Privacy Policy

1. Introduction

Welcome to Cyclz ("we," "our," or "us"). We are committed to protecting your privacy and the security of your personal health information. This Privacy Policy explains what information is collected, how it is used, and how it is safeguarded when you use our mobile application Cyclz (the "App"), available on the Apple App Store.

By downloading, installing, or using the App, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.

2. Information We Collect

2.1 User-Provided Data (stored on your device)

Scope: the following health, cycle and lifestyle data never leaves your device or your personal iCloud. It is not shared with advertising networks. AdMob only receives the device-level information described in Section 5.

The App lets you log health and lifestyle information to track your menstrual cycle and related features. This data includes:

• Profile: first name (optional), date of birth, blood type (optional), weight (optional), height (optional)
• Cycle settings: cycle length, period length, luteal phase length
• Periods: start and end dates of each recorded period
• Contraceptive pill packs: pill name, pack type (21/7, 24/4, 28), start date, daily intake confirmations
• Doctors: name, optional phone number, optional email
• Medical visits: date, time, doctor, reasons (routine, follow-up, illness, vaccination, pregnancy, other), optional notes
• Notification preferences: pill reminder, period reminders (start and end confirmation), appointment reminders, birthday reminder, timings, message styles (explicit / discreet)
• Display preferences: language, appearance, units, week start, Arabic month style, number system, haptic feedback, fertility display, app lock code (optional, stored locally in the Keychain on this device only)

All this information is stored locally on your device using Apple's SwiftData framework and, if you enable iCloud, in your personal iCloud account via CloudKit.

2.2 Information We Do NOT Collect

Cyclz does not collect, request or transmit:

• Account credentials (the App has no account)
• Your personal identifiers (your own name, email address, phone number) - any name you enter in the profile is stored on-device only
• Location data
• Contact lists or address book data
• Browsing history or search queries
• Payment or financial information
• Your cycle, period, pill or medical data - none of it is shared with advertisers, sent to Firebase, or transmitted to our servers

2.3 Device-Level Data Processed by Third Parties

The following device-level data may be processed by third-party SDKs (Google AdMob, Firebase, Apple SKAdNetwork) to deliver ads, monitor app performance, and pilot remote configuration. None of this data identifies you personally and none of your health, cycle, period, pill, doctor, appointment or profile data is included:

• Device model, iOS version, language, general region (country-level)
• Advertising identifier (IDFA), only if you grant permission via Apple's App Tracking Transparency (ATT) prompt
• Anonymous app instance identifier (Firebase Installations ID)
• App-level events automatically captured by Firebase Analytics: app open, session start, screen view, ad impression. We do not log custom events with your health data.
• Crash reports (Crashlytics): stack traces, device state at the time of crash. No cycle / period / pill / medical data is included.
• Generic ad interaction data (impression, tap)
• Anonymized conversion signals via Apple SKAdNetwork (no IDFA needed, privacy-preserving by design)

See Section 5 for the full list of third-party services and your controls (GDPR consent, ATT, kill switches).

3. How We Use Your Information

All information you provide is used on-device for the following purposes:

• Core functionality: display your cycle ring, calendar, statistics, pill pack, doctor visits and related predictions.
• Predictions: compute cycle length, period length, ovulation and fertile window using the median of your recent history.
• Local notifications: schedule reminders (pill, periods, end-of-period confirmation, appointments, birthday, end of pack) through iOS's notification system.
• Cross-device sync: if you leave iCloud enabled for the App, synchronize your data across your Apple devices.

4. Data Storage and Security

4.1 Local Storage

All data is stored locally on your device using Apple's secure data storage mechanisms (SwiftData on top of SQLite). This data is protected by your device's security features, including encryption at rest and passcode/biometric protection.

If you enable the optional App Lock, a numeric code is required each time you open Cyclz. The code is stored in the iOS Keychain on this device only and never leaves your phone.

4.2 iCloud Storage

If you are signed into iCloud and have iCloud enabled for Cyclz, your data is stored in your personal iCloud container via Apple's CloudKit. This synchronization is:

• Managed entirely by Apple's iCloud infrastructure
• Encrypted in transit and at rest
• Subject to Apple's Privacy Policy and security measures
• Accessible only through devices signed in to your Apple ID

We do not have access to your iCloud data. You can disable iCloud sync at any time in iOS Settings > [Your Name] > iCloud > Apps Using iCloud > Cyclz.

