Privacy Policy

Last updated: March 2026

1. Who We Are

We are a menstrual cycle tracking and wellness education app. We are the data controller for the personal information you provide through the app.

Contact: support@mozicycle.com
For data privacy requests (including requests from users in Europe), contact us at the email above.

2. What Data We Collect

Account data: Your name (optional), email address, and age group (teen or adult). Guest users who use anonymous sign-in provide no personal identifiers — only a randomly generated session ID is created.

Cycle & health data you log: Period start and end dates, cycle and period lengths, luteal phase, flow intensity, ovulation dates and method (LH test, BBT, symptom-based), confirmed ovulation, cervical mucus observations, basal body temperature (BBT) readings, LH/OPK test results, pregnancy test results, and pregnancy-related data (LMP, due date, prenatal appointments, symptoms, fetal movement).

Wellness data you log: Mood (happy, calm, anxious, sad, irritable, energetic, tired, or loved), mood intensity (1–5), mood notes, physical symptoms (such as cramps, headache, bloating, fatigue, nausea, back pain, breast tenderness, acne, insomnia, brain fog, spotting, and others), sleep quality (1–5 scale), intercourse (yes/no and whether protected), and notes attached to individual BBT or test entries.

Pregnancy mode data (if you use Pregnancy Tracker): Daily pregnancy symptoms and severity (nausea, fatigue), blood pressure readings, fetal movement counts, and prenatal appointment records including appointment type, provider name, gestational age, weight at appointment, blood pressure, and whether an ultrasound was performed.

Mozi AI chat data (Premium only): When you use the Mozi AI chat feature, your messages and an anonymised summary of your cycle context (current phase, cycle day, recent moods, and common symptoms from the last 14 days) are sent to our AI service via a Supabase Edge Function to generate a response. Chat history is stored locally on your device only and is not saved to our servers. We do not store your conversation on our backend.

Device & technical data: App version, operating system, and general device type (for bug fixing only). We do not collect precise location, contacts, camera, or microphone access.

Usage analytics (anonymised): Which app screens are visited and feature interaction frequency. This data is aggregated, cannot identify you personally, and is used only to improve the app.

3. Why We Are Allowed to Process Your Data (Legal Basis)

European privacy law (EU GDPR and UK data protection law) requires us to explain the legal reason we process each type of data. If you are based in Europe, the following applies:

Your consent — reproductive and health data is classed as sensitive data under European law. We process it only because you actively choose to log it. You can withdraw this consent at any time by deleting your data or your account.

Delivering the service — we need basic account data to create and maintain your account and give you access to the features you signed up for.

Improving the app — we use anonymised, aggregated usage data (never linked to your identity) to understand how the app is used and fix problems.

Legal requirements — in rare cases we may be required by law to retain or disclose certain data.

4. How We Use Your Data

We use your data only for the following purposes:

  • To calculate and display cycle predictions, fertile window estimates, and ovulation windows
  • To show you personalised daily health insights and phase-based content
  • To deliver age-appropriate educational content (teen vs adult)
  • To send you notifications you have enabled (period reminders, daily log prompts, fertility alerts)
  • To maintain your account and enable cross-device access
  • To provide premium features to verified subscribers
  • To fix bugs and improve performance using anonymised analytics

We will never use your health or reproductive data for advertising, marketing profiling, or to train AI models without your separate and explicit consent.

5. Reproductive Data & Law Enforcement

We are aware that reproductive health data can carry legal risk in some parts of the United States, where laws around abortion and reproductive healthcare have changed in recent years.

Our policy on law enforcement requests:
We will not voluntarily disclose your reproductive health data to any government authority or law enforcement agency. If we receive a legally binding court order or subpoena, we will:

  • Notify you before complying wherever legally permitted to do so
  • Provide only the minimum data required by the order
  • Resist overbroad requests through legal challenge where possible

We do not log IP addresses linked to your cycle or health data. We do not retain data beyond what is necessary to operate the service. We strongly recommend using a guest (anonymous) session if you have concerns about data linkage to your identity.

