1. Scope
This notice explains how Endokaira may collect, use, disclose, and protect consumer health data. It supplements the Privacy Policy.
2. Consumer health data we may collect
- Symptoms, pain levels, menstrual cycle information, health-related factors, notes and logs you enter.
- Derived patterns, reports, predictions, trends or insights generated from your entries.
- Account identifiers, app settings, consent records, subscription status, support requests, device and app diagnostics when linked to your use of Endokaira.
3. Purposes
- Provide personal tracking, history, reports and probabilistic insights.
- Maintain accounts, subscriptions, security, support and app reliability.
- Comply with legal obligations and respond to user rights requests.
4. Sources
We collect consumer health data from you, from your use of the app, from app-generated calculations and from service providers used to operate the app.
5. Sharing
We may disclose consumer health data to service providers that help us host, operate, secure, support or improve Endokaira. In the current configuration, the main providers or recipients are:
- Daelya API hosted on Railway and MongoDB Atlas: may receive and store daily logs, symptoms, factors, notes, profile, consents and derived data needed for account and sync features.
- Firebase/Google: authenticates users, delivers remote configuration, manages notifications, analytics when you consent and it is active, and stability diagnostics when active. Cloud Firestore is not used to store health logs.
- Cloudflare Pages: hosts the legal website and may process IP address, headers, technical logs and aggregated metrics if Cloudflare Web Analytics is enabled.
- Apple and Google Play: manage purchases, subscriptions and store transactions; they do not receive the content of your health logs for this purpose.
- Gmail: receives content you voluntarily send by email, including health information if you choose to include it in a support or privacy request.
We do not sell consumer health data. We do not share consumer health data for targeted advertising or with data brokers. We have not identified use of Firestore, RevenueCat, AdMob, Sentry, Mixpanel, Amplitude, PostHog, Stripe or external Google Fonts delivery in the current implementation.
6. Your rights
Depending on your state, you may have the right to access, confirm, delete, withdraw consent, or receive a list of third parties and affiliates with whom we have shared consumer health data. You may request deletion from the app if you have an account or by contacting eduayuso@gmail.com. Where required, we will notify relevant providers or processors so they can honor the request under applicable law.
7. Security and retention
We use reasonable technical and organizational safeguards for consumer health data. Health logs associated with an account are deleted from active systems when account deletion is completed, except for limited retention needed for security, legal obligations, purchases, incidents, claims or temporary provider backup copies until rotation. Retention is described in more detail in the Privacy Policy.