4.3 Data Retention

Your data is retained on your device for as long as the App is installed. When you delete the App, all locally stored data is permanently removed. iCloud data can be managed through your iCloud settings at any time.

5. Third-Party Services

5.1 Advertising (Google AdMob)

Cyclz is free and supported by advertising provided by Google AdMob (Google LLC). The App displays three ad formats:

• Banner ads: small inline banners at the top of the Summary, Cycle, Pill and Appointments pages.
• Interstitial ads: full-screen ads displayed between user actions, with a strict cadence (configurable, default: after 4 actions for the first ad, then every 6 actions, with a minimum of 3 minutes between two ads).
• App Open ads: full-screen ads displayed when you return to the App from the background, with a 4-hour cooldown. Never shown at cold launch (App Store guideline 4.5.4).

AdMob processes the device-level data described in Section 2.3 to serve personalized or non-personalized ads. No personal profile, cycle, period, pill or medical data is ever shared with AdMob.

For users in the EEA / UK (GDPR): a Google User Messaging Platform (UMP) consent form is shown on first launch, allowing you to choose your ad preferences (personalized / non-personalized) or refuse advertising consent. You can update your consent at any time from Settings → Ad Preferences within the App. If you refuse consent, no ads are loaded.

For all users: Apple's App Tracking Transparency (ATT) prompt is presented to ask whether you allow tracking via your IDFA. If you choose Ask App Not to Track, AdMob serves non-personalized ads only. You can change this setting at any time in iOS Settings > Privacy & Security > Tracking.

For more information, see Google's Privacy Policy.

5.2 Firebase (Google LLC)

Cyclz uses three Google Firebase services to monitor app performance, fix bugs, and remotely manage advertising configuration:

• Firebase Analytics: auto-captures generic app-level events (first open, session start, screen view, ad impression). It does not capture any custom event with your health data. Used to understand aggregate usage patterns (e.g. how many users view the Cycle tab).
• Firebase Crashlytics: collects anonymous crash reports (stack traces, device state at the time of crash) so we can fix bugs. Crash reports do not include your cycle, period, pill, doctor, appointment or profile data.
• Firebase Remote Config: lets us remotely manage advertising parameters (ad unit IDs, kill switches, cadence thresholds) without releasing a new App Store version. Remote Config is read-only from your device's perspective — it pulls a small JSON configuration; nothing about you is sent.

Firebase data is processed by Google LLC under the Firebase Privacy and Security terms.

5.3 Apple SKAdNetwork

For privacy-preserving advertising attribution, AdMob uses Apple's SKAdNetwork framework. SKAdNetwork measures ad campaign conversions without using your IDFA and without transmitting any personal data — Apple aggregates the signals on its own servers before forwarding anonymized counts to ad networks. This works even if you decline ATT.

5.4 Tracking Domains and Privacy Manifest

In compliance with Apple's privacy requirements, the App declares the following tracking domains in its PrivacyInfo.xcprivacy manifest. Network calls to these domains are made by Google AdMob and Firebase:

• googleads.g.doubleclick.net (AdMob ad delivery)
• googlesyndication.com (AdMob ad delivery)
• app-measurement.com (Firebase Analytics)
• firebaseinstallations.googleapis.com (Firebase instance ID)
• firebaseremoteconfig.googleapis.com (Firebase Remote Config)

The Privacy Manifest also declares the following Apple-required reasons for accessing system APIs (none of which are used to identify or track you):

• UserDefaults (CA92.1): storing app preferences (selected tab, language, appearance, etc.).
• File Timestamp (C617.1): reading/writing local app data (SwiftData persistent store).
• System Boot Time (35F9.1): measuring time intervals for cooldown logic (e.g. App Open 4h cooldown).
• Disk Space (E174.1): checking available space when exporting data as JSON.

5.5 Apple Services

The App also integrates with Apple's own platform services:

• CloudKit (iCloud): optional cross-device synchronization. Data is stored in your personal iCloud account.
• UserNotifications: used to deliver local reminders. All scheduling occurs on-device.
• StoreKit (App Store): used only when you tap Rate the app in Settings.

