Home
Features
Sign In

Privacy Policy

Last updated: 12/9/2025

1. Introduction

FemHealth ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and services.

2. Information We Collect

We collect the following types of information to provide and improve our services:

2.1 Account Information

  • Email address (required for account creation)
  • Display name (optional)
  • Profile photo (optional)
  • Date of birth and age
  • Gender
  • Phone number (optional)

2.2 Health Tracking Data

We collect comprehensive health data based on your selected tracking type. Important: All health data is encrypted before it leaves your device, and we cannot see or decrypt the contents of your health entries due to our zero-knowledge encryption architecture.

  • Cycle Tracking: Period dates, flow levels, symptoms, mood, pain levels, basal body temperature, LH test results, cervical mucus, energy levels, hydration, sleep quality, medications, and supplements (all encrypted - we cannot view contents)
  • Pregnancy Tracking: Weight, blood pressure, fetal heart rate, kick counts, prenatal visits, ultrasound data, lab results, pregnancy symptoms, nutrition, and exercise (all encrypted - we cannot view contents)
  • Postpartum Tracking: Recovery metrics, pain levels, lochia, breastfeeding data, sleep patterns, mental health indicators, and baby development (all encrypted - we cannot view contents)
  • Toddler Tracking: Sleep patterns, feeding data, growth metrics, milestones, vaccinations, development progress, and health observations (all encrypted - we cannot view contents)

Note: While we know that health entries exist in our database, we cannot read their contents because they are encrypted with keys that only you possess. We can only see metadata such as entry dates and types, but not the actual health data within each entry.

2.3 Onboarding Data

  • Medical history and conditions
  • Current medications and supplements
  • Lifestyle factors and preferences
  • Health goals and tracking preferences

2.4 AI Chat Data

  • Chat conversation history (stored locally and encrypted)
  • AI-generated health insights and recommendations
  • Usage statistics (chat frequency, topics discussed)

2.5 Subscription and Payment Information

  • Subscription tier (Free, Premium)
  • Payment method information (processed securely by third-party payment processors)
  • Billing history and transaction records

2.6 Device and Usage Information

  • Device type, operating system, and app version
  • App usage patterns and feature interactions
  • Performance data and error logs (for app improvement)
  • IP address (for security and fraud prevention)

3. How We Use Your Information

We use your information to provide, maintain, and improve our services:

3.1 Core Service Features

  • Personalized health tracking and analytics
  • Fertility window calculations and cycle predictions
  • Pregnancy milestone tracking and week-by-week guidance
  • Postpartum recovery monitoring and health insights
  • Toddler development tracking and milestone alerts
  • AI-powered health chat and personalized recommendations
  • Health report generation (PDF exports)

3.2 AI Processing

  • On-Device AI (Optional): You can choose to use an on-device AI model (Gemma 3 1B) that runs entirely on your device. The model is not bundled with the app - it is downloaded only if you choose to use on-device AI. This means your health data never leaves your device for AI processing, ensuring maximum privacy.
  • Remote AI (Optional): You can also choose to use remote AI services for enhanced capabilities. When using remote AI, all personal information is stripped and anonymized before any data leaves your device. We remove all personally identifiable information (PII) including names, exact dates, locations, and other identifying details. Only anonymized, aggregated health context is sent to remote AI services.
  • AI Chat: Free users receive 3 AI chats per day; Premium users have unlimited access.
  • Medical Disclaimers: All AI responses include medical disclaimers stating that the information is not a substitute for professional medical advice.
  • Health Insights: AI-generated insights based on your health data patterns and trends.

