PETAL APP PRIVACY POLICY

Last Updated: March 2026

Welcome to Petal ("App", "we", "our", "us"). Your privacy is deeply important to us. Because we handle highly sensitive health and personal data regarding your menstrual cycle and general wellness, we have built Petal with a privacy-first approach.

This Privacy Policy explains what information we collect, how we use it, how we secure it, and your rights concerning that data. By using Petal, you consent to the practices described in this Privacy Policy.

1. Information We Collect

A. Information You Provide Directly

  • Account Information: When you sign up, we collect your email address, name, and profile details to create and authenticate your account using Firebase Authentication.
  • Health and Cycle Data: You may manually log sensitive information including your period start and end dates, flow intensity, symptoms, mood, cycle length, contraceptive usage, and other health-related notes.
  • Voice Data: If you use our voice transcription feature, your audio input is processed to transcribe spoken words into text for logging purposes or chatting with our AI assistant ("Ask Petal").
  • Partner Information: If you choose to use the Partner Dashboard, you may invite a partner to track your cycle phase. This involves sharing limited information (such as your current phase) with the registered partner account.

B. Automatically Collected Information

  • Analytics and Usage Data: We use PostHog to gather anonymized, non-personally identifiable product usage data to understand how you interact with Petal and improve its features.
  • Device Information: We collect basic device information, app version, and operating system data (e.g., iOS version) for crash reporting, bug fixing, and push notifications via Expo.

2. How We Use Your Information

We use the information we collect strictly to provide and improve the Petal app experience:

  • To Provide Core Features: Your cycle data is used to generate phase predictions, ovulation estimates, and personalized health insights.
  • To Power AI Features: Health queries and voice transcriptions you submit to "Ask Petal" are processed to provide context-aware, helpful responses. We work with trusted APIs and do not use your personal identifiable data to train public AI models.
  • To Enable Partner Features: If authorized by you, we display broad phase and mood metrics to your linked partner. Detailed logs remain strictly private to you.
  • To Communicate With You: For sending crucial cycle-related push notifications (if opted-in), account updates, or support responses.
  • For Product Improvement: Anonymized analytics help us understand which features are most useful and where bugs arise.

3. Data Storage and Security

  • Cloud Infrastructure: Your personal and health data is securely stored on Google"s Firebase Firestore databases. Our databases utilize strict Firestore Security Rules to ensure that your data is only accessible to you (and explicitly shared data to your authorized partner).
  • Encryption: Data is encrypted in transit using SSL/TLS and encrypted at rest by Google Cloud.
  • Anonymization: For analytics tracking in PostHog, we implement controls to separate your deeply personal health identifiers from generalized usage metrics.

4. How We Share Your Data

We do not and will not sell your personal or sensitive health data to third-party advertisers or data brokers.

We only share data in the following restricted circumstances:

  • Service Providers: We share necessary data with trusted third-party services that host our infrastructure (Google Firebase), provide analytics (PostHog), or power our AI capabilities. These providers are bound by strict data processing agreements.
  • Authorized Partners: If you explicitly opt into the Partner Dashboard, your selected partner will have access to the specific data (e.g., current cycle phase, supportive tips) you consent to share.
  • Legal Compliance: We may disclose information if required to do so by a legal obligation, valid court order, or government request, though we will seek to protect your health records to the fullest extent permitted by law.

5. Your Rights and Choices

We believe you should have total control over your health data.

  • Data Export: You have the right to request an export of all the personal and health data Petal holds about you. You can do this directly from the Profile screen in the app.
  • Data Deletion: You can delete your entire account and all associated health data directly from the app (Profile > Delete Account). Upon confirmation, your data is irrevocably removed from our active databases.
  • Opt-Out of Analytics: While analytics greatly help us improve Petal, you may opt-out of secondary usage tracking within the app settings.
  • Notification Controls: You control whether Petal can send you push notifications via your iOS system settings.
  • Microphone Access: Voice transcription requires explicit microphone permissions, which you can revoke at any time via your iOS settings.

6. Children"s Privacy

Petal is not intended for use by children under the age of 13 (or under 16 in certain jurisdictions such as the EU/EEA, unless parental consent is given). We do not knowingly collect personal information from children without appropriate verified consent. If you believe we have inadvertently collected such information, please contact us so we can delete it immediately.

7. Changes to This Privacy Policy

We may update this Privacy Policy periodically. If we make material changes, particularly concerning how we handle your health data, we will notify you within the Petal app or via email before the changes take effect.

8. Contact Us

If you have any questions, concerns, or requests regarding your data and privacy, please contact our support team at:

  • Email: privacy@petalapp.com
  • Website: https://petalapp.com