Last updated · 2026-05-09 · Next review: August 2026
Core commitment: Your cycle, ovulation, and symptom data does not leave your device. Unless you actively enable Cloud Backup (Premium) — in which case the data is end-to-end encrypted on your device before upload, and our servers cannot decrypt it.
1. Data we collect
| Type | Purpose | Personal? | Legal basis |
|---|---|---|---|
| Cycle / ovulation / sexual activity records | Core period tracking | ⚠️ Yes (sensitive health data) | Explicit consent (GDPR Art 9, MHMDA §1798.99.30) |
| Symptom logs (pain, mood, flow, etc.) | Same | Yes (health data) | Same |
| Temperature logs (BBT) | Same | Yes | Same |
| Anonymous device UUID | Premium subscription identity | No (hashed) | Contract performance |
| Apple ID / Google account sub | Cross-device sync (when you sign in) | Yes (hashed) | User consent |
| Subscription metadata (timestamps, type) | Premium expiration calculation | No | Contract performance |
| Crash & performance diagnostics (Sentry) | Bug fixes, stability | No (PII filter hard rule) | Legitimate interest |
2. What we do NOT collect
- Real name, address, phone, birthday (unless you actively input)
- Bank account, credit card (handled by Apple / Google)
- Facial / biometric data
- Location (GPS) — QiFlux never requests location permission
- Contacts, other app data
- Sexual activity details (we record only "yes/no" binary)
- Sexual orientation, religion
- Immigration status, race, political views
"We do not collect GPS" is a key defense against WA MHMDA geofencing provisions.
3. Third-party services
| Service | Provider | Purpose | What's transmitted |
|---|---|---|---|
| Cloudflare Workers | Cloudflare Inc. (US) | API + E2E backup storage | Anonymous hash + encrypted blob (cannot decrypt) |
| Apple/Google IAP | Apple/Google | Subscription payment | Receipt only |
| RevenueCat | RevenueCat Inc. (US) | Cross-platform subscription mgmt | Anon user hash + state |
| Sentry | Functional Software Inc. (US) | Error reporting | Stack trace (PII stripped) |
| Health SDK (Apple/Google) | Apple / Google (device-only) | HealthKit / Health Connect bi-directional sync (opt-in) | Menstrual flow data — stays on device, never leaves OS sandbox |
| Google Gemini (culture pack) | Google LLC (US) | Cultural reference summarization (opt-in, paid tier with no-train commitment) | Cycle phase + constitution tag + chosen symptoms (no PII) |
We do not sell your personal data to any third party. We do not use third-party analytics (Mixpanel, Amplitude, Firebase Analytics — all excluded). We do not conduct behavioral tracking.
4. Retention periods
| Data | Location | Retention |
|---|---|---|
| Cycle / symptom / temperature | Your device only | Until you delete or uninstall |
| Cloud backup blob (Premium) | Cloudflare R2 | Until account deletion + 30-day grace period |
| Subscription metadata | Cloudflare D1 | 90 days after subscription ends |
| Crash logs (Sentry) | Sentry | 90 days auto-deleted |
| Culture pack anonymous query log | Cloudflare D1 | 7 days auto-deleted (no user ID) |
5. Your rights
- Access — Settings → Data → "Export" (JSON / CSV)
- Rectify — Edit records directly in app
- Delete — Settings → Account → "Delete all my data" (≤ 2 taps)
- Restrict processing — Disable cloud backup / culture pack
- Portability (GDPR Art 20) — Same as Access
- Object to automated decision-making (GDPR Art 22) — N/A; QiFlux does not perform automated decision-making
- Withdraw consent — Settings → Privacy → "Review consents"
- Lodge complaint with regulator — TW: NCC / EU: your country DPA / WA: AG / Other US states: state AG
6. Children's privacy
QiFlux is not designed for children under 13 (COPPA), nor for minors under 16 without parental consent (GDPR-K Art 8). If we discover inadvertent collection, we will delete promptly and notify regulators.
Users aged 13–16: Onboarding will require parental/guardian consent confirmation.
