Privacy Policy

Effective date: 2026-05-11 Contact: [email protected]

PCOS Coach ("we", "us", "our") is a self-care companion for people managing PCOS. Your health data is sensitive, and we treat it that way. This document explains what we collect, how we use it, and the controls you have.

Data we collect

We collect only what we need to run the product:

• Account data: email address, account creation date, sign-in provider (Apple / Google / email).
• Tracker data: cycle phase, period flow, mood scores, symptoms, free-text notes, weights, and habit completions you choose to log.
• Profile data: birthday, height, weight goal, gender, activity level, PCOS subtype, and dietary preferences from onboarding.
• AI Coach conversations: messages you send to Peach and Peach's replies.
• Photos you submit: meal photos and scalp/hair photos you choose to capture. They are sent to our AI provider for analysis (a nutrition estimate or a hair-tracking read-out) and are never used for advertising.
• Recipes you save: which recipes you've kept across regenerations.
• Device data: OS version, app version, locale. Used only to debug crashes and adapt the UI.

We do not collect: precise location, contacts, photos outside what you explicitly attach, advertising IDs, or social-graph data.

How we use it

• To operate the app: when you log a symptom, we store it; when you ask Peach, we send your message to our AI provider so Peach can answer.
• To personalize recipes and insights from your tracker data.
• To process subscription payments via Apple In-App Purchase and RevenueCat.
• To improve the product through anonymized usage analytics — only if you opt in (analytics is off by default; see "Analytics & usage data" in Settings).
• To comply with legal obligations.

We do not sell your data. We do not use your data to train third-party AI models — our AI provider, OpenAI, operates under commercial terms that prohibit training on our customer prompts.

Who we share with

We share data only with the infrastructure providers that make the app run:

• Supabase — stores your account, tracker, profile, and AI conversation history. Hosted on AWS in the EU region. https://supabase.com/privacy
• OpenAI — receives the contents of your AI Coach messages, a structured summary of your tracker data, and any meal or scalp photos you submit for analysis, so the AI can respond. OpenAI processes this under their commercial terms and does not train on it. https://openai.com/policies/privacy-policy
• Apple / Google — handle sign-in via "Sign in with Apple" or Google OAuth, if you choose those methods.
• RevenueCat — processes subscription state and entitlements. https://www.revenuecat.com/privacy
• PostHog — anonymized product analytics, off by default. We send analytics only if you opt in via Settings → Privacy & data → "Analytics & usage data", and you can turn it back off there at any time. When enabled, we send category-level signals, never raw text from your logs or chat. Examples of what flows to PostHog: which cycle phase you're in (e.g. "luteal"), which symptom chips you tap (e.g. "acne", "fatigue"), and which goals you select during onboarding (e.g. "regulate cycles"). Free-text notes, AI Coach messages, and identifying personal details are not sent to PostHog. https://posthog.com/privacy

We do not run ad networks. We do not work with data brokers.

Data retention

• Account, profile, tracker, and conversation data: retained for as long as your account is active.
• On account deletion: removed from our live databases within 30 days.
• Backups: fully purged within 90 days of deletion.

Your rights

You can, at any time, from inside the app:

• Access a copy of your data — Settings → Export my data
• Correct any tracker entry — open the day and edit
• Delete your account and all associated data — Settings → Delete account
• Withdraw consent to processing — uninstall the app and delete your account

If you live in the EEA, UK, or California, you have additional rights under GDPR / CCPA including data portability, restriction of processing, and the right to lodge a complaint with your supervisory authority. Contact us at [email protected] to exercise these rights.

Children

PCOS Coach is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has used the app, contact us at [email protected] and we will delete the account.

iOS health data note

PCOS Coach does not currently read from or write to Apple HealthKit. If you have enabled health-related permissions in iOS, those grants only affect other apps — not us. We collect health data only via what you log directly in PCOS Coach.

Security

• All data in transit uses TLS 1.2+.
• Data at rest is encrypted by Supabase (AES-256).
• Row-level security (RLS) is enforced on every database table — your account can only access rows belonging to your user id.
• Service-role keys live in our backend secret store, never in the mobile app or in source control.

Medical disclaimer

PCOS Coach is a self-care tracking and education tool. It is not a medical device, and it does not provide medical diagnosis, treatment, or advice. The AI Coach is informational only. Always consult a qualified clinician for medical decisions, including about your medications, supplements, and reproductive care.

Changes to this policy

We will notify you in-app and via email at least 14 days before any material change to this policy.

Contact

Questions or requests: [email protected].