FemlyCare Privacy Policy

Privacy Policy

FemlyCare respects your privacy. This policy explains what data we process, why we process it, who helps us provide the service, and how you can control or delete your data.

Effective Date June 6, 2026
Version 2026-06-06
Operator Anand Nishad
Independent developer
Contact anandrex5@gmail.com

1. Overview and Scope

FemlyCare is a menstrual cycle and wellness tracking app operated by Anand Nishad as an independent developer. Anand Nishad is the controller/data fiduciary for the personal data described in this policy.

This policy covers the mobile app, Firebase backend, AI chat, and FemlyCare website. It addresses India's Digital Personal Data Protection framework and, where applicable, the EU/EEA GDPR and UK GDPR.

SENSITIVE HEALTH DATA: menstrual and wellness information may be sensitive health data. Cloud sync and AI processing require explicit consent. Usage analytics and crash reporting are OPTIONAL AND OFF BY DEFAULT.

2. Information We Process

Account information

  • Firebase user ID, email address, display name, and profile photo.
  • Authentication provider and session-security identifiers.
  • Firebase/Google handles sign-in credentials; FemlyCare does not receive your Google password.

Cycle and wellness data

  • Period dates, cycle history, symptoms, pain, flow, mood, and notes.
  • Reminders, estimates, preferences, and data you choose to import.

Chat and AI data

  • Messages, recent relevant history, and limited cycle context.
  • Generated replies, provider/model metadata, and continuity preferences.

Device and operations data

  • Notification token, timezone, activity timestamps, and sync/deletion state.
  • Consent choices and accepted policy versions.
  • IP address, browser/device type, requested URL, timestamps, and security logs that hosting or infrastructure providers may process.

Optional telemetry

  • Usage events only after you enable analytics.
  • Crash diagnostics only after you enable crash reporting.

Local data and files

  • App preferences and locally stored cycle/chat records.
  • Import, backup, or export files you choose to use or share.
WE DO NOT SELL PERSONAL DATA OR USE HEALTH DATA FOR ADVERTISING. We do not intentionally collect precise location, contacts, advertising identifiers, or payment-card details.

3. How and Why We Use Data

Provide the service

  • Create and secure your account.
  • Save and synchronize data after cloud-sync consent.
  • Show history, reminders, estimates, and app insights.

Support and safety

  • Generate requested AI wellness responses after AI consent.
  • Prevent abuse, enforce quotas, and protect account security.
  • Comply with valid legal obligations.

Where GDPR applies, account and requested app functions rely on contract; cloud health-data sync and AI processing rely on consent and explicit health-data consent; optional telemetry relies on consent; and narrowly scoped security processing may rely on legitimate interests or legal obligation.

Under India's DPDP framework, processing relies on clear, specific consent or another lawful use permitted by law. Required cloud and AI choices are separated from optional telemetry.

4. Consent and Your Choices

  • 18+ ONLY: you must confirm that you are at least 18 years old.
  • Cloud consent: you separately consent to cloud storage/sync of cycle, wellness, notes, and chat data.
  • AI consent: you separately consent to OpenAI processing relevant data when you use AI chat.
  • You accept the current Privacy Policy and Terms of Use versions.
  • Analytics, crash reporting, and personalized insights remain optional.

After required consent is accepted, the app records cloudSyncConsent: true and starts synchronization automatically. There is no separate cloud-sync switch in Settings.

5. AI Processing and Limitations

When you request an AI response, FemlyCare may send your message, limited recent chat history, and relevant cycle context to OpenAI through the protected backend. Provider processing does not begin unless current age, cloud-sync, and AI-processing consent is present.

  • AI REPLIES MAY BE INACCURATE, INCOMPLETE, BIASED, OR OUTDATED.
  • NOT MEDICAL ADVICE: AI replies provide general wellness information only.
  • NO PREGNANCY, CONTRACEPTION, SEXUAL-HEALTH, OR STI GUIDANCE.
  • FemlyCare does not make automated decisions with legal or similarly significant effects.

