More information about how we keep your data safe in our latest update

TL;DR: We anonymize your login data from your cycle tracking data and only you as the user hold the key along with the security questions to connect them.

We are using open-source implementations of hashing and encryption protocols, however, the way we are implementing and storing our data is what is actually protecting our users / isolating personally identifiable information (PII) from usage data. How this works is that when a user authenticates on the app (regardless of what type of operating system someone uses) we deploy Google Firebase Authentication to validate that a user is who they say they are. The client side application then sends this token along with a unique encryption key generated by the mobile application to our servers. At this point, our server validates with firebase servers that token provided is indeed valid and then hashes (SHA-3) the PII from the token along with the provided encryption key and server salt to generate a 'linking identifier' and create a 'new user' on our database that has a relation to this link. We then return a bearer token to the client that authorizes the user on subsequent requests for the rest of their session. The important take away at this stage, is that the user that is created on our system has no PII tied to it; the only thing it is linked to is a one-way hash of the firebase credential and the user's key. We do not save the user's encryption key and there are no server logs of it;once it falls out of memory it is no longer accessible by us. As a result, all following calls to our server using this bearer token (including the periods they log, symptoms they are facing, birth control methods, and even date of birth) are not linked to their PII.

We rely on our users to be able to provide this encryption key if they ever log out or get a new phone, so on app sign up, we show them the key and allow them to copy/write it down. This step is really important. If a user logs out, and logs back in, they will be prompted for this key, and if it is invalid, we will not be able to find the account they have been using nor can we recover their information. If someone is not able to add their encryption key correctly, then they will have to create a new account.

We are working on a feature to allow users to opt-in to 'local only' mode which will allow them to use the application fully anonymously without account creation and without any write transactions to our or any third-party services, but this will take time. Since a majority of our app’s usage is achieved from personalized user experiences that is largely powered by server-side implementations, this 'local only' mode will be a somewhat trimmed down feature set (i.e. no sync with friends), but will provide these users with the extreme protection they are looking for.

If you are a data security expert and would like to consult or contribute to our project, please reach out at We’d love to hear from you.