← Back to home

Privacy Policy

Effective: April 20, 2026 · Last updated: May 3, 2026

Gest ("Gest," "we," "us") is the surrogacy companion app for intended parents and gestational carriers. This policy describes what personal data we collect, why we collect it, how we use and protect it, and your rights.

By using Gest — including the website at thegest.app and the mobile applications — you agree to the practices described here. If you do not agree, do not use our services.

1. Data controller

The data controller is Gest, operated by Gest LLC. For privacy inquiries, contact us at hello@thegest.app.

2. What we collect

We collect the following categories of personal data:

Account information: Name, email address, and authentication credentials when you create an account.

Journey information: Details you choose to provide, such as your journey phase, due date, state, and your surrogate's first name.

User-generated content: Photos, posts, messages, and documents you upload or share within the app.

AI companion conversations: Messages you send to the AI companion and the responses generated.

Payment information: Processed by Apple (App Store) or Google (Play Store). We receive confirmation of your subscription status but do not receive or store your payment card details.

Device and usage data: Device type, operating system, app version, pages visited, feature usage, crash reports, and anonymized analytics. Collected via PostHog (self-hosted analytics), and — on the website only, with your consent — Meta Pixel and Google Ads conversion tracking.

Waitlist information: Email address and referral source when you join our waitlist. Stored in Supabase.

3. Reproductive health data

Certain information you provide — such as pregnancy status, due dates, medical appointments, and fertility treatment details — constitutes reproductive health data. We treat this data with the highest level of care:

We do not sell, rent, license, trade, or otherwise monetize reproductive health data. We do not share it with data brokers, advertisers, or employers. We do not disclose it to law enforcement except where compelled by a valid court order or subpoena directed specifically at our company, and we will notify you unless legally prohibited from doing so. We comply with applicable state health data privacy laws, including Washington's My Health My Data Act (MHMD Act) and the California Consumer Privacy Act (CCPA/CPRA).

Gest is not a covered entity or business associate under HIPAA. We are not a healthcare provider, health plan, or healthcare clearinghouse. We do not access your medical records from providers unless you voluntarily upload them.

4. How we use your data

We use personal data to:

Provide and operate the Gest app and its features, including the AI companion, shared messaging, checklists, calendar, and document vault. Personalize your experience based on your journey phase and state. Send you transactional emails (account verification, subscription confirmations). With your consent where required by applicable law, send you product updates and marketing communications — you can opt out at any time. Analyze usage patterns to improve the product (using aggregated, anonymized data). Comply with legal obligations.

5. Lawful basis for processing (EEA/UK users)

If you are located in the European Economic Area or the United Kingdom, our lawful bases for processing your data are: performance of our contract with you (providing the service), your consent (marketing emails, advertising cookies), our legitimate interests (product improvement, fraud prevention, analytics), and compliance with legal obligations. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6. Sub-processors and third-party services

We use the following third-party services to operate Gest:

Google Gemini (AI companion and document review) — Processes your AI conversation messages and, with your explicit consent, uploaded documents for AI-powered analysis. We use Google's paid API and do not opt in to data-sharing for model training. Google may retain conversation data for up to 30 days for abuse and safety monitoring, as described in their API terms of service. United States.

Supabase (database and authentication) — Stores account data, journey information, and user-generated content. United States.

PostHog (analytics) — Collects anonymized product usage data to help us improve the app. Self-hosted / United States.

Apple / Google (payments) — Processes subscription payments. We receive subscription status only.

Resend (email) — Sends transactional and marketing emails. United States.

Google Cloud Translation (message translation) — Translates messages between you and your surrogate when you speak different languages. Message text is sent to Google's Cloud Translation API for processing. United States.

Vercel (website hosting) — Hosts and serves the Gest website. Processes IP addresses and request metadata. United States.

