Privacy Policy
Effective date: March 4, 2026
PCOS Tracker ("we", "our", or "the app") is operated by DJUMP, MB. This Privacy Policy explains how we collect, use, and protect your information when you use PCOS Tracker. Because our app handles sensitive health data — including menstrual cycle information, weight, mood, pain levels, and other PCOS symptoms — we take your privacy extremely seriously.
i. Our Privacy Commitment
We understand that PCOS symptom data is deeply personal. Living with Polycystic Ovary Syndrome involves tracking intimate health details, and you deserve to feel safe sharing that information with an app. Our core commitments:
- We never sell your health data. Not to advertisers, data brokers, researchers, or anyone else.
- We never share your health data with third parties for their own purposes.
- We never use your symptom data for advertising or ad targeting.
- Your data is encrypted both in transit (HTTPS) and protected by row-level security at rest.
- You own your data. You can export it or delete it at any time.
ii. Information We Collect
We collect only what is necessary to provide and improve the app:
| Data Type | Purpose | Sensitivity |
|---|---|---|
| Email address | Account creation, authentication | Personal |
| Display name | User profile display within the app | Personal |
| Symptom logs (pain, mood, bloating, acne, energy, sleep) | Core symptom tracking functionality | Sensitive health data |
| Period / cycle data (period status, cycle dates, duration) | Menstrual cycle tracking | Sensitive health data |
| Hair symptoms (hirsutism, thinning) | PCOS-specific symptom tracking | Sensitive health data |
| Weight data | Weight tracking and trends | Sensitive health data |
| Exercise and diet notes | Lifestyle tracking for correlation analysis | Sensitive health data |
| PCOS diagnosis date, medications | Profile context for insights | Sensitive health data |
| Push notification token | Daily reminder notifications (opt-in only) | Technical |
| Device information | Anonymous analytics to improve app (via Mixpanel) | Technical |
iii. Information We Do NOT Collect
- Payment or credit card information. All payments are processed by Apple (App Store) or Google (Google Play) through RevenueCat. We never see or store your payment details.
- Precise location data. We do not track your GPS location.
- Contacts, photos, or files. We do not access any content on your device beyond what you explicitly enter in the app.
- Biometric data. We do not collect fingerprints, face scans, or any biometric identifiers.
iv. How We Use Your Information
- To provide core app functionality — logging your daily PCOS symptoms and tracking your cycle
- To generate AI-powered insights by analyzing your symptom patterns (premium feature)
- To display your symptom history, trend charts, and cycle statistics
- To authenticate your account and sync data across devices
- To send daily reminder notifications you have opted into
- To generate PDF export reports for your healthcare provider (premium feature)
- To analyze anonymous app usage and improve the user experience
v. AI Processing of Health Data
When you use the AI Insights feature (premium), your symptom log data is sent to our AI service via Supabase Edge Functions to generate personalized pattern analysis. Important details:
- Your symptom data is processed server-side in a secure, encrypted environment
- Your health data is NOT used for AI model training. It is only used to generate your personal insights.
- AI-generated insights are stored in your account for your reference
- The AI service does not retain your data after processing
- AI insights are informational observations, not medical advice
vi. Data Storage and Security
Your data is stored securely using Supabase infrastructure with multiple layers of protection:
- Row-Level Security (RLS) — Database policies ensure only you can access your own data. Even in the event of a data breach, other users cannot see your records.
- HTTPS encryption — All data is transmitted over encrypted connections.
- Secure authentication — Your account is protected by Supabase Auth with email/password, Google OAuth, or Apple Sign In.
- No third-party data access — We do not provide third parties with access to your health data.
vii. Third-Party Services
We use the following third-party services, each with limited and specific access:
- Supabase — Authentication, database hosting, and Edge Functions. Stores your account and symptom data with RLS protection.
- OpenAI — AI insight generation via server-side Edge Functions. Your data is not shared directly with OpenAI — it is processed through our secure backend. OpenAI does not use API data for model training.
- RevenueCat — Subscription and payment management. Receives only subscription status, not health data.
- Mixpanel — Anonymous usage analytics (screen views, feature usage). Does NOT receive any health or symptom data.
- Resend — Email delivery for waitlist signups and contact-form messages submitted on the marketing website.
- Apple / Google — OAuth sign-in providers and payment processing.
viii. Data Retention
- Your symptom logs and cycle data are retained as long as your account is active.
- Free tier users have access to the last 7 days of history. Premium users have access to their full history.
- When you delete your account, all your data (symptom logs, cycle records, profile, and preferences) is permanently deleted from our servers.
- Anonymous analytics data (not linked to your identity) may be retained for up to 12 months.
ix. Your Rights
You have the right to:
- Access — View all your stored data within the app at any time.
- Export — Download your symptom data and cycle history as a PDF report (premium).
- Correct — Edit or update any symptom logs or profile information.
- Delete — Delete individual logs or your entire account. Account deletion is available directly in the app under Settings, or by contacting us.
- Withdraw consent — You can opt out of push notifications at any time. You can stop using the AI insights feature at any time.
To exercise any of these rights, use the in-app controls or write to us via the contact form.
x. Health Data and Reproductive Privacy
We recognize that menstrual cycle data, reproductive health information, and PCOS symptom data are among the most sensitive categories of personal data. We will not disclose your health data to law enforcement or government agencies unless compelled by a valid legal process (such as a court order). We will always attempt to notify you if we receive such a request, unless legally prohibited from doing so. We strongly encourage users to review our data storage practices and consider whether additional privacy measures (such as using a pseudonymous account) are appropriate for their situation.
xi. Children's Privacy
PCOS Tracker is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately.
xii. International Data Transfers
PCOS Tracker is operated by DJUMP, MB, based in the Republic of Lithuania (European Union). Your data may be processed on servers located in the EU and/or the United States (via our infrastructure providers). We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection regulations, including GDPR.
xiii. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by updating the effective date above. We encourage you to review this policy periodically.
xiv. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your health data, please write to us through the contact form.
DJUMP, MB
Republic of Lithuania