Last updated: July 8, 2026
Summary: GingerBee is designed to be privacy-first. You can use the app without creating an account, and your wellness data stays on your device by default. Two exceptions: tongue scan photos and their analysis results are stored securely on our servers so you can see how your readings change over time, and your conversations with the GingerBee assistant are stored securely on our servers so you can pick up where you left off (see Sections 2.1 and 4). And when you sign in, your data syncs to your account so a new phone can restore it (see Section 4). AI features securely process information only to generate insights and do not identify you.
1. Introduction
This Privacy Policy describes how HolisticMe, Inc. ("HolisticMe," "we," "us," or "our") collects, uses, and shares information when you use the GingerBee mobile application (the "App") and related services (collectively, the "Services").
2. Information We Collect
2.1 Information You Provide
Most wellness information described below is stored locally on your device by default and is not sent to our servers unless needed to provide a feature you use. When you sign in, the health data you record is also stored on our servers, linked to your account, so a new phone can restore it (see Section 4).
- Account Information: GingerBee does not require users to create an account to use core features. We do not collect names, email addresses, or other personal identifiers unless you explicitly choose to create or sign in to an account. If you create an account, we collect the information you provide during registration or sign-in.
- Wellness Profile: Traditional Chinese Medicine (TCM) constitution assessment results, health goals, dietary preferences, and other wellness-related information you choose to provide, stored locally on your device by default.
- Symptom Tracking: Symptoms you log, including symptom names, severity ratings, timing, and optional notes, stored locally to help you track patterns over time.
- Food Scans: Photos of food you scan and the analysis results. Food images are processed securely to generate insights and are not stored by us after analysis unless you explicitly enable a feature that stores them.
- Tongue Scans: Photos of your tongue that you scan and the analysis results derived from them, such as tongue coating and color characteristics (used in Traditional Chinese Medicine tongue assessment), together with the time of each scan. Unlike most other wellness data, tongue scan photos and results are stored on our servers so you can see how your readings change over time. Each scan is linked to your random device identifier, and to your account if you are signed in.
- Daily Check-ins: Sleep, digestion, and mood ratings you log, stored locally on your device by default.
- Chat History: Conversations with the GingerBee AI assistant. Unlike most other wellness data, the messages you exchange with the assistant are stored on our servers, linked to your random device identifier, and to your account if you are signed in, so you can pick up conversations where you left off. Messages may be processed transiently by our AI service providers to generate responses.
You may choose which information to provide. Some features may not be available without certain data.
2.2 Automatically Collected Information
- Device Information: Device type, operating system, and app version
- Usage Data: Features used, screens viewed, scan category usage, purchase flow interactions, and other product interaction patterns. This does not include raw symptom names, symptom severity, photos, chat messages, or constitution type in Amplitude product analytics unless a future consent flow and privacy disclosure explicitly allow that sharing.
- Analytics: Product analytics used to understand onboarding dropoff, retention, feature usage, and app performance
2.3 Device Identifiers
We use a random, app-scoped device identifier to support essential functionality such as rate limiting, preventing abuse, and measuring product analytics. This identifier:
- Does not contain personal information
- Is not used to track you across other apps or services
- May be associated with your GingerBee account if you choose to sign in, so we can keep analytics continuity between guest and signed-in sessions
- Is linked to the tongue scans and GingerBee chat conversations we store for you, so your scan history, free-scan quota, and conversation continuity work even without an account
- Is stored securely on your device
3. How We Use Your Information
We use your information to:
- Provide personalized TCM-based health recommendations
- Generate customized meal plans based on your constitution and symptoms
- Analyze food suitability for your specific wellness profile
- Track your wellness journey and identify patterns, including showing you how your tongue scan results change over time
- Operate the tongue scan service, including managing your scan quota, preventing abuse, and improving the accuracy and quality of the analysis
- Operate the GingerBee chat service, including keeping your conversations available so you can continue them later and improving the quality of responses
- Sync the health data you record to your account when you sign in, so it can be restored across devices
- Improve app functionality and personalization features
- Provide important service updates and in-app notices. Marketing communications are optional and require your consent where required.