3.3 Service Improvement

  • Analyze usage patterns to improve app features and user experience
  • Identify and fix technical issues and bugs
  • Develop new features based on user needs
  • Conduct anonymized analytics for service optimization

3.4 Communication

  • Send important service updates and notifications
  • Respond to your inquiries and support requests
  • Send subscription-related communications
  • Provide health reminders and alerts (with your consent)

3.5 Legal and Security

  • Comply with applicable laws and regulations
  • Prevent fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Protect the rights and safety of our users

4. Data Security and Protection

We implement industry-standard security measures to protect your sensitive health data:

Critical Security Guarantee: Your health data is never transmitted or stored in unencrypted form. All health data is encrypted using AES-256 encryption before leaving your device, and remains encrypted at all times during transmission and storage.

Zero-Knowledge Architecture: We cannot see or decrypt your health data. Encryption keys are derived from your unique Firebase UID and stored only on your device. Only you can decrypt your health data - we have no access to your encryption keys and therefore cannot read your health information.

4.1 User-Controlled Encryption

  • User-Controlled Keys: Your encryption keys are derived from your unique Firebase UID and stored only on your device. We do not have access to your encryption keys, which means we cannot decrypt or view your health data.
  • AES-256 Encryption: All health data is encrypted using AES-256 encryption before it leaves your device. Health data is never transmitted or stored in unencrypted form.
  • Zero-Knowledge Architecture: We implement a zero-knowledge encryption system where the server never sees plain text health data. Even if we wanted to access your health data, we cannot because we don't have your encryption keys.
  • Encrypted Local Storage: Health data stored locally uses Flutter Secure Storage with platform-specific encryption (Android Keystore, iOS Keychain). Encryption keys are stored securely on your device only.
  • Encrypted Database: Remote database storage uses encryption at rest. All health data stored on our servers remains encrypted and unreadable to us. We can only see that encrypted data exists, but not its contents.
  • Secure Transmission: All data transmitted between your device and our servers uses HTTPS/TLS encryption. Additionally, health data is encrypted with AES-256 before transmission, providing double-layer encryption protection.
  • End-to-End Encryption: Health data is encrypted on your device using keys only you possess, and remains encrypted throughout its entire lifecycle - during transmission, at rest on our servers, and when accessed. Only you can decrypt your data.

4.2 AI Model Options

  • On-Device AI Model: The Gemma 3 1B model is not bundled with the app. It is downloaded from our secure cloud storage only if you choose to use on-device AI. This saves app storage space (~500MB-1GB) for users who prefer remote AI. The model runs entirely on your device - your health data never leaves your device for AI processing.
  • Remote AI Processing: If you choose remote AI, all personal information is stripped and anonymized before transmission. We remove names, exact dates, locations, and all PII. Only anonymized health context is sent to remote AI services. Personalization is removed to protect your privacy.
  • User Choice: You can switch between on-device and remote AI at any time through app settings.
  • No Data Transmission (On-Device): When using on-device AI, health data used for AI processing never leaves your device.

4.3 Access Controls

  • Authentication required for all account access
  • Role-based access controls for our team members
  • Regular security audits and access reviews
  • Multi-factor authentication support

4.4 Data Storage

  • Secure cloud infrastructure with industry-standard security
  • Regular backups with encrypted storage
  • Data redundancy to prevent data loss
  • Compliance with applicable data protection regulations

5. Third-Party Services and Data Sharing

We use trusted third-party services to provide our app functionality:

5.1 Service Providers

  • Firebase Authentication: For secure user authentication and account management
  • Google Sign-In: Optional authentication method (if you choose to sign in with Google)
  • Paystack: Payment processing for users in Africa (Ghana and other African countries)
  • Stripe: Payment processing for global users
  • Cloud Infrastructure: Secure cloud hosting for our backend services

5.2 Our Commitment

  • We never sell your data to third parties for advertising or marketing purposes
  • No health-based advertising: We do not use your health information for advertising
  • Limited sharing: We only share data with service providers necessary to deliver our services, and only under strict confidentiality agreements
  • Anonymized analytics: We may use anonymized, aggregated data for service improvement
  • Legal requirements: We may disclose information when required by law or to protect our rights

5.3 Payment Processors

Payment information is processed securely by our payment providers (Paystack or Stripe). We do not store your full