6. Service Providers and Disclosure

We do not sell or rent your personal data. The following processors help provide the service:

Firebase Authentication Cloud Firestore Cloud Functions Firebase Cloud Messaging Firebase App Check Optional Firebase Analytics Optional Firebase Crashlytics OpenAI
  • Google Firebase/Google Cloud provides authentication, storage, backend functions, notifications, and security services.
  • OpenAI processes requested AI chat content. API content is not used for model training by default unless the operator separately opts in.
  • Information may be disclosed when reasonably necessary to comply with law, protect users, or establish legal claims.
  • If FemlyCare is reorganized, transferred, or acquired, data may transfer as part of that transaction only subject to applicable law, notice requirements, and continuing privacy protections.

7. Website Cookies and Request Logs

The FemlyCare website does not intentionally use advertising or marketing cookies. Firebase Hosting and related security infrastructure may process technical request data, including IP address, browser/device information, requested pages, timestamps, and security logs.

App preferences stored on your device are not browser cookies. If FemlyCare later introduces non-essential website cookies or tracking, this policy and any required consent controls will be updated before that processing begins.

8. International Transfers

FemlyCare is operated from India. Google and OpenAI may process data in the United States and other countries. Where EU/EEA or UK transfer rules apply, transfers must rely on an adequacy decision, approved Standard Contractual Clauses, the UK addendum/IDTA, or another lawful safeguard together with appropriate technical and organizational measures.

You may request information about the applicable transfer safeguard by email.

9. Storage, Security, and Retention

Storage and security

  • Firebase Authentication and owner-only Firestore rules.
  • App Check, encrypted transport, and scoped backend access.
  • Android cloud backup and device transfer disabled.
  • Server-side account deletion and data minimization.

Retention periods

  • Account/cycle/preferences: while active, unless deleted earlier.
  • Cloud chats, AI memory, and deletion markers: maximum 90 days.
  • Inactive cloud health data: scheduled for deletion after 90 days.
  • Optional Crashlytics: maximum 90 days.
  • Optional Analytics: maximum 14 months.
  • OpenAI abuse-monitoring logs: up to 30 days by default.

After account deletion, active records are removed immediately. Inaccessible residual processor backups may remain until overwritten, for no longer than 90 days. Local data remains until in-app deletion, account deletion, clearing app storage, or uninstall.

NO ONLINE SERVICE CAN GUARANTEE 100% SECURITY. Please report suspected security or privacy incidents promptly. Where required by law, FemlyCare will notify affected users and competent authorities of a qualifying personal-data breach.

10. Deletion and Privacy Rights

Delete app data or your account from Settings > Privacy Settings > Account & App Data Delete.

DELETE ACCOUNT: the active Firebase user record, all user subcollections, and the Firebase Authentication account are deleted by the server-side deletion service.

Depending on your location, you may request access, correction, deletion, restriction, portability, or objection; withdraw consent without affecting earlier lawful processing; nominate another person where Indian law provides; and complain to the Data Protection Board of India or your EU/EEA/UK supervisory authority.

GDPR requests are normally answered within one month. Identity verification may be required. Withdrawing required health/cloud or AI consent means those account features cannot continue.

11. US State Privacy Rights

Where applicable US state privacy law provides these rights, residents may request access, correction, deletion, or a portable copy of personal data and may appeal a denied request. FemlyCare does not sell personal data or share it for cross-context behavioral advertising or targeted advertising.

FemlyCare will not discriminate against a user for exercising an applicable privacy right. Requests may require reasonable identity verification, and legal exemptions may apply.

12. Age Eligibility

FEMLYCARE IS FOR ADULTS AGED 18 AND OVER. The app requires an 18+ confirmation before account cloud sync and AI features are activated. We do not knowingly provide the service to children. If you believe a minor supplied personal data, contact us for deletion.

13. Medical Limitation

NOT MEDICAL ADVICE: FEMLYCARE IS NOT A MEDICAL DEVICE, CLINICIAN, OR EMERGENCY SERVICE. It is a wellness and tracking tool and does not diagnose, treat, cure, or prevent disease. Do not use cycle estimates as contraception or as a diagnosis of pregnancy, fertility, or any medical condition. Seek qualified medical care for symptoms, diagnosis, medication, pregnancy concerns, treatment, or emergencies.

14. Changes to This Policy

Material changes receive a new version and effective date and may require renewed consent. The current version is posted on this page and bundled in the app.

15. Contact Us

Operator and privacy contact:
Anand Nishad, independent developer
anandrex5@gmail.com

A physical service address and any legally required EU/UK representative details must be added before distribution in a jurisdiction that requires them.

Copyright 2026 Anand Nishad - Terms of Use