7. Cross-border transfers
QiFlux uses Cloudflare's global edge network. Your requests may be served by any node globally. Safeguards:
- Cloudflare EU Adequacy decision (GDPR)
- TLS 1.3 for all transmissions
- Cycle/symptom data never crosses borders (local storage)
- Cloud backup blobs are E2E encrypted on your device — no node can decrypt
8. Security measures
- TLS 1.3 for all API communication
- E2E encryption using AES-256-GCM, keys generated on your device
- Key storage: iOS Keychain / Android Keystore (OS-level)
- SDK whitelist: all third-party dependencies publicly listed at /sdk
9. Policy changes
This policy may be updated. Material changes (new data types, new third-party services, retention changes, new jurisdictions) will be notified by:
- In-app push notification
- Mandatory re-consent screen on next app launch
- Website announcement at qiflux.smartrich.ai/privacy-en
Non-material changes (typo fixes): website only.
10. Region-specific provisions
10.1 Taiwan (PDPA)
Compliant with Taiwan Personal Data Protection Act. Special category data (medical) requires individual written consent per §6 — obtained during onboarding and re-confirmed on each health-related feature opt-in.
10.2 Hong Kong (PDPO)
Compliant with Hong Kong Personal Data (Privacy) Ordinance, Data Protection Principles 1-6.
10.3 EU/EEA (GDPR)
Designed to follow GDPR Articles 6, 9, 13, 17, 20, 25, 32. AI use (Asia culture pack) is disclosed in line with the EU AI Act.
10.4 California (CCPA / CPRA)
Health data is Sensitive Personal Information. We do not sell or share. Right to Know, Right to Delete, Right to Limit Use available via Settings. GPC (Global Privacy Control) signal honored.
10.5 Japan (APPI)
Health data is 要配慮個人情報. Explicit consent required prior to collection. We do not provide to third parties. Cross-border transfers via EU Adequacy and SCC.
10.6 Korea (PIPA)
Compliant with PIPA individual consent requirement for sensitive data.
10.7 China (PIPL)
QiFlux Phase 1 does not launch in China. zh-CN locale is for overseas Simplified Chinese users.
11. Washington Consumer Health Data Privacy Policy
This section applies to Washington State residents under the My Health My Data Act (RCW 19.373).
Definitions
"Consumer Health Data" (CHD) under MHMDA includes reproductive or sexual health information, menstrual cycle data, and symptom data related to health conditions.
Data we collect (CHD)
- Cycle tracking data (start/end dates, flow level)
- Symptom logs (pain, mood, sleep, etc.)
- Optional: BBT (basal body temperature)
We do not collect: geolocation (no GPS, ever), biometric, genetic information.
Why we collect
- To provide period tracking core feature (with your explicit consent)
- To provide cloud backup if you opt-in to Premium
Who we share with
We do not share, sell, or transfer CHD to anyone — not advertisers, data brokers, insurance companies, or employers. In practice your cycle and symptom data never leaves your device in readable form, so there is nothing for us to hand over.
Your rights under MHMDA
- Confirm whether we collect your CHD
- Withdraw consent at any time
- Request deletion of your CHD
- Designate an authorized agent
Exercise: email [email protected] or use Settings → Account → "Delete my data".
Geofencing notice
We do not use geofencing of any kind.
Private right of action
Washington residents may bring private action under RCW 19.86.090 for violations.
12. Protecting Reproductive Privacy (US Residents)
We recognize the unique privacy concerns of US residents following Dobbs v. Jackson Women's Health (2022).
Our commitments
- We do not store cycle/symptom data on our servers. All data lives on your device.
- Cloud Backup data is encrypted on your device before upload. We cannot decrypt it.
- Because your cycle and symptom data never reaches our servers in readable form, we have nothing to disclose to anyone — there is simply no plaintext cycle data for anyone to request.
- We do not collect, infer, or store your geographic location.
- We do not associate cycle data with real-world identity.
If you are concerned about reproductive privacy
- Use QiFlux without account (anonymous mode is default)
- Do not enable Cloud Backup if your jurisdiction is hostile
- Set a device passcode and keep your phone locked
- Enable biometric lock in QiFlux Settings
Resources
- ACLU Reproductive Freedom Project
- Digital Defense Fund
- EFF Surveillance Self-Defense
13. Contact us
| Channel | Use |
|---|---|
| [email protected] | Privacy questions |
| [email protected] | General support |
Company: Crealize LLC
Mailing: Independent developer · Taipei · 2026
DPO: voluntarily designated — same as [email protected]