Meta Pixel and Google Ads (website only) — Conversion tracking for advertising campaigns. These are loaded only with your consent and are not present in the mobile app. You can manage your preferences via the cookie banner on our website. Loading these tags causes data such as your IP address, page URL, and device identifiers to be received by Meta and Google for advertising purposes. Under the California Consumer Privacy Act (CCPA/CPRA), this constitutes "sharing" of personal information for cross-context behavioral advertising. We do not engage in this sharing unless you opt in via the cookie banner, and you can withdraw consent at any time using the "Cookies" link in the website footer.

We require each sub-processor to maintain appropriate security measures and to process your data only as necessary to provide their service to us.

7. Document encryption

Sensitive documents (contracts, legal agreements, medical records) uploaded to the document vault are encrypted on your device before upload using client-side encryption. We cannot read the contents of encrypted documents. Standard photos and posts shared in the messaging feature are encrypted in transit (TLS) and at rest on our servers, but are not end-to-end encrypted.

8. AI companion privacy

Your AI companion conversations are private to you. Your surrogate cannot see your AI conversations, and you cannot see hers. We do not read or review AI conversations except where necessary to investigate abuse or comply with legal obligations. Conversations are sent to Google Gemini for processing under their paid API terms. We may analyze aggregated, anonymized conversation metadata (such as message count and feature usage frequency) to improve the product.

9. Law enforcement requests

We do not voluntarily disclose personal data to law enforcement. If we receive a valid court order or subpoena directed specifically at our company, we will comply only to the extent legally required. We will notify affected users before disclosure unless we are legally prohibited from doing so. We will challenge requests we believe are overbroad or legally deficient.

10. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. AI companion conversation history is retained for the duration of your account. Waitlist email addresses are retained until you unsubscribe or the waitlist closes. When you delete your account, we remove your personal data within 30 days. Backup copies and logs containing personal data are purged within 90 days. We may retain anonymized, aggregated data indefinitely for analytics.

11. International data transfers

Gest is operated from the United States. If you access our services from outside the United States, your data will be transferred to and processed in the United States. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) where required to safeguard international transfers.

12. Cookies and tracking

The Gest website uses essential cookies for site functionality. Third-party advertising cookies (Meta Pixel, Google Ads) are loaded only after you consent via the cookie banner. PostHog analytics runs under our legitimate interest in product improvement and does not use advertising cookies. The mobile app does not use cookies. You can change your cookie preferences at any time using the "Cookies" link in the website footer.

Global Privacy Control (GPC). If your browser sends a Global Privacy Control signal, we treat it as a valid request to opt out of the sale or sharing of your personal information for cross-context behavioral advertising, and we will not load Meta Pixel or Google Ads for that browser session.

13. Your rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you, correct inaccurate data, delete your data, restrict or object to processing, data portability (receive your data in a structured, machine-readable format such as JSON), withdraw consent, and lodge a complaint with a supervisory authority.

California residents (CCPA/CPRA). You have additional rights, including the right to: know what personal information we collect and how we use it; request deletion; correct inaccurate information; opt out of the sale or sharing of personal information; limit the use of sensitive personal information; and not be discriminated or retaliated against for exercising any of these rights. We do not sell personal information. We share personal information for cross-context behavioral advertising only if you opt in via the cookie banner or do not have Global Privacy Control enabled, as described in Sections 6 and 12.

Do Not Sell or Share My Personal Information. To opt out of sharing for cross-context behavioral advertising, use the "Cookies" link in the website footer or enable Global Privacy Control in your browser. Both methods stop Meta Pixel and Google Ads from loading.

To exercise any of these rights, email hello@thegest.app. We will respond within 30 days (or within the timeframe required by applicable law). You may designate an authorized agent to make a request on your behalf; we may require verification of your identity and the agent's authorization.

14. Children's privacy

Gest is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. The Service is intended for users age 18 and older. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, contact us at hello@thegest.app.

15. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours of becoming aware, as required by applicable law.

16. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or in-app notification at least 14 days before they take effect. Continued use of Gest after changes take effect constitutes acceptance of the updated policy.

17. Contact

For privacy inquiries, data requests, or complaints: hello@thegest.app.

Gest LLC · United States