Legal
Privacy Policy
Our Privacy Promise to You Flow & Glow will never sell your personal health data. We will never share your menstrual, fertility, or reproductive health data with advertisers, not now, not ever. Your body is yours. Your data is yours. That is our promise. .
SECTION 1
1. Who We Are
Flow & Glow Health, Inc. (Flow & Glow, we, us, or our) is a women's health technology company dedicated to helping people understand their menstrual cycles, embrace their cycle phases, and support their daily wellbeing. We operate the Flow & Glow mobile application (iOS and Android) and the website at flowandglow.app (collectively, the Services).
Data Controller
Flow & Glow Health, Inc. 63 Linthaugh Road, Glasgow, Scotland, G53 5TS, United Kingdom
Email: privacy@flowandglow.app
General enquiries: hello@flowandglow.app
Data Protection Officer (DPO)
We have appointed a Data Protection Officer as required under Article 37 of the GDPR, given that our core activities involve large-scale, systematic processing of special-category health data.
DPO Contact: dpo@flowandglow.app
Response time: We aim to respond to all privacy enquiries within 30 days.
EU & UK Representative
For the purposes of Article 27 of the UK GDPR, our designated UK representative is:
DCODAX LTD,63 Linthaugh Road, Glasgow, Scotland, G53 5TS, United Kingdom
DCODAX LTD is a private limited company. All correspondence directed to our UK representative should reference Flow & Glow and be sent to the address above or to privacy@flowandglow.app.
SECTION 2
2. Scope & Who This Policy Applies To
This Privacy Policy applies to all users of the Flow & Glow mobile application and website, wherever you are located in the world. It describes how we collect, use, share, and protect your personal data, including the special category health data you choose to log within the app.
Minimum Age
Flow & Glow is designed for individuals aged 16 and over globally. We do not knowingly allow children under the age of 13 to create an account (US, COPPA) or children under 16 to use the Service in the European Economic Area, United Kingdom, and Canada without verified parental or guardian consent. If you are between 13 and 15 years of age and reside in the EEA, UK, or Canada, a parent or guardian must review and agree to this policy on your behalf before you access the Service.
If we discover that we have collected personal data from a child below the applicable age threshold without proper consent, we will delete that data promptly. Please contact us at privacy@flowandglow.app if you believe this has occurred.
SECTION 3
3. Data We Collect
We collect the minimum amount of personal data necessary to deliver the Services you request. The table below sets out every category of data we collect, with examples and the primary purpose for which it is collected.
Data Category | Examples | Primary Purpose |
Personal Information (provided by you) | Name (optional); email address (optional, for support or account features); birthdate or age (to personalise cycle insights); health-related data such as period start/end dates, symptoms, moods, and notes | Account creation, cycle personalisation, and support |
Cycle & Health Data (Special Category) | Period start/end dates, flow intensity, cycle length, ovulation data, pregnancy status, fertility indicators, cervical mucus, basal body temperature, symptoms (cramps, mood, energy, bloating), medications, notes | Core app functionality: cycle tracking, prediction, and phase guidance |
Automatically Collected Information | Device information (model, OS version, device ID); app usage data (session duration, features used); IP address; language preferences | App performance, security, abuse prevention, and product improvement |
Lifestyle Data | Sleep patterns, exercise type, nutrition notes, stress levels. All fields are self-reported and optional | Personalised wellness insights |
Communications | Support messages, feedback, survey responses | Customer support and product development |
Payment Data | Billing information processed by our payment processor (Apple In-App Purchase, Stripe). We store only the last 4 digits of a card and transaction reference. | Subscription management |
What We Do NOT Collect
Email address and name are optional. You can use Flow & Glow without providing either. We do not collect precise GPS coordinates. We do not use advertising SDKs such as Meta Pixel, Google Ads SDK, AppsFlyer, Branch, Mixpanel, or Adjust within any screen that processes health data. We do not collect or store Social Security numbers, national identity numbers, or biometric identifiers. We do not sell or rent your data to third parties.