6. Data Storage & Security

Your data is stored with Supabase, our database provider, on servers located in the United States (AWS). Supabase is our data processor and processes data only on our instructions under a Data Processing Agreement.

Security measures we apply:

  • Row-level security (RLS) — only your authenticated session can read or write your rows
  • All data transmitted over encrypted TLS/HTTPS connections
  • All data stored encrypted at rest
  • Payment processing handled entirely by the App Store or Google Play — we never receive or store payment card details
  • Anonymous sessions generate no personally identifiable account data

No security system is impenetrable. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulators as required by law within 72 hours of discovery.

7. Who We Share Data With

We do not sell, rent, trade, or share your personal or health data with any third party for commercial or marketing purposes.

We share data only with the following service providers, strictly to operate the app:

Supabase — database infrastructure and authentication (data processor)
Expo / EAS — app build and update delivery infrastructure
Apple App Store / Google Play — subscription and payment processing

These providers are contractually prohibited from using your data for any purpose other than providing services to us. We do not integrate advertising SDKs, data broker APIs, social media tracking pixels, or third-party analytics that can identify you personally.

8. Guest & Anonymous Users

You can use free core features without creating an account. When you first open the app, an anonymous session is created using a randomly generated ID — no email, name, or identifier is required. Anonymous sessions are limited to free features only. Premium features require a registered Mozi account.

Your anonymous data is stored under that session ID. If you later create a real account, your data is linked to your account under the same user ID — nothing is lost.

If you never create an account, your data cannot be linked to your real identity by us or by third parties, even in the event of a legal request, because we have no identifying information on file.

9. Children & Teens

This app is not for anyone under 13. We do not knowingly collect data from children under 13. If you are under 13, please do not use this app. If we discover we have data from a child under 13, we will delete it immediately.

Teen users (ages 13–17): We offer an age-appropriate teen mode with additional protections required by US children's privacy law (COPPA):

  • We collect only the minimum data needed for cycle tracking
  • We do not show advertising to teen users
  • We do not share teen user data with any third party beyond what is stated in this policy
  • Teen users can delete their data at any time

The only third party that processes teen user data is Supabase, our database provider. No one else receives it.

10. Your Rights

Depending on your location, you have some or all of the following rights regarding your data:

Access — request a copy of all data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure — request full deletion of your account and all associated data ("right to be forgotten"). Go to Settings → Delete Account or email support@mozicycle.com
Portability — request your data in a machine-readable format (CSV/JSON)
Restriction — request we pause processing your data while a dispute is resolved
Objection — object to processing based on legitimate interests
Withdraw consent — stop data collection at any time by deleting your data or account

To exercise any of these rights, email us at support@mozicycle.com. We will respond within 30 days.

11. Data Retention

We retain your data for as long as your account is active or as needed to provide the service.

When you delete your account:

  • Your profile and all health data are permanently deleted within 30 days
  • Anonymised, aggregated analytics data that cannot identify you is retained for product improvement
  • We may retain minimal data for up to 90 days in encrypted backups before full purge

Guest session data with no associated account is automatically purged after 12 months of inactivity.

12. Where Your Data Is Stored

Our database provider (Supabase) stores data on servers in the United States. If you are based in Europe, this means your data is transferred to and stored in the US.

We use standard legal agreements approved by the European Commission to make this transfer lawful. By using the app, you agree to this transfer.

13. Analytics & Tracking

We do not use advertising cookies or cross-app tracking.

Any usage analytics we collect are:

  • Anonymised and aggregated before storage
  • Used only to understand feature usage and improve the app
  • Never linked to your identity, health data, or cycle information
  • Never sold or shared with advertising networks

We comply with Apple's App Tracking Transparency (ATT) framework — we do not track you across third-party apps or websites.

14. Changes to This Policy

If we make material changes to this Privacy Policy, we will notify you in the app at least 14 days before the changes take effect. For significant changes affecting your rights, we will request renewed consent where required by law.

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the app after the effective date of changes constitutes acceptance of the updated policy.

15. Contact & Complaints

All enquiries (privacy, support, legal): support@mozicycle.com

We aim to respond to all privacy requests within 48 hours (acknowledgement) and 30 days (full response).