Privacy Policy - VitalOS Cycle

Effective date: December 30, 2025

            Simple Truth: Your cycle data never leaves your device. We don't see it, store it, or have
            any access to it. This entire privacy policy exists to explain what that means in legal terms.
        

1. Information We DON'T Collect

VitalOS Cycle does NOT collect, store, or have access to:

Your cycle dates, period lengths, or symptoms
Any health or medical information you track
Notes, moods, or personal observations
Your location
Usage patterns or analytics about your cycle tracking

2. How VitalOS Cycle Works

VitalOS Cycle uses a zero-knowledge architecture:

All your cycle data is stored in a local SQLite database on your device
No cloud sync, no server uploads, no backups on our end
The app works completely offline for core tracking features
Your device generates an anonymous identifier (UUID) for subscription management only

3. What Happens to Your Data

Scenario	What Happens
You delete the app	All your cycle data is permanently deleted
You lose your device	Your data is gone forever (we can't recover it)
You get a new device	You start fresh (no data transfer unless you manually export/import)
Our servers get hacked	Your cycle data is safe - we never had it

4. Anonymous Device Identifier

Your device generates a random UUID (e.g., "a4b5c6d7-e8f9-...") which is used for:

Subscription management and billing
Linking VitalOS apps together (if you use multiple VitalOS products)

This identifier contains no personal information and cannot be used to identify you.

5. Subscription Information

When you subscribe to VitalOS Cycle:

iOS: Payment is handled entirely by Apple. We receive only confirmation that your anonymous UUID has an active subscription.
Android: Payment is processed by Square. Your email and password are stored as encrypted hashes - we cannot read or access them. We maintain only the minimum billing reference required to process payments.

In both cases, your cycle data still never leaves your device.

6. Data Export and Backup

You can export your cycle data as JSON from Settings at any time. This is YOUR responsibility - we don't keep backups.

7. Third-Party Services

Sentry (crash reporting): If the app crashes, anonymous error information is sent to help us fix bugs. No cycle data or personal information is included.
Apple App Store / Square: Payment processing for subscriptions (see Section 5).

No analytics, advertising, or tracking SDKs are used.

8. Children's Privacy

VitalOS Cycle is designed for individuals who menstruate, typically teenagers and adults. Since we don't collect personal data, COPPA and similar regulations are satisfied by design.

9. International Users

Since all cycle data stays on your device, GDPR, CCPA, and other privacy laws are satisfied by design. We have nothing to delete, export, or correct because we never had your health data.

10. Your Rights

Right to access: Check your device - that's where your data is
Right to delete: Delete the app or use Clear Data in Settings
Right to export: Use our JSON export feature in Settings
Right to correction: Edit directly in the app

11. Security

Your data security depends on YOUR device security. We recommend:

Use device lock (PIN, fingerprint, Face ID)
Keep your device software updated
Regular backups via our export feature

12. Changes to This Policy

We may update this policy. If we do, we'll update the date above. Continued use constitutes acceptance.

13. Why This Approach?

Period tracking apps have historically been surveillance tools that sell intimate health data. We chose a different path: build an app that's architecturally incapable of spying on you. If we wanted your data, we'd have to redesign the entire app. We won't.

Contact Information

Questions about privacy?

Email: privacy@vitalos.app
Support: support@vitalos.app

Remember: We cannot access your cycle data. If you contact us about a data issue, we can only help with export instructions - we can't see your data.