SECTION 4
4. How We Use Your Data
We process your personal data only for specific, explicit, and legitimate purposes. The legal basis for each processing activity is set out below. Where we rely on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
4.1 Core Service Delivery
Purpose: To provide cycle tracking, period and ovulation predictions, phase-synced wellness guidance, and content personalised to your current cycle phase.
Legal Basis (GDPR): Article 6(1)(b), performance of a contract; Article 9(2)(a), your explicit consent for special-category health data.
Legal Basis (US): Necessary to provide the service requested (CCPA/CPRA, MHMDA consent).
4.2 Account Management & Authentication
Purpose: Creating and securing your account, verifying identity, managing subscriptions, and enabling support.
Legal Basis (GDPR): Article 6(1)(b), performance of a contract.
4.3 Service Improvement & Analytics
Purpose: Understanding how the app is used (at aggregate, anonymised level) to fix bugs, improve features, and prioritise development.
Legal Basis (GDPR): Article 6(1)(f), legitimate interests. We conduct a balancing test to ensure this does not override your rights. No health data is used for analytics.
Safeguard: We use privacy-respecting, self-hosted analytics tools that do not use cross-app identifiers or share data with third-party advertising networks.
4.4 Research (Opt-In Only)
Purpose: Contributing anonymised, aggregated cycle data to women's health research in partnership with vetted academic and medical institutions.
Legal Basis (GDPR): Article 6(1)(a) and Article 9(2)(j), requiring your separate, freely-given, specific, informed, and unambiguous consent for research use.
How to opt in or out: Research participation is always opt-in. You can change your preference at any time in Settings → Privacy → Research.
4.5 Marketing & Communications
Purpose: Sending you product updates, health content newsletters, and promotional offers, provided you have separately opted in.
Legal Basis (GDPR): Article 6(1)(a), consent. You may unsubscribe at any time via the link in any email or in Settings → Notifications.
US law: We comply with the CAN-SPAM Act and CASL (Canada).
4.6 Legal Compliance & Safety
Purpose: Complying with applicable laws and regulations, detecting and preventing fraud, abuse, or security incidents.
Legal Basis (GDPR): Article 6(1)(c), legal obligation; Article 6(1)(f), legitimate interests in protecting users and the platform.
We do not use your personal data for automated decision-making that produces legal or similarly significant effects (GDPR Article 22). Our cycle predictions are informational tools. They are not medical diagnoses and are not used to make decisions about you. |
SECTION 5
5. Consumer Health Data Notice (Washington & Nevada)
This section constitutes our separate Consumer Health Data Privacy Policy as required by Washington State's My Health My Data Act (RCW Chapter 19.373, effective March 31, 2024) and Nevada's Consumer Health Data Privacy Law (SB 370, effective March 31, 2024). It applies to consumers who reside in Washington State and Nevada, and we apply its standards globally as our baseline.
5.1 What is Consumer Health Data?
Consumer health data means personal information that identifies or is reasonably linkable to a consumer and is associated with the consumer's health condition, treatment, reproductive health, menstrual cycles, fertility, pregnancy, sexual health, or related health care services.
All data logged in the Flow & Glow app relating to your menstrual cycle, fertility, pregnancy, symptoms, mood, and related wellbeing information constitutes consumer health data under these laws.
5.2 Categories of Consumer Health Data We Collect
Menstrual cycle data: period start/end, flow, cycle length, spotting
Fertility and ovulation indicators: ovulation predictions, fertile window, BBT, cervical mucus
Reproductive health status: pregnancy tracking (if opted in), pregnancy loss (optional log)
Physical symptoms: cramps, bloating, headaches, breast tenderness, energy levels
Mental and emotional health indicators: mood, stress, anxiety, sleep quality (self-reported)
Optional medication and supplement logs
5.3 Sources of Consumer Health Data
Directly from you when you log data in the app
From Apple HealthKit or Google Health Connect, but only when you grant explicit permission
Inferred from your logged data by our cycle-prediction model (e.g., predicted ovulation date)
5.4 How We Share Consumer Health Data
We do not sell your consumer health data. We do not share it for advertising. We share it only in the following limited circumstances:
Service providers: Cloud infrastructure, encrypted database hosting, and customer support tools that operate under strict Data Processing Agreements and are prohibited from using data for any purpose other than providing services to us.