4. Data Storage and Security
Local Data Storage
Your wellness data (such as symptoms, meals, check-ins, and preferences) is stored locally on your device by default. We do not store this information on our servers unless you sign in to an account (see Signed-In Account Sync below) or use a feature that stores it, such as tongue scans and GingerBee chat (see below).
When AI-powered features are used, relevant information is sent securely to generate a response and is processed transiently. When data is stored on our servers, we apply appropriate security measures and minimize the data shared.
Tongue Scan Storage
Tongue scans work differently from most other wellness data. To power your own history and let you see how your readings change over time, we store on our servers:
- Your tongue photographs, kept in a private cloud storage bucket on Google Cloud Platform that is not publicly accessible
- The analysis results derived from each photo (such as tongue coating and color characteristics), the scan timestamp, the analysis model version, and the associated device identifier or account ID
Stored tongue scan data is not shared with third parties, except that your photo is processed by our AI analysis provider at the time of the scan solely to generate your results, as described in Section 5.
Chat Conversation Storage
Messages you exchange with the GingerBee assistant are stored on our servers, linked to your random device identifier, and to your account if you are signed in. We store these conversations to operate the service, let you pick up conversations where you left off, and improve the quality of responses.
Stored conversations are kept private and are not shared with third parties, except that your messages are processed by our AI service providers at the time you send them solely to generate a response, as described in Section 5.
No research use without your explicit consent. We do not use your tongue images or your GingerBee conversations for research or to train AI models beyond providing your own service. Any such use would require a separate, explicit opt-in consent from you. The app does not currently offer this consent option, and until it does, no research use of your tongue images or conversations occurs.
Signed-In Account Sync
When you sign in, the health data you record in the app — your wellness profile (constitution assessment results, health goals, dietary preferences and allergies, and optional cycle tracking information), symptom logs, daily check-ins, tongue analysis results, food scans, favorites, monthly reports, preferences, and chat history — is stored on our servers, linked to your account, so it can be restored across devices. If you get a new phone, signing in restores your data. When you delete your account, this synced data is permanently deleted.
Security Measures
Your data is protected using industry-standard security measures, including encryption in transit and at rest. We use reputable cloud infrastructure providers and apply appropriate administrative, technical, and organizational safeguards to protect your information.
- Data is encrypted in transit and at rest using industry-standard encryption
- Health data is stored separately from account identifiers
5. Data Sharing
We do not sell your personal data. We may share data with:
- Service Providers: Cloud hosting (Google), payment processing (Apple/Google), crash reporting (Firebase Crashlytics), and product analytics (Amplitude)
- AI Services: When you use AI-powered features (such as food analysis, tongue analysis, meal planning, or chat), relevant information is sent securely to our AI service providers solely to generate a response. For tongue scans, this means your tongue photo is processed by our AI analysis provider at scan time to produce your results. This information is processed transiently by the provider and is not used by us or our providers to identify you. Only the minimum necessary information is shared, and personal identifiers are not included.
- Legal Requirements: When required by law or to protect our rights
Amplitude receives behavioral product analytics such as app opens, onboarding progress, scan category events, paywall views, purchase flow events, device/app metadata, and account status if you sign in. We do not send raw symptom names, symptom severity, photos, chat messages, or constitution type to Amplitude unless a future consent flow and privacy disclosure explicitly allow that sharing.
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your data in a portable format
- Opt-out: Opt out of certain analytics and marketing communications where required or available
7. Data Retention
Since your wellness data is stored locally on your device by default, you control its retention. You can delete your data at any time through the app or by uninstalling the app.
Tongue scans and GingerBee chat conversations stored on our servers are kept so you can view your history and continue your conversations over time. Health data synced to your account when you sign in is kept so it can be restored across devices. When you delete your account, your stored tongue scan photos and analysis results, your chat conversations, and your synced health data are permanently deleted. You can delete your account and data in the app via Profile → Data & Privacy, or contact us at the email below.
If you create an account or opt in to cloud features when available:
- Personal data is deleted within 30 days of account deletion
- Aggregated or de-identified analytics may be retained for service improvement
- Backup data is purged within 90 days
8. Children's Privacy
GingerBee is not intended for users under 13 years of age. We do not knowingly collect data from children under 13.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification.
10. Contact Us
For privacy questions or to exercise your rights: