Privacy Policy

Privacy Policy

Last Updated: November 2025

LadyData ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fertility awareness tracking application.

1. Information We Collect

1.1 Account Information

  • Email address
  • Password (encrypted and securely stored)
  • Full name (optional)

1.2 Health and Fertility Data

  • Menstrual cycle information (cycle start dates, cycle length, period duration)
  • Basal body temperature (BBT) readings
  • Cervical mucus observations and characteristics
  • LH (luteinizing hormone) test results
  • Pregnancy test results
  • Physical symptoms and notes
  • Intercourse tracking data
  • Fertile window and peak day markers

1.3 Usage and Technical Data

  • Device type and operating system (iOS, Android)
  • App version and platform information
  • Login and activity timestamps
  • App usage patterns (session duration, feature usage)
  • Error logs and crash reports

1.4 User-Generated Content

  • Feature requests and suggestions
  • Feedback and comments
  • Optional screenshots or images attached to feedback

2. How We Use Your Information

We use your information for the following purposes:

Providing Services:

  • To create and maintain your account
  • To track and display your fertility data
  • To calculate fertile windows and cycle predictions
  • To sync your data across devices
  • To provide personalized insights and educational content

Improving Our App:

  • To analyze usage patterns and improve features
  • To fix bugs and technical issues
  • To develop new features based on user feedback
  • To understand which features are most valuable to users

Communication:

  • To respond to your support requests
  • To send important updates about the app
  • To notify you about changes to our policies
  • To send optional educational content (with your consent)

Legal Compliance:

  • To comply with applicable laws and regulations
  • To protect our rights and prevent misuse
  • To respond to legal requests from authorities

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Improving our app, preventing fraud, ensuring security
  • Consent: For optional features and communications
  • Legal Obligations: Complying with applicable laws

4. Data Storage and Security

Data Storage:

  • Your data is stored securely using Supabase (powered by PostgreSQL)
  • Data is encrypted in transit using SSL/TLS
  • Data is encrypted at rest in our secure databases
  • Passwords are hashed using industry-standard encryption
  • Data centers comply with SOC 2 Type II and ISO 27001 standards

Security Measures:

  • Regular security audits and updates
  • Access controls and authentication requirements
  • Monitoring for unauthorized access
  • Secure backup and disaster recovery procedures

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

5. Data Sharing and Disclosure

We do NOT sell your personal data to third parties.

We may share your information only in the following limited circumstances:

Service Providers:

  • Supabase (database hosting and authentication)
  • Cloud infrastructure providers
  • Email service providers (for account-related emails)

These providers are bound by strict data protection agreements.

Legal Requirements:

  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, property, or safety
  • To prevent fraud or security threats

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your data may be transferred (you will be notified in advance)

Aggregated Data:

  • We may share anonymized, aggregated statistics that cannot identify individual users

6. Your Privacy Rights

6.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your account and data
  • Data Export: Download your data in a portable format
  • Withdraw Consent: Opt out of optional features

6.2 European Users (GDPR Rights)

  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Complain: Lodge a complaint with your data protection authority

6.3 California Residents (CCPA Rights)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, contact us at meg@ladydata.co

7. Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law
  • Backups: Backup copies are deleted during regular backup rotation (typically 90 days)

8. Children's Privacy

LadyData is intended for users aged 13 and older (16 and older in the EEA). We do not knowingly collect data from children under these age limits. If we discover we have collected data from a child under the applicable age, we will delete it immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally compliant transfer mechanisms

10. Third-Party Services

Our app does not integrate with third-party social media platforms or advertising networks. The only third-party services we use are:

  • Supabase: For secure data storage and authentication
  • Expo: For app development and deployment infrastructure

We are not responsible for the privacy practices of these third parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

  • Update the "Last Updated" date at the top
  • Notify you of significant changes via email or in-app notification
  • For material changes, we may request your consent
  • Continued use of the app after changes constitutes acceptance

12. Your Choices and Controls

Data Export: You can export your fertility data at any time from the app settings.

Account Deletion: You can delete your account at any time. This will permanently delete all your data within 30 days.

Marketing Communications: You can opt out of promotional emails by clicking the unsubscribe link or updating your preferences in settings.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: meg@ladydata.co

We will respond to your request within 30 days for general inquiries, 30 days for GDPR requests, or 45 days for CCPA requests.

14. Additional Information for Specific Jurisdictions

14.1 United States

We comply with applicable U.S. state privacy laws, including CCPA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), and UCPA (Utah).

14.2 Canada

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

14.3 Australia

We comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs).

14.4 Brazil

We comply with the Lei Geral de Proteção de Dados (LGPD).

15. Health Data Specific Protections

As a health tracking app, we take extra precautions with your sensitive health information:

  • Health data is treated with the highest level of security
  • We never share your health data with advertisers
  • We never use your health data for marketing purposes
  • Health data is not used to make automated decisions that significantly affect you
  • You have full control to export or delete your health data at any time

Note: LadyData is not a medical device and should not be used as your sole method of contraception. Always consult healthcare professionals for medical advice.

Acknowledgment

By using LadyData, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Terms of ServiceBack to Home