Research partners (opt-in only): Anonymised and aggregated data with vetted academic or medical institutions, subject to your separate explicit consent.
Legal process: When required by a valid legal order (see Section 13 for our firm commitment to challenge overbroad demands).
Business transfers: In the context of a merger, acquisition, or sale of assets, your data would transfer subject to the same protections. We will notify you and give you the right to delete your data before any such transfer completes.
5.5 Your Washington & Nevada Rights
Right to confirm whether we are collecting consumer health data about you
Right to access and receive a copy of your consumer health data
Right to delete your consumer health data. We will complete deletion within 45 days of a valid request (MHMDA) or 30 days (Nevada)
Right to withdraw consent for collection or sharing at any time
Right to a list of all third parties to whom we have disclosed your consumer health data, with their online contact information
Right to appeal our response to any rights request
The right not to be discriminated against for exercising your rights
5.6 Geofencing Prohibition
We do not and will not use geofencing or location-based targeting around health-care facilities, hospitals, clinics, reproductive health providers, fertility clinics, wellness centres, or nutrition providers. This prohibition is absolute and applies to all marketing, analytics, and feature functionality, consistent with Section 9 of the Washington MHMDA and the Nevada equivalent.
5.7 Valid Authorization for Sale
We do not sell consumer health data. If this ever changes, we will obtain a separate, signed written authorisation from you that identifies: (a) the specific data to be sold; (b) the buyer's identity and contact information; (c) the purpose of the sale; and (d) an expiration date no longer than twelve months. We will retain that authorisation for six years.
SECTION 6
6. How We Share Your Data
6.1 We Never Do the Following
Sell your personal data, including your health data, to anyone, ever
Share health data with advertising networks, data brokers, or ad-tech platforms
Use Apple HealthKit or Google Health Connect data for advertising or share it with advertising platforms or data brokers
Share data for purposes that are incompatible with the purpose for which it was originally collected without your new consent
6.2 Service Providers (Data Processors)
We work with carefully selected third-party service providers that process data on our behalf, strictly under our instructions, and under binding Data Processing Agreements. Current categories of processors include:
Cloud infrastructure & database hosting: Encrypted, EEA-region-preferred storage for health data.
Authentication provider: Identity and login management. Note that we architecturally separate your identity credentials from your health data (see Section 15).
Customer support platform: Handles support ticket content only. No health data is passed to support tools.
Payment processor: Apple In-App Purchase and Stripe. These processors handle billing data under their own privacy policies; we share no health data.
Privacy-respecting analytics: Self-hosted, first-party analytics for product improvement. No advertising SDKs or cross-app identifiers are used.
Push notification service: Sends reminders you configure. This service receives only your device push token and notification preference, no health content.
6.3 Legal Disclosures
We may disclose your data when required by applicable law or a valid legal order. See Section 13 for our full policy on law-enforcement requests, including our commitment to challenge overbroad demands.
6.4 Business Transfers
If Flow & Glow is involved in a merger, acquisition, bankruptcy, or sale of substantially all assets, your data may be transferred to the successor entity. We will notify you by email and in-app notice at least 30 days before any such transfer and give you the opportunity to delete your account and data before the transfer completes.
SECTION 7
7. Cookies & Tracking Technologies
Our website (flowandglow.app) uses a limited number of cookies and similar technologies. Our mobile app does not use advertising identifiers (IDFA/GAID) for advertising or cross-app tracking.
Strictly necessary cookies: Session management, security (CSRF protection), and authentication state. Cannot be disabled without breaking core website functionality.
Functional cookies: Remembering your language preference and accessibility settings.
Analytics (first-party only): We use privacy-respecting, first-party analytics that do not set third-party cookies, do not fingerprint browsers, and do not share data with advertising networks.
We do not use Google Analytics, Meta Pixel, Google Tag Manager for advertising, or any other third-party tracking pixel on any page that handles health data.
You can manage cookie preferences at any time via the Cookie Preferences link in the website footer. EU/UK visitors will see a GDPR-compliant consent banner on their first visit.
