Legal

Privacy Policy

Effective 1 January 2026·Last updated 1 January 2026

The short version. Private Period Tracker is built to keep your health data on your phone. Core tracking needs no account and works offline. We do not collect, sell, rent or share your reproductive or health data. Optional connected features are off by default and end-to-end encrypted when you turn them on.

This Privacy Policy explains how the Private Period Tracker mobile application (the "App") and this website handle information. It applies to the free and Plus editions of the App. By using the App you agree to this policy.

1. Our core principle: local-first

The App stores your cycle, symptom, fertility, pregnancy and related entries in a database on your device, encrypted at rest using SQLCipher (AES-256). By default, this data is never transmitted to us or to any third party. You do not need to create an account, provide an email address, or connect to the internet to use core tracking, predictions and insights.

2. Information we do not collect

Because the App is local-first, in normal use we do not collect or receive:

  • Your period, cycle, symptom, mood, sexual-activity, fertility, pregnancy or perimenopause entries;
  • Your name, email address, phone number or account credentials (there is no account);
  • Advertising identifiers, location data, or behavioural tracking data;
  • Analytics or telemetry about how you use the App.

We do not use advertising SDKs, third-party trackers, or data brokers. We do not sell or share your personal information, and we do not "share" it for cross-context behavioural advertising as those terms are used under laws such as the California Consumer Privacy Act (CCPA/CPRA).

3. Optional connected features

Some features are off by default and only send data if you explicitly enable them. When you do, only the data required for that feature is transmitted, and — where it contains your health data — it is end-to-end encrypted on your device before it leaves, so our servers store only ciphertext they cannot read (a "zero-knowledge" design). These features include:

  • Multi-device sync — an encrypted copy of your data so you can restore it on another of your devices. Keys are derived from your passphrase and held on your devices; we cannot decrypt it.
  • Partner sharing — shares only the specific items you choose, encrypted to your partner.
  • Community — pseudonymous discussions. Only what you type in a post is shared; your health data is never attached automatically.
  • Streamed content library — articles, audio and video streamed anonymously; requests do not include your identity or health data.

You can disable any connected feature at any time and request deletion of its server-side copy from within the App.

4. Purchases and subscriptions

The Plus edition (one-time purchase) and any optional online-services subscription are processed by Google Play billing. Google processes your payment; we do not receive or store your payment card details. We receive purchase and subscription status (for example, a purchase token) so the App can unlock the features you bought and validate them. Google's handling of your payment information is governed by Google's own privacy policy.

5. Device permissions

The App may request certain permissions, each used only for its stated purpose and only with your consent:

  • Notifications — to show the reminders you enable. Reminders are scheduled locally on your device.
  • Biometrics — to unlock the App with fingerprint or face if you turn on App Lock. Biometric data never leaves your device and is handled by the operating system.
  • Health Connect (optional) — if you choose, to read or write menstruation, temperature, weight, sleep or activity data with Android Health Connect, under scopes you control.

6. This website

This marketing website is served as static pages. It does not set advertising or tracking cookies, does not run third-party analytics, and self-hosts its fonts so your visit is not shared with third-party font or CDN providers. Standard server logs may record limited technical information (such as IP address and request time) for security and reliability; these are not used to profile you.

7. Data retention and deletion

Your on-device data remains until you delete it or uninstall the App. The App provides a one-tap option to permanently erase all local data; this also triggers deletion of any copies created by opt-in connected features. You can export your data at any time (JSON, CSV or plain text) and create passphrase-protected backups that you control.

8. Children

The App is not directed to children under the age at which they can independently consent to processing under applicable law (for example, under 13 in the United States, or the relevant age in your country). We do not knowingly collect personal information from children.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete or port your personal data, and to object to or restrict certain processing (for example, under the EU/UK GDPR or the CCPA/CPRA). Because your health data is stored on your device and under your direct control, you can exercise most of these rights yourself within the App at any time. For data related to opt-in connected features, or to make a request, contact us at the address below.

10. Changes to this policy

We may update this policy to reflect changes to the App or the law. We will revise the "Last updated" date above and, for material changes, provide notice within the App or on this website.

11. Contact

Questions about privacy? Email privacy@privateperiodtracker.com.