Privacy

Your data has never left your phone.

Not once. Not ever. Built so we are structurally incapable of accessing your health data. This is what that means.

Last updated: June 2026

mylune is the only period tracking app where your health data is architecturally prevented from leaving your device.

The Core Promise

mylune is built on a single architectural constraint: your health data never touches a server. This is not a policy choice that could be reversed in an update or overridden by a court order. The app has no server to send data to. There is no database that holds your cycle history, no API that receives your symptoms, and no account linked to your body.

This means that when we say "we don't have your health data," it is not a reassurance - it is a technical fact. We designed the system so that we are structurally incapable of seeing, selling, or sharing your health information. Not now, not ever.

When you log a period, note a symptom, or write a private journal entry, that information is written only to your device's encrypted local storage. It stays there. The network is never involved.

This promise applies to all health data entered in the app. The mylune website separately collects email addresses for the waitlist - that is governed by the Third-Party Services section below.

What We Collect

mylune collects the absolute minimum required to operate.

From the app: nothing. mylune contains no analytics SDK and no crash-reporting SDK. It does not collect your name, email, phone number, date of birth, location, device identifiers, usage events, crash telemetry, or any health data. Health data collection is architecturally impossible, because the app makes no outbound requests with health content.

From the website: if you join our waitlist, we collect your email address for one purpose only, to notify you when the app is available. It is stored separately (see Third-Party Services), and because the app sends us nothing, it is never connected to any in-app data.

What We Never Collect

The following data never leaves your device under any circumstances:

Cycle dates, period start and end dates, cycle length history
Symptoms of any kind, including pain, flow, discharge, or headaches
Mood logs, energy levels, sleep records, nutrition entries
Private notes and journal entries
Intimacy or sexual activity logs
Medications, supplements, or health conditions
Cycle predictions and fertility window estimates
Any biometric or wearable data

This list is not exhaustive. As a rule: if you entered it in the mylune app, it did not leave your phone.

How Your Data Is Stored

All health data in mylune is encrypted at rest on your device. On iOS, app data is protected using the iOS Data Protection framework, which ties encryption to your device passcode and Secure Enclave. Sensitive items such as your app lock PIN are stored in the iOS Keychain.

On Android, app data is protected by Android's full-disk or file-based encryption. Sensitive credentials use the Android Keystore system, which provides hardware-backed key storage on supported devices.

The encryption keys never leave your device. mylune has no mechanism to recover your data if you lose your device or delete the app - because we never held a copy.

Legal Protection

Because mylune stores no data on any server, there is nothing to subpoena. Courts cannot compel us to hand over data that does not exist on our infrastructure.

mylune also offers Legal Protection Mode for users who want additional safeguards. When enabled, the app uses clinical terminology in all stored records and applies conservative auto-deletion defaults. This feature is designed for women in jurisdictions where reproductive health data carries legal risk.

mylune is compliant with India's Digital Personal Data Protection Act 2023 by architecture. No personal health data is collected, stored, or processed on any server. There is nothing to regulate, transfer, or breach beyond your own device.

Data Deletion

You can delete all of your mylune data at any time from Settings. When you do, the app performs a complete wipe of all locally stored health data. The result is indistinguishable from a fresh installation.

Because we never received your health data, there is nothing for us to delete on our end. Your right to erasure under GDPR, CCPA, or the DPDP Act 2023 is satisfied trivially: we have no copy to erase.

If you delete the mylune app without first using "Delete All Data," your data remains in your device's encrypted storage until the operating system reclaims it. On both iOS and Android, app data is deleted when the app is uninstalled.

Third-Party Services

mylune uses no third-party analytics SDKs. There is no Google Analytics, no Mixpanel, no Amplitude, and no Firebase Analytics in the app. We made this choice deliberately. Analytics SDKs are a primary vector for unintended data exposure, and we will not accept that risk.

The mylune website uses Resend for transactional email (waitlist confirmations and contact form routing). Resend receives only the email address you provide on the website. It never receives health data, cycle information, or any data collected within the app. Waitlist email addresses are retained until you unsubscribe or request deletion, and no longer than 24 months after the app's public launch.

We do not use any advertising networks. We never will.

Cookies

The mylune website does not use tracking cookies, advertising cookies, or analytics cookies.

The site may use technically necessary cookies set by the hosting infrastructure (Vercel) solely to serve pages correctly. These cookies do not identify you personally, are not used for tracking or advertising, and are deleted when you close your browser.

You can disable cookies in your browser settings at any time. Disabling technically necessary cookies may affect how the website loads, but will not affect the mylune app in any way.

Your Rights

mylune is built for users everywhere, including those in jurisdictions with the strongest privacy protections.

Under GDPR (EU/UK): You have the right to access, rectify, erase, restrict, and port your data. Because your health data never reaches us, the rights to access, erasure, and portability are satisfied by your device. If you have questions about the only data we hold, your waitlist email if you joined one, contact privacy@mylune.com.

Under CCPA (California): You have the right to know what personal information is collected, to delete it, and to opt out of its sale. We do not sell personal information. We do not share it for cross-context behavioral advertising.

Under the DPDP Act 2023 (India): You have the right to access information about your personal data, to correct inaccuracies, and to erase your data. The same principles apply. Your health data is on your device; your limited website data can be deleted on request.

For any privacy-related request, contact privacy@mylune.com. We will respond within 30 days.

Contact

If you have questions about this Privacy Policy, contact us at privacy@mylune.com.

mylune is a product of Byteren Inc.

Common questions

Does mylune upload my health data?+

No. mylune stores all health data on your device only. The app makes no network requests carrying health content. Nothing is uploaded to any server, ever.

Can police or courts get my mylune data?+

No. Because mylune stores nothing on any server, there is nothing to subpoena. Courts cannot compel us to produce data we do not have. Your data is on your phone, protected by device encryption.

Does mylune use Google Analytics or Firebase?+

No. mylune contains no analytics SDK of any kind - no Firebase Analytics, no Google Analytics, no Facebook SDK, no Mixpanel. We removed these entirely to eliminate the risk of unintended data exposure.

Does mylune require an account?+

No. mylune requires no account, no email address, and no sign-in. You download the app and start tracking immediately. There is no identity linked to your health data.

Is mylune safe to use in US states with abortion restrictions?+

Yes. Because mylune stores nothing on a server, there is nothing a court can subpoena from us. This is architecture, not policy. You can also enable Legal Protection Mode for additional safeguards.

Is mylune compliant with India DPDP Act 2023?+

Yes, by architecture. No personal health data is collected, stored, or processed on any server. There is nothing to regulate under DPDP because there is nothing beyond your own device.

What happens to my data if I lose my phone?+

If you have not exported your data and you lose your phone, that data is not recoverable - because we never held a copy. You can export a full backup from Settings at any time.

How do I delete my mylune data?+

Go to Settings and tap "Delete All Data." The app performs a complete wipe of all locally stored health data. Because we never received your data, there is nothing to delete on our end.

See all 30 questions →