SECTION 8
8. Data Retention
Flow & Glow is built on a privacy-by-design principle: all health and account data is stored anonymously, without any link to your personal identity. When you delete your account, your health data is deleted immediately. We do not retain it. The table below sets out our full retention periods by data category.
Data Category | Retention Period | Basis for Retention |
Account & health data (active account) | Held for the duration of your account, stored anonymously without personal identity link | Contract performance; privacy by design |
Account & health data (upon deletion) | Deleted immediately when you delete your account. We do not retain any data after deletion | User request; our zero-retention commitment |
Anonymised research data (opt-in only) | Retained indefinitely in aggregate, anonymised form. Cannot be linked back to you at any point | Scientific research, public interest (GDPR Art. 9(2)(j)) |
Device & technical logs | 90 days rolling, then automatically purged | Security and abuse prevention |
Usage analytics | 13 months rolling, then aggregated and purged | Product improvement (legitimate interest) |
Support communications | 3 years from last contact, or until deletion request | Legal basis: contract / legal obligation |
Transaction records (payment) | 7 years, as required by tax and accounting law | Legal obligation (varies by jurisdiction) |
Law-enforcement request records | 6 years | Legal obligation; challenge records |
Important: All data within Flow & Glow is saved anonymously, without your personal identity attached. This means your health records cannot be traced back to you even while your account is active. Upon account deletion, all data is removed immediately with no retention period applied. |
SECTION 9
9. International Data Transfers
Flow & Glow is headquartered in the United States. If you access the Services from the European Economic Area, the United Kingdom, or other jurisdictions with data-transfer restrictions, please be aware that your personal data may be transferred to, stored in, and processed in the United States or other countries.
We implement appropriate safeguards for all international transfers of personal data, including:
Standard Contractual Clauses (SCCs): EU Commission-approved SCCs (2021 version) are incorporated into all Data Processing Agreements with processors outside the EEA/UK, supplemented by transfer impact assessments where required.
EEA-preferred storage for health data: We store special-category health data on servers located within the European Economic Area wherever technically feasible, to minimise cross-border transfer risk.
UK IDTA: For transfers to the UK, we use the UK International Data Transfer Addendum or equivalent approved mechanism.
SECTION 10
10. Security
Protecting your health data requires serious security. We implement the following technical and organisational measures:
Encryption in transit: All data transmitted between your device and our servers uses TLS 1.3 or higher. We enforce HSTS and reject older protocol versions.
Encryption at rest: All personal data, including health data, is stored using AES-256 encryption. Database-level encryption is enforced at the infrastructure layer.
Identity and health data separation: Your account identity (email, name) is stored by our authentication provider separately from your health data, which is keyed to a random, non-identifying account ID. Even if our authentication layer were compromised, your health data could not be re-identified. See Section 15.
Access controls: Employee access to personal data is role-based, need-to-know, and logged. Production health data is never accessed in plaintext by engineers. All employees with data access complete privacy and security training annually.
Penetration testing: We engage an independent, accredited security firm to conduct penetration testing annually and after major feature releases.
Incident response: We maintain a documented incident-response plan. In the event of a security incident affecting your personal data, we will notify you and relevant supervisory authorities within the timeframes required by applicable law (72 hours for GDPR; 60 days for FTC Health Breach Notification Rule breaches affecting 500+ users).
Certifications target: We are pursuing ISO/IEC 27001 (information security) and ISO/IEC 27701 (privacy) certification. Status is posted at flowandglow.app/trust.
SECTION 11
11. Your Privacy Rights
Depending on where you live, you have a range of privacy rights. We honour these rights regardless of where you are located. We apply the strongest applicable standard globally.
