Your data, your control

Privacy Policy

Last updated: February 9, 2026

Welcome to Her Rhythm ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

Information You Provide Directly

  • Account Information: Email address and password when you create an account.
  • Profile Information: Age range, cycle status (e.g., regular periods, perimenopause, post-menopause), and health goals you choose to provide during onboarding.
  • Health Data: Menstrual cycle dates, symptom logs (type, severity, notes), flow intensity, and any other health-related information you choose to record.
  • Preferences: App settings, notification preferences, privacy mode selection (cloud sync or local-only), and display options.
  • Feedback: Any information you provide when contacting us for support or submitting feedback through the app.

Information Collected Automatically

  • Device Information: Device type, operating system version, and unique device identifiers.
  • Usage Data: Features used, time spent in the app, interaction patterns, and general navigation behavior. This data is collected through PostHog analytics and does not include your health data or personally identifiable information.
  • Crash Data: Error reports and performance data collected through Sentry to help us fix bugs and improve stability. Crash reports do not include screenshots or health data content.

Information We Do Not Collect

  • We do not access your device's microphone, camera, contacts, or location data.
  • We do not collect Apple Health or Google Health Connect data.
  • We do not use facial recognition (Face ID is handled entirely by your device's operating system).

How We Use Your Information

  • Provide the Service: Deliver cycle tracking, symptom logging, pattern analysis, and personalized educational content.
  • Personalize Your Experience: Tailor insights, recommendations, and content based on your profile, cycle status, and logged symptoms.
  • Generate Reports: Create healthcare provider (HCP) reports that you can export and share at your discretion.
  • Send Notifications: Deliver period reminders, symptom logging prompts, and weekly insights if you enable them.
  • Improve the Service: Analyze anonymous usage patterns to improve features, fix bugs, and develop new functionality.
  • Ensure Security: Detect and prevent unauthorized access, fraud, and other security issues.

How We Store Your Data

Cloud Sync (Default)

Your data is stored on Supabase, hosted on Amazon Web Services (AWS) infrastructure. Data is encrypted in transit using TLS and at rest using AES-256 encryption. Row-level security policies ensure that your data is accessible only to your authenticated account.

Local-Only Mode

You may choose to store your data exclusively on your device. In local-only mode, your health data remains on your device and is encrypted using AES-256-CBC with a device-specific key stored in your device’s secure enclave (iOS Keychain / Android Keystore). We do not have access to locally stored data.

Offline Storage

If you lose connectivity while using cloud sync, your data is temporarily stored in an encrypted local database and automatically synchronized when your connection is restored. Sensitive fields (notes, tags) are encrypted with AES-256-CBC before being written to local storage.

Data Sharing and Disclosure

We do not sell your personal information.

Your health data is never sold to advertisers, data brokers, or any third parties. This is a core principle of Her Rhythm, not just a legal obligation.

We may share information only in the following limited circumstances:

  • Service Providers: We use third-party services for cloud hosting (Supabase/AWS), analytics (PostHog), and crash reporting (Sentry). These providers are contractually obligated to protect your information and may only use it to provide services to us.
  • Healthcare Provider Reports: When you generate an HCP report, you choose whether and how to share it. We do not transmit HCP reports to any third party; the report is generated on your device and shared only through your explicit action.
  • Legal Requirements: We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: If Her Rhythm is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice in the app before your information becomes subject to a different privacy policy.

Aggregated and De-Identified Data

We may share anonymized, aggregated data for research purposes. This data is stripped of all personally identifiable information and cannot be used to identify you.

Data Retention

  • Active Account: We retain your data for as long as your account is active and you continue to use the Service.
  • Account Deletion: When you delete your account, all cloud-stored data is permanently deleted within 30 days. Backup copies may persist for up to 90 days before being automatically purged.
  • Local Data: Data stored locally on your device is removed when you uninstall the app or clear app data.

Your Rights and Choices

Regardless of your location, you have the following rights:

  • Access and Portability: You can access all data we have about you and export it at any time through Settings → Export My Data.
  • Correction: You can update or correct your personal information through the app settings.
  • Deletion: You can delete your account and all associated data through Settings → Delete Account. This action is permanent and cannot be undone.
  • Opt-Out: You can disable non-essential data collection (analytics) and all notifications through the app settings.

For California Residents (CCPA)

You have the right to know what personal information is collected, request deletion, opt out of the sale of personal information (we do not sell your data), and not be discriminated against for exercising your rights.

For European Residents (GDPR)

You have the right to access, rectify, erase, restrict processing, object to processing, data portability, and lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at privacy@herrhythm.app.

Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption at rest and AES-256-CBC for local storage
  • TLS encryption for all data in transit
  • Row-level security policies on all database tables
  • Secure authentication with session management
  • Sensitive credentials stored in device secure enclave (iOS Keychain / Android Keystore)
  • Regular security assessments and code audits

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry best practices.

Children's Privacy

Her Rhythm is not intended for children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@herrhythm.app.

Third-Party Links

The Service may contain links to third-party websites or services (such as medical resources cited in educational content). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Health Data Disclaimer

Her Rhythm is an educational tool designed to help you understand your menstrual and hormonal health. It is not a medical device, does not provide medical advice, diagnosis, or treatment, and should not be used as a substitute for professional medical care. Always consult a qualified healthcare provider for medical decisions.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy in the app, updating the "Last updated" date, and sending an email notification for material changes. Your continued use of the Service after changes indicates your acceptance of the updated policy.

Contact Us

For privacy-related questions, data requests, or concerns:

Email: privacy@herrhythm.app

Website: herrhythm.app