The short version: Cycle stores your data on your device and in a secure cloud database so you can access it across sessions. We do not sell your data, serve ads, or share your information with third parties for marketing. You can delete your account and all associated data at any time.
1. Who we are
Cycle is developed and operated by Aegis.O Private Limited, a company registered in Singapore. In this policy, "we," "us," and "our" refer to Aegis.O Private Limited. "Cycle" or "the app" refers to the Cycle iOS application.
For privacy enquiries, contact us at privacy@aegiso.io.
2. What data we collect
We collect only the data necessary to deliver Cycle's core functionality. We do not collect data beyond what is listed here.
Account information
- Email address (for authentication and account recovery)
- Authentication credentials via Apple Sign-In or email/password
Cycle and health-related data
- Last period start date
- Cycle length and menstrual phase duration
- Phase Guide checklist completions (which daily wellness items you have ticked)
- Cycle pause records (e.g. if you pause tracking during pregnancy)
Reflection and journal data
- Freeform journal entries you write in the Reflect tab
- Structured reflections (e.g. core questions during the menstrual phase)
Technical data
- Device identifiers necessary for authentication and data sync
- Basic app usage data for crash reporting and stability (no behavioural analytics)
3. How we collect data
All personal data is provided directly by you through the app — during onboarding, when configuring your cycle settings, when completing checklists, or when writing journal entries. We do not collect data from third-party sources, and we do not use tracking technologies or advertising identifiers.
4. How we use your data
| Purpose | Data used |
|---|---|
| Calculate your current cycle phase and deliver daily phase-specific guidance | Cycle configuration (dates, length, menstrual days) |
| Display your checklist progress and trigger completion celebrations | Checklist completions |
| Show your cycle history and patterns over time | Cycle records, completions |
| Store and display your journal entries | Reflections |
| Authenticate your account and sync data across sessions | Account information, device identifiers |
| Send phase transition notifications (if you enable them) | Cycle configuration |
We do not use your data for advertising, marketing to third parties, behavioural profiling, or any purpose other than providing and improving the Cycle app experience for you.
5. Health data — special protections
Cycle handles menstrual cycle data, which we treat as sensitive health information. We apply the following protections:
- Health data is used solely to provide you with direct benefit through the app's phase guidance, and for no other purpose.
- We do not share health data with third parties for advertising, marketing, or data mining.
- We do not integrate with HealthKit or any external health data frameworks.
- Cycle is a wellness and lifestyle tool. It does not provide medical diagnoses, treatment recommendations, or clinical advice.
6. Data storage and security
Your data is stored in two locations:
- On your device — using Apple's SwiftData framework for fast, offline access.
- In the cloud — using Supabase, hosted in the Singapore region, for backup and cross-session sync.
All cloud data is protected by Row Level Security (RLS), which ensures that each user can only access their own data. Data transmission between the app and our servers is encrypted via TLS. Authentication is handled through Supabase Auth with support for Apple Sign-In.
7. Third-party services
We use the following third-party services, each of which is bound to provide equivalent data protection:
| Service | Purpose | Data accessed |
|---|---|---|
| Supabase | Authentication, database, data sync | Account info, cycle data, reflections, completions |
| Apple Sign-In | Account authentication | Email address (or Apple relay email) |
We do not use third-party analytics SDKs, advertising networks, or data brokers. If this changes in the future, this policy will be updated before any new service is introduced.
8. Data sharing
We do not sell, rent, or trade your personal data. We do not share your data with third parties for their own marketing purposes. Your data may only be disclosed in the following limited circumstances:
- To the third-party services listed above, solely for the purposes described.
- If required by law, regulation, or valid legal process.
- To protect the safety, rights, or property of our users or the public.
9. Data retention and deletion
Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time through the app's Settings menu. Upon deletion:
- All data stored in our cloud database (Supabase) will be permanently removed.
- Local data stored on your device via SwiftData can be removed by deleting the app.
- Deletion is irreversible. We do not retain backups of deleted user data.
10. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate data.
- Deletion — request that we delete your data (available via in-app account deletion).
- Data portability — request your data in a structured, machine-readable format.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
- Restrict processing — request that we limit how we use your data.
To exercise any of these rights, contact us at privacy@aegiso.io. We will respond within 30 days.
For users in the European Union
If you are located in the EU, your data is processed in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing are: performance of our contract with you (delivering the app's functionality), your consent (where applicable), and our legitimate interests (improving the service).
For users in Singapore
Your data is handled in accordance with the Personal Data Protection Act (PDPA). We obtain your consent for the collection, use, and disclosure of personal data as required under the PDPA.
11. Children's privacy
Cycle is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.
12. Notifications
Cycle may send local notifications to inform you of phase transitions within your cycle. These notifications are scheduled entirely on your device and are not sent through external push notification servers. You can enable or disable notifications at any time through the app or your device's Settings.
13. Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we will notify you through the app or by updating the date at the top of this page. We encourage you to review this policy periodically.
14. Contact
If you have questions about this privacy policy or how we handle your data:
Aegis.O Private Limited
380 JALAN BESAR, #06-02, ARC 380, SINGAPORE 209000
privacy@aegiso.io