Your Right | What it means | How to exercise it |
Access | Receive a copy of the personal data we hold about you, in a portable format | Settings → Privacy → Download My Data; or email privacy@flowandglow.app |
Rectification | Correct inaccurate or incomplete data | Edit in-app, or email us |
Deletion | Delete your account and all personal data within 30 days (US) / 45 days (MHMDA) | Settings → Account → Delete Account; or email us |
Restrict Processing | Ask us to pause processing while a complaint is resolved | Email privacy@flowandglow.app |
Object | Object to processing based on legitimate interests or for direct marketing | Settings → Privacy → Preferences; or email us |
Data Portability | Receive your data in machine-readable format (JSON/CSV) to transfer to another service | Settings → Privacy → Export Data |
Withdraw Consent | Withdraw consent for any processing where consent is the legal basis, including research and marketing | Settings → Privacy → Consent Preferences |
Opt-Out of Sale (CCPA) | We do not sell or share your data, but you may submit an opt-out request to be formally recorded | Settings → Privacy → Do Not Sell or Share My Info |
Limit Sensitive PI (CCPA/CPRA) | Restrict use of Sensitive Personal Information to core service delivery only | Settings → Privacy → Limit Sensitive Data Use |
Non-Discrimination | You will not receive degraded service for exercising any privacy right | Automatic. No action needed |
Appeal | Appeal our decision on a rights request | Email dpo@flowandglow.app within 45 days of our response |
We will respond to all rights requests within 30 days (GDPR / CCPA / Nevada) or 45 days (MHMDA). If we need more time, we will notify you and explain why. We do not charge a fee for rights requests, unless requests are manifestly unfounded or excessive.
To verify your identity when you submit a request, we will ask you to confirm your email address and, for deletion requests, may ask you to re-authenticate in-app. We will never ask for more information than is necessary to process your request.
SECTION 12
12. Children's Privacy
Flow & Glow is not directed to children under the age of 13 in the United States, and we do not knowingly collect personal data from children under 13. In the European Economic Area and United Kingdom, we require users to be at least 16 years old or to have verifiable parental consent if they are between 13 and 15.
If you are a parent or guardian and believe your child has created a Flow & Glow account or provided us with personal data without your consent, please contact us immediately at privacy@flowandglow.app. We will investigate and, where confirmed, delete the child's data within 14 days.
Our app does not display advertising and does not share data with advertising networks. This provides an additional layer of protection for young users beyond what COPPA requires.
SECTION 13
13. Law Enforcement & Government Data Requests
We take government and law-enforcement data requests extremely seriously, especially given the nature of the reproductive health data our users trust us to protect.
Our Commitments
We will not voluntarily cooperate with government requests: We will never proactively share your data with law enforcement, government agencies, or any authority. Any request must be accompanied by a valid legal order.
We will challenge overbroad or unlawful demands: If we receive a subpoena, warrant, court order, or other legal process requesting your personal data, we will scrutinise it carefully. Where we believe a demand is overbroad, legally deficient, or seeks data for purposes that could harm our users, we will challenge it loudly and publicly, including through the courts if necessary.
We will notify you where lawful: Unless prohibited by law or court order from doing so, we will notify you before complying with a legal process targeting your data, so that you have the opportunity to seek independent legal advice.
Architectural protection: Because we architecturally separate your identity from your health data (see Section 15), responding to a request identifying you by email may not yield your health data. We may be technically unable to produce a link even if legally compelled.
Transparency: We will publish an annual Transparency Report disclosing the number and type of government requests received, how many were challenged, and how many resulted in disclosure. Published at flowandglow.app/transparency.
No voluntary cooperation, ever: This policy does not contain and will never contain a clause stating that we may cooperate voluntarily whether or not legally required. If you see such language in any version of this policy, it is an error and should be reported to dpo@flowandglow.app immediately.
SECTION 14
14. Third-Party Links & Integrations
The Flow & Glow app and website may contain links to or integrations with third-party services, including:
Apple HealthKit & Google Health Connect: When you grant permission, these platforms share selected health data categories with Flow & Glow. We are bound by Apple's and Google's developer policies, which prohibit use of HealthKit/Health Connect data for advertising. We will never violate these terms.
Content links: Blogs and educational content may link to external websites. We are not responsible for the privacy practices of those sites.
We encourage you to review the privacy policies of any third-party service you connect to Flow & Glow. Connecting a third-party integration is always optional and can be revoked at any time in Settings → Integrations.
