Privacy Policy

Last Updated: April 13, 2026

Rythma (“We,” “Us,” or “Our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application (“App”) and related services (collectively, the “Services”). The App is designed to help women navigating perimenopause track symptoms, understand cycle patterns, and receive personalized health insights in a privacy-first manner.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Services.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

1. Information We Collect

We adhere to a data minimization philosophy, collecting only the information necessary to provide symptom tracking, pattern detection, predictions, and related features. We categorize the information we collect as follows:

1.1 Personal Information

  • Authentication Data: Name and email address obtained from your chosen authentication provider (Apple, Google, or email registration).
  • Age Range: Selected during onboarding (38–42, 43–47, 48–52, 53–55, 56+). We do not collect your exact date of birth.
  • Onboarding Preferences: Cycle regularity status, symptom impact level, doctor relationship history, current tracking habits, and feature priorities.

1.2 Health and Medical Data

Because Rythma is a health tracking app, we collect sensitive health-related information that you voluntarily provide:

  • Menstrual Cycle Data: Period start/end dates, flow intensity (Light/Medium/Heavy), cycle length, and cycle regularity status.
  • Symptom Data: Daily tracking of up to 18 symptoms including hot flashes, night sweats, brain fog, anxiety, mood swings, irritability, sleep disruption, fatigue, joint pain, headaches, bloating, breast tenderness, heart palpitations, weight changes, hair changes, low libido, vaginal dryness, and digestive issues.
  • Daily Ratings: Self-reported daily severity rating (Mild, Moderate, Rough, or Terrible).
  • Daily Notes: Optional free-text notes you may enter alongside your daily log.
  • Medications and HRT: Names of medications or hormone replacement therapy you choose to disclose, or indication that you prefer not to answer.
  • Past Period History: Optional historical period dates entered during onboarding.

1.3 Apple Health Data (HealthKit)

With your explicit permission, we may read and/or write the following data from Apple Health:

  • Menstrual Cycle Data (read and write): We sync period data bidirectionally with Apple Health.
  • Sleep Data (read only): Used to detect sleep-related patterns in your symptoms.
  • Steps and Activity Data (read only): Used to correlate activity levels with symptom patterns.
  • Heart Rate Data (read only): Used to identify potential correlations with symptoms like hot flashes or palpitations.

You control which Apple Health categories to share. You can revoke access at any time through the app or through iOS Settings > Health > Data Access & Devices.

Apple Health data is never transferred to our servers. It is processed on-device only for pattern detection and is never used for advertising or shared with third parties.

1.4 AI Interaction Data

  • Chat Messages: Messages you send to our AI guide (“Stella”) and the responses generated. Your symptom history and cycle data may be included as context to generate personalized responses.
  • Prediction Feedback: Thumbs up/down ratings you provide on predictions, and “felt better/felt worse” overrides.

1.5 Usage Data

  • Logging streaks (consecutive days of symptom logging)
  • Feature interaction patterns
  • Device type, operating system version, and app version for troubleshooting

1.6 Payment Information

Subscription payments are processed entirely by Apple through the App Store. We do not collect, store, or have access to your payment details (credit card numbers, billing address, etc.). We only receive confirmation of your subscription status from Apple.

2. How We Use Your Information

We use collected information solely to provide, maintain, and improve our Services:

  • To enable core features: symptom tracking, cycle tracking, pattern detection, and daily logging.
  • To generate AI-powered predictions of upcoming difficult days based on your logged patterns.
  • To power the AI chat guide with personalized, contextual responses about your symptoms and cycle.
  • To generate Doctor Report PDFs summarizing your health data over selected time periods.
  • To detect and surface pattern insights (e.g., correlations between specific symptoms and cycle phases).
  • To sync menstrual data with Apple Health (when you grant permission).
  • To authenticate your account and keep your data secure.
  • To send you notifications you have opted into (evening check-in reminders, hard day alerts, weekly summaries, streak milestones).
  • To improve prediction accuracy through your feedback (thumbs up/down, felt better/worse).
  • To comply with legal obligations or enforce our Terms of Service.

We do NOT use your data for advertising, marketing to third parties, or any purpose unrelated to providing the Services.

3. Sharing Your Information

We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes. We may share information only in these limited circumstances:

3.1 Service Providers

We use trusted third-party service providers to operate our Services, under strict data processing agreements:

  • Supabase (database hosting, authentication, serverless functions, file storage): Stores your account data, health logs, predictions, chat messages, and generated reports. Supabase implements Row Level Security ensuring users can only access their own data.
  • Apple (Sign in with Apple, HealthKit, StoreKit): Processes authentication, health data sync, and subscription payments.
  • Google (Sign in with Google): Processes authentication only — receives your email and name when you choose Google sign-in.
  • AI/LLM Provider (via Supabase Edge Functions): Receives your symptom data and chat messages to generate AI responses and predictions. Data is transmitted securely and is not used to train AI models.

3.2 Legal Requirements

We may disclose information if required by law, such as in response to a court order, subpoena, or government request, or to protect our rights, safety, users, or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/SSL) for all data transmitted between the App and our servers.
  • Row Level Security (RLS) on all database tables, ensuring each user can only access their own data.
  • Secure session management using iOS Keychain.
  • Authentication via industry-standard protocols (OAuth 2.0, OIDC with nonce verification for Apple Sign In).

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your device and authentication credentials.

5. Data Retention

We retain your personal information only as long as your account is active and as necessary to provide our Services. Upon account deletion:

  • All your data is permanently and immediately deleted across all database tables, including: profile information, symptom logs, daily logs, period history, medications, predictions, prediction feedback, chat messages, generated reports, and pattern insights.
  • Your Supabase authentication record is also deleted.
  • No backups of your data are retained after deletion.
  • This deletion is irreversible.

6. Your Rights and Controls

You have full control over your data within the App:

  • Export Your Data: You can export all your data as a JSON file from the Profile screen at any time.
  • Delete Your Account: You can permanently delete your account and all associated data from the Profile screen. Deletion is immediate and irreversible.
  • Manage Apple Health Access: You can connect or disconnect Apple Health data categories at any time through the app or iOS Settings.
  • Manage Notifications: You have granular control over which notifications you receive (evening check-in, hard day alerts, weekly summary, streak reminders).

Depending on your location, you may also have the following rights:

For EU/EEA Residents (GDPR)

  • Right to access, correct, or delete your personal data.
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with your local data protection authority.

For California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and shared.
  • Right to request deletion of personal information.
  • Right to opt-out of the sale of personal information (we do not sell your data).
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@rythma.co. We will respond within 30 days (or as required by applicable law).

7. International Data Transfers

Your data may be processed in the United States or other countries where our service providers (Supabase) operate. We ensure appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.

8. Children's Privacy

Our Services are not intended for anyone under 18 years old. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will promptly delete it. If you believe a minor has provided us with personal information, please contact us at privacy@rythma.co.

9. Cookies and Tracking

The Rythma App does not use cookies, advertising trackers, or third-party analytics services. We do not engage in cross-app tracking or behavioral advertising. We do not use tracking pixels or fingerprinting techniques.

10. Medical Disclaimer

Rythma is not a medical device and is not intended to provide medical advice, diagnosis, or treatment. The predictions, insights, and AI responses provided by the App are based on self-reported data and statistical pattern analysis. They should not be used as a substitute for professional medical advice. Always consult a qualified healthcare provider for medical decisions.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Rythma

Email: privacy@rythma.co

Website: https://rythma.co