Privacy Policy

Who we are

Hormone Harmony is an AI-powered PCOS health companion application. References to "we," "us," and "our" refer to Hormone Harmony. Our contact email is privacy@hormoneharmony.app.

What we collect

We collect the following information when you create an account and use the app:

• Account information: name, email address, date of birth, password (encrypted, never stored in plain text)
• PCOS health profile: diagnosis duration, symptoms, goals, PCOS subtype, supplement tracking
• Companion and language preferences
• Conversation history with your AI companion (stored to provide continuity of care)
• Lab values you voluntarily enter for interpretation
• Mood, symptom, and hydration logs you choose to track
• Subscription status and payment tier (payment details are handled entirely by Stripe — we never see your card number)

What we do NOT collect

• We do not collect precise GPS location
• We do not access your contacts, photos, or other device data
• We do not track you across other websites or apps
• We do not collect biometric data
• We do not sell, rent, or broker your personal data to any third party for any reason

How we use your information

• To provide personalized PCOS guidance, supplement recommendations, and health tracking
• To power AI companion conversations — your profile context is sent to Claude (Anthropic) to generate responses. Anthropic does not retain conversation data for training per their privacy policy.
• To send reminders and check-ins you have opted into
• To process subscription payments via Stripe
• To improve the app based on aggregate usage patterns (never individual data)

Third-party services we use

• Supabase — stores your account and health profile data. EU and US data centers. SOC 2 Type II compliant.
• Anthropic (Claude API) — processes your messages to generate AI responses. Data is not used for training.
• Vapi — processes voice sessions with Jade. Audio is not stored after the session ends.
• Stripe — processes payments. We never see or store your payment card details.
• Netlify — hosts the application. Standard web hosting logs apply.

Your health data and HIPAA

Data security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Account passwords are hashed using bcrypt and never stored in plain text. We use row-level security in our database so each user can only access their own data. Access to production data is restricted to essential personnel only.

Data retention and deletion

Your data is retained as long as your account is active. To delete your account and all associated data, email privacy@hormoneharmony.app with the subject line "Delete my account." We will confirm deletion within 30 days. After deletion, data is purged from our systems within 90 days, and from backup systems within 180 days.

Children's privacy

Hormone Harmony is intended for users 18 years and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us immediately at privacy@hormoneharmony.app.

Cookies and local storage

We use browser local storage to maintain your session and save preferences. We do not use third-party advertising cookies. We do not use tracking pixels. The only data stored locally is what is required for the app to function.

Your rights

Regardless of where you are located, you have the right to: access a copy of your data, correct inaccurate data, delete your data, export your data in a portable format, and withdraw consent for any processing. To exercise any of these rights, email privacy@hormoneharmony.app.

Changes to this policy

We will notify active users by email if we make material changes to this policy. Continued use of the app after notification constitutes acceptance of the updated policy.