SECTION 15
15. Anonymous & Pseudonymous Mode
We believe that reproductive health tracking should be available without compromising your identity. Flow & Glow is designed with a privacy-by-architecture approach.
How It Works
Your account identity information (email address, login credentials, push notification token) is held by our authentication provider and is associated only with a randomly generated, non-identifying account ID. Your health data, including every period log, symptom, note, and prediction, is stored against that random account ID only. Flow & Glow itself does not maintain an internal table that links your email to your health records.
This means: if a law-enforcement agency served us with a subpoena naming your email address, we would be technically unable to retrieve your health data in response. To reconstruct the link would require simultaneous access to our authentication provider and our health data store, both protected by independent legal processes.
Anonymous Mode
Flow & Glow already operates in anonymous mode by default. We do not store your identity alongside your health data. There is no internal mapping between your name or email and your cycle records. Your data exists on our systems as anonymous records associated only with a random account ID. You can use Flow & Glow without providing your name, and email is optional. This is not a future feature. It is how the app works today.
Your identity is never stored with your health data. Flow & Glow does not maintain any table or record that links your email address to your health logs. This is our default architecture, not an opt-in feature. |
SECTION 16
16. AI & Algorithmic Predictions
Flow & Glow uses a machine-learning cycle-prediction model to provide you with period forecasts, fertile window predictions, and phase-based wellness guidance. We want you to understand how this works.
What the model does: The model uses your historical cycle data (period dates, length, symptoms) to generate personalised predictions. It weights your recent cycles more heavily than older ones, and it communicates its confidence level alongside each prediction.
What the model does not do: It does not provide medical diagnoses. It does not make any decision with legal or similarly significant effect. Its predictions are informational tools. They are not a substitute for medical advice. We comply with GDPR Article 22. No automated decision-making of legal significance without human review.
Data used for training: The global model was trained on anonymised, aggregated, opt-in data from a consenting research cohort. Your personal data is used only to personalise your own predictions. It is not used to retrain the global model unless you separately opt in to the research programme.
Accuracy and limitations: Cycle prediction models are probabilistic. Individual cycles vary. Predictions become more accurate over time as the model learns your personal patterns. Do not rely on cycle predictions as a method of contraception.
Medical Disclaimer: Flow & Glow is a wellness application, not a medical device. It does not diagnose, treat, cure, or prevent any medical condition. Consult a qualified healthcare provider for medical advice. |
SECTION 17
17. Changes to This Policy
We review this Privacy Policy at least every six months and update it when our practices change or applicable law requires. When we make material changes that affect your rights or how we use your health data, we will:
Post the updated policy on flowandglow.app/privacy with an updated Effective Date
Send you an email notification to the address associated with your account at least 14 days before the change takes effect
Display a prominent in-app notice for at least 30 days after a material change goes live
Maintain a version history at flowandglow.app/privacy/changelog so you can review what changed
For material changes to how we process your health data, we will ask for your fresh consent where required by law before applying the change to your data. If you do not consent, you may continue to use the Service under the prior terms, or you may delete your account.
SECTION 18
18. Contact & Complaints
Privacy Enquiries & Rights Requests
Email: privacy@flowandglow.app DPO: dpo@flowandglow.app Postal address: 63 Linthaugh Road, Glasgow, Scotland, G53 5TS, United Kingdom We aim to respond to all enquiries within 30 days. For complex MHMDA requests, we may use the additional 45-day period permitted by law. |
EU Supervisory Authorities
If you are located in the EEA and believe we have violated your GDPR rights, you have the right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available at: edpb.europa.eu/about-edpb/board/members_en. We encourage you to contact us first, as we can often resolve issues more quickly than a formal regulatory process.
🇬🇧 UK Information Commissioner's Office: Contact the ICO at ico.org.uk or call 0303 123 1113.
🇺🇸 Washington State Attorney General: Washington State residents may contact the WA Attorney General regarding MHMDA rights at ag.wa.gov
🇺🇸 California Privacy Protection Agency: California residents may contact the CPPA regarding CCPA/CPRA rights at cppa.ca.gov
Your body is yours. Your data is yours.
We are honoured that you trust us with it.