No user profile data ever leaves your device, except through Apple's iCloud when you choose to sync.

5.6 App Tracking Transparency (ATT)

In compliance with Apple's App Tracking Transparency framework, the App presents a prompt (via Google UMP) asking for your permission to access the device's advertising identifier (IDFA) for personalized advertising. You have full control:

• Allow Tracking: AdMob may use your IDFA to serve more relevant ads.
• Ask App Not to Track: AdMob will serve non-personalized ads only.

Your choice does not affect the App's functionality. All cycle tracking, pill tracking, appointments and reminders work identically regardless of your tracking preference.

6. Your Rights and Choices

6.1 Access and Control

You have complete control over your data:

• View: all your data is visible inside the App.
• Edit: you can modify or correct any entry (profile, periods, packs, visits, doctors).
• Delete individually: you can delete any single period, pack or visit from the App.
• Delete everything: Settings → Reset → Delete all data removes every profile, period, pack, doctor and visit permanently.
• Export: Settings → Import/Export → Export data produces a JSON file you can share via AirDrop, email, iCloud Drive, etc.

6.2 Notification Permissions

You can manage notification access at any time in iOS Settings > Notifications > Cyclz. You can also disable any specific reminder individually inside the App.

6.3 iCloud Sync

To disable iCloud synchronization:

• iOS Settings > [Your Name] > iCloud > Apps Using iCloud > Cyclz > Toggle Off

6.4 Full Data Deletion

To completely remove all Cyclz data:

• Use Settings → Reset → Delete all data inside the App, and/or
• Delete the App from your device (removes all local data)
• If iCloud sync was enabled, manage the remaining iCloud data through iOS Settings > [Your Name] > iCloud > Manage Storage

7. Children's Privacy

The App is a menstrual cycle and contraceptive pill tracker intended for users of reproductive age. It is not directed to children under 13. We do not knowingly collect information from users under 13. If you are a parent or guardian and have concerns, please contact us.

8. International Users

The App is available worldwide through the Apple App Store. Since all processing occurs locally on your device, there is no international transfer of personal data to our servers (we do not operate any). iCloud data transfers are governed by Apple's policies and your iCloud settings.

8.1 European Users (GDPR)

For users in the European Economic Area (EEA), we note that:

• We process the minimum data strictly necessary for the App to function (data minimization principle).
• Processing of your cycle data is based on the provision of the service you request by using the App.
• Health data you enter is considered a special category under GDPR. We apply the strictest principle possible: this data never leaves your device or your personal iCloud and is never shared with advertisers.
• AdMob advertising is subject to your GDPR consent (collected via the Google UMP consent form on first launch) and to your ATT choice.
• You have rights to access, rectify, erase, restrict, port and object to processing. Since the data is stored locally, you exercise these rights directly through the App (view, edit, export, delete).

8.2 California Users (CCPA)

For California residents, we confirm that:

• We do not sell or share your personal profile data (cycle, periods, pill, doctor visits).
• We do not collect this personal information on our servers (we have none).
• AdMob may process device-level advertising data according to Google's Privacy Policy, subject to your ATT choice.
• You have the right to know, delete, and opt-out of the sale of personal information - though we do not sell data.

9. Security Measures

We apply the following technical measures to protect your information:

• All profile, cycle and medical data is stored locally using Apple's secure storage APIs.
• No profile data is transmitted to our servers - we operate none. Only AdMob and Firebase receive the device-level data described in Section 2.3.
• iCloud data is encrypted by Apple in transit and at rest.
• Optional App Lock protects the App's entry by a numeric code stored in the iOS Keychain.

No method of electronic storage is 100% secure. We encourage you to use device passcodes and biometric authentication to protect your device.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last updated" date at the top of this policy
• Posting the new Privacy Policy on this page
• For significant changes, providing notice through the App or the App Store update notes

Your continued use of the App after any modifications indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our privacy practices, please contact us at:

• Email: contact@cyclz.app

We will respond to your inquiry within 30 days.

12. Consent

By using Cyclz, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree to this policy, please do not use the App.