device with a key derived from your credentials, the practical risk of a server-side breach exposing your health data in readable form is substantially mitigated.
We will notify you of material changes to this Privacy Policy by:
Continued use of the App after the effective date of a revised policy constitutes acceptance of the revised terms. If you do not agree with a change, you may delete your account at any time.
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
Mount Nurture LLC
Email: [email protected]
Website: 7daygutreset.com
We aim to respond to privacy-related inquiries within 30 days.
This Privacy Policy was last updated on April 5, 2026.