Privacy & Data Protection

Your health data is private and sensitive. We take data protection seriously and have implemented safeguards to keep your information secure.

Our Privacy Principles

Your Data is Yours

You own all your health data. We're just the keeper.

Minimal Collection

We only collect the essential information needed to function.

No Selling

We never sell, share, or trade your personal health data.

Secure Storage

All data is encrypted and stored securely in Redis.

No Tracking

We don't track your activity or sell analytics data.

What Data Do We Collect?

Required Information

  • Last period date: To calculate cycle predictions
  • Cycle length: To personalize your calculations
  • Email address: To send you reminder notifications

Optional Information

  • Symptom logs: Your daily mood and energy ratings
  • Cycle history: Past period dates and durations you record
  • Notes: Any additional notes you add to your data

What We Don't Collect

  • Your real name or personal identifying information
  • Location data or IP address
  • Device information or browsing history
  • Payment or financial information
  • Any data beyond what you explicitly provide

How Your Data is Stored

Database

Your data is stored in Upstash Redis, a secure cloud database. All data is encrypted in transit and at rest.

Unique ID System

Instead of tracking by name or email in our system, each user gets a unique UUID. This keeps your data anonymized even in our database.

Data Retention

Your data is stored for 1 year of inactivity. If you don't log in for over a year, your data is automatically deleted.

No Backups to Third Parties

We don't back up your data to external services or share it with other platforms.

Security Measures

  • All data transmitted over HTTPS (secure, encrypted connection)
  • Database uses encryption for sensitive data
  • No passwords stored (UUID-based access)
  • Regular security monitoring
  • No open APIs that expose personal data

Your Rights

Right to Access

You have the right to see all data we have about you. Your data is always accessible in your CycleGurd dashboard.

Right to Delete

You can delete your account and all associated data at any time. Data is permanently removed from our servers within 30 days.

Right to Data Portability

You can export your data in a standard format to use with other services.

No Discrimination

We won't treat you differently based on your privacy choices or data sharing preferences.

Third-Party Services

CycleGurd uses the following third-party services:

Resend (Email Delivery)

We use Resend to send reminder emails. Only your email address and reminder timing are shared with Resend. They don't store health data.

Upstash (Database)

All your data is stored with Upstash Redis. Their privacy policy applies to data storage and security practices.

Vercel (Hosting)

The app is hosted on Vercel's servers. They don't have access to your data, only to general analytics about app performance.

Privacy Policy Changes

We may update this privacy policy. If we make material changes, we'll notify you. Your continued use of CycleGurd means you accept the updated terms.

Questions? If you have privacy concerns or questions, please reach out. Your privacy matters to us.