HerLyfe Privacy Policy

This Privacy Policy applies to the HerLyfe mobile application for iOS and Android and related subscription/legal pages linked from the app.

It explains how HerLyfe Ltd collects, uses, shares, and protects personal data when you use the app.

We collect the following categories of data:

• Account and authentication data, including identifiers such as Clerk user ID and account profile details (such as email and username, where available).
• Wellness and health-adjacent data you enter in the app, including experiments, check-ins, notes, cycle/life-stage context, and safety-related settings.
• Device and notification data, including device ID, push token, platform, and push environment metadata.
• Billing and entitlement data processed through RevenueCat, such as app user ID, subscription status, entitlement status, and renewal/expiry related metadata.
• Diagnostic and telemetry data, including crash/error monitoring metadata (Sentry) and product analytics events (PostHog) when analytics is enabled.

We do not integrate third-party advertising SDKs in the current app codebase, and we do not sell personal data.

We use personal data to:

• Provide core app functionality, including account session handling, sync, and data persistence.
• Apply safety-related logic, such as safety gating and suppression behavior.
• Deliver reminders and notifications you have enabled.
• Verify and maintain subscription entitlement status.
• Improve product quality and app experience using product analytics where enabled.
• Detect, prevent, and investigate security, fraud, abuse, and service reliability issues.

If you are in the EEA or UK, we rely on one or more of the following legal bases:

• Contract: processing needed to provide the app features you request.
• Legitimate interests: service security, reliability, debugging, and core product operations.
• Consent: where required, including product analytics controls.
• Legal obligations: where processing is required by law.

We share data with service providers/processors that support app operations:

• Clerk: authentication and identity services.
• Convex: backend infrastructure and realtime data processing/storage.
• RevenueCat: subscription/billing entitlement processing.
• PostHog: product analytics processing (subject to analytics setting controls).
• Sentry: crash/error monitoring and observability.
• Apple APNs and Google FCM: push notification delivery.

We share data with these processors only as needed for the purposes in this policy. We do not sell personal data and do not use third-party ad network integrations in the current codebase.

HerLyfe supports privacy-aware notification controls:

• Notification content is generic by default.
• You can choose more detailed notification previews in app settings.
• You can change reminder and notification permissions at any time in app settings and/or OS settings.

We keep data for as long as needed for the purposes above, including:

• Account data is kept while your account is active.
• Account deletion triggers an asynchronous cleanup workflow that removes or hides account-related data across experiments, check-ins, devices, settings, and community records.
• Some deletion tasks are queued and processed in batches, so full cleanup may complete after the initial deletion action.
• Clerk webhook receipt records use a limited retention window (7-day TTL behavior in the current implementation).
• Local device cache/storage persists until cleared by app/account deletion flows or app uninstall.
• Third-party processors may keep data under their own retention schedules and policies.

HerLyfe and its processors may process data in countries other than your own. Where required for EEA/UK transfers, we apply appropriate transfer safeguards under applicable law.

Depending on your location, you may have rights to:

• Access personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of personal data.
• Request a portable copy of your data.
• Object to or restrict certain processing in specific circumstances.
• Withdraw consent where processing is based on consent.

For EEA/UK users, you also have the right to lodge a complaint with your local supervisory authority.

For users in US states with privacy laws, rights may include access, correction, deletion, and portability, subject to legal limits and verification.

To make a privacy request, contact: oliver@herlyfe.com

If needed, you can also contact support at: support@herlyfe.com

HerLyfe is not intended for individuals under 18. If we become aware that personal data from an individual under 18 has been submitted, we will take steps to delete it.

We use reasonable technical and organizational safeguards designed to protect personal data, including secure token storage on device, authenticated access controls, and transport/security controls in our service architecture.

No system is completely secure. If you believe your account or data has been compromised, contact us promptly.

The app provides controls for:

• Privacy settings and analytics preferences.
• Sharing defaults for community participation.
• App Lock/device authentication options.
• Reminder and notification settings/permissions.
• Account deletion flow.

We may update this Privacy Policy from time to time. When we do, we will update the effective date and post the revised version through our normal product/legal channels.

HerLyfe Ltd
First Floor Swan Building, 20 Swan Street, Manchester, England, M4 5JW
Company number: 16811057

Privacy: oliver@herlyfe.com
Support: support@herlyfe.com