The privacy promise
Last updated July 3, 2026 · Ovae Health, Inc. · hello@ovae.health
This is our privacy policy, written the way we write everything: plainly. A period-tracking app asks for some of the most sensitive data that exists. Here is exactly what we do with it — and more importantly, what we will never do.
What we will never do
- We never sell your data. Not to advertisers, not to data brokers, not to anyone, not ever.
- We run no ads and no third-party trackers. There are no advertising or analytics SDKs in the app. No one is watching you use it.
- We never share your health data with law enforcement without a valid court order — and we've designed our systems so there is as little to hand over as possible (see “How your data is stored,” below).
- Your partner never sees your health details. If you choose to connect a partner, they see only: your first name, your cycle phase and day, a countdown, how you said you're feeling today, and a daily tip. Never your symptoms, notes, or history. The connection only exists if you approve it, and you can end it at any time.
What we collect, and why
| Data | Why |
|---|---|
| What you log: cycle dates, symptoms, moods, life events | To show you your patterns, predictions, and daily message. This is the product. |
| Your email (only if you create an account) | To sign you in and restore your data on a new phone. Accounts are optional — the app works fully without one. |
| The first name you choose to display | Greetings, and (with your consent) what your partner sees. |
| Delivery details, if you order products | To deliver what you ordered. Payments are processed by Stripe; we never see your card number. |
That's the list. We don't collect your location, your contacts, your photos, or anything from other apps.
How your data is stored
- On your phone: your data is encrypted at rest, with the key held in your device's secure keychain. You can add Face ID lock on top.
- On our servers (only if you create an account): your identity (email) and your health data live in separate systems. Health records are keyed to a random ID, not your name or email — so either half, alone, reveals close to nothing.
- Retention is enforced by code, not policy: operational logs are automatically purged on a fixed schedule (notification logs after 90 days, security logs after 400 days). Your health data is kept until you delete it — it's yours.
Deleting your data
“Erase everything” in the app means everything: your account and every record attached to it are deleted from our live systems immediately, in one transaction, and age out of our infrastructure provider's rolling backups within 30 days. No export is retained, no “deactivated” limbo, no retention tricks. You can also export all of your data at any time, from the app, for free.
Who else touches data
We use a small number of infrastructure providers to run Ovae: Supabase (database hosting), Stripe (payment processing), Resend (transactional email, e.g. sign-in codes), and Apple (app distribution and push notifications). Each receives only the minimum needed to do its job. None of them may use your data for anything else.
What Ovae is not
Ovae is a companion and a tracker — not a medical device, and not medical advice. Predictions are estimates that we deliberately present with honesty about their uncertainty. Ovae must not be relied on as contraception or to diagnose any condition. Patterns the app flags are observations to discuss with a clinician, never diagnoses.
Children
Ovae is not directed at children under 13, and we don't knowingly collect data from them. If you believe a child has created an account, contact us and we'll delete it.
Changes
If we ever change this policy, we'll say so in the app before the change takes effect — in plain English, with the actual differences called out. The promises in “What we will never do” are not subject to weakening.
Contact
Questions, concerns, deletion requests: hello@ovae.health. A human reads it.