PrivaCycle Privacy Policy

Effective date: December 31, 2025
App: PrivaCycle (iOS)

This Privacy Policy explains how PrivaCycle handles information when you use the app.

PrivaCycle is designed to work without a developer-operated backend. Your period tracking and related health data is stored on your device, and (if you enable it) an encrypted backup may be stored in Apple iCloud via CloudKit.

1. Who is responsible for processing

Developer / Controller:
Banana Pancakes s.r.o.
Na Pomezi 910/2
Praha 5, 158 00
Czech Republic

Contact: Use the contact details provided on the PrivaCycle App Store product page, or any in-app "Contact" option (if available).

2. Key points summary

  • No developer backend: We do not run servers that receive or store your period tracking data.
  • Local-only by default: Your data is stored locally on your iPhone/iPad.
  • Encrypted storage: PrivaCycle encrypts app data on-device and supports unlocking with PIN and/or biometrics.
  • Optional iCloud backup (CloudKit): If enabled, PrivaCycle stores an encrypted copy in your iCloud account using CloudKit.
  • Subscriptions via Apple: Payments and subscription management are handled by Apple StoreKit 2. We do not receive your payment card details.

3. Information PrivaCycle processes

3.1 Information you enter in the app (stored locally)

PrivaCycle may process the information you choose to input, such as:

  • menstrual cycle dates and related entries
  • symptoms, notes, tags, and other health-related logs you choose to record

Where this data is processed/stored:

  • On your device, in encrypted form.
  • Not transmitted to any developer-operated servers.

3.2 App security credentials (PIN / biometrics)

  • If you set a PIN, the app uses it to control access to encrypted data.
  • If you enable Face ID / Touch ID, authentication is performed by iOS. PrivaCycle does not receive or store your biometric data. We only receive a success/failure result from iOS.

Secure Enclave note (technical): iOS uses the Secure Enclave to protect cryptographic material (such as encryption keys) when available. PrivaCycle is designed so that encryption keys are protected by hardware-backed security, and decrypted app data is intended to be available only when you unlock the app (e.g., in memory while the app is in use).

3.3 iCloud / CloudKit (optional)

If you enable iCloud backup/sync:

  • PrivaCycle stores your app data in your iCloud account using Apple CloudKit.
  • PrivaCycle is designed to encrypt your data before it is stored in CloudKit, so the backup is intended to be unreadable without your device's unlock and/or cryptographic keys.

Important: Apple operates iCloud/CloudKit. Apple may process certain account/device/connection information as part of providing iCloud services under Apple's terms and privacy policy. PrivaCycle does not control Apple's processing.

3.4 Subscriptions (StoreKit 2)

If you purchase a subscription:

  • Apple processes the transaction (including payment information).
  • PrivaCycle uses StoreKit 2 on your device to check subscription entitlement/status and enable premium features.

We do not receive:

  • your payment card details
  • your billing address (unless Apple provides it to you directly as part of your Apple account; it is not shared with us)
  • your full Apple ID

We may process locally on-device information such as:

  • whether a subscription is active
  • product identifiers and transaction/receipt-related identifiers provided by StoreKit (used only on-device to enable features)

4. Information we do not collect through the app

PrivaCycle is built to avoid collecting personal data through the app. In particular, we do not collect:

  • your name, email address, or phone number (unless you choose to contact us outside the app)
  • precise location data
  • contacts
  • photos
  • advertising identifiers (IDFA)
  • cross-app tracking data
  • analytics events sent to a developer server
  • your period/health logs on any developer server

5. How we use information (purpose and legal basis)

PrivaCycle processes your data only to provide app functionality:

Provide core features (cycle tracking, predictions, logs)

Where: on your device

Legal basis (GDPR): performance of a contract (providing the app) / legitimate interest in providing the requested functionality

App security (PIN/biometric lock and encryption)

Where: on your device

Legal basis (GDPR): legitimate interest in protecting your data and providing the security features you enable

Optional iCloud backup/sync (CloudKit)

Where: in your iCloud account via Apple CloudKit

Legal basis (GDPR): your choice/consent to enable iCloud + performance of a contract (providing the backup/sync feature you request)

Subscriptions (unlock premium features)

Where: on your device via StoreKit 2

Legal basis (GDPR): performance of a contract (delivering purchased features)

Because we do not operate a backend for your app data, we generally do not have access to your health entries and cannot use them for our own purposes.

6. Sharing and disclosure

6.1 We do not sell or rent your data

We do not sell, rent, or monetize your period tracking data.

6.2 Third parties

PrivaCycle uses Apple services that you may choose to use:

  • iCloud/CloudKit (only if you enable iCloud backup/sync)
  • StoreKit 2 (for subscriptions)

Apple's processing of information is governed by Apple's terms and privacy policy. PrivaCycle does not control Apple's systems.

6.3 Legal requirements

If required by law, we may need to respond to valid legal requests. Because PrivaCycle does not run a backend for your health data, we typically would not have your health data to disclose.

7. Data retention

  • On-device data: Stored until you delete it within PrivaCycle or uninstall the app.
  • iCloud/CloudKit data (if enabled): Stored in your iCloud account until you disable iCloud for PrivaCycle and/or delete associated iCloud data (subject to Apple's iCloud behavior and retention rules).

8. Your controls and choices

You can:

  • set or change your PIN
  • enable/disable Face ID / Touch ID for unlocking
  • enable/disable iCloud/CloudKit backup/sync in iOS settings (and/or within the app if offered)
  • delete entries in the app, or delete all app data (if the app provides a "Delete all data" option)
  • uninstall the app to remove local data

Important security consequence: If you forget your PIN (and there is no recovery mechanism), your encrypted local data may be unrecoverable by design.

9. Your GDPR rights (EEA/UK users)

Depending on your location and applicable law, you may have rights including access, rectification, deletion, restriction, objection, and portability.

Practical limitation: PrivaCycle does not maintain a server-side database of your health logs. In most cases, the way to exercise deletion/access is directly in the app (because the data is on your device / iCloud account).

You also have the right to lodge a complaint with your local data protection authority (for example, in the Czech Republic with the Office for Personal Data Protection).

10. International transfers

PrivaCycle does not transfer your health data to developer-operated servers.

If you enable iCloud/CloudKit, Apple may process and store data in locations consistent with Apple's global infrastructure and your iCloud settings/terms.

11. Children

PrivaCycle is not intended for children. If you are a parent/guardian and believe a child has used the app inappropriately, contact us using the details on the App Store listing.

12. Changes to this policy

We may update this Privacy Policy to reflect changes in the app or legal requirements. If we make material changes, we will update the effective date above and, where appropriate, provide notice within the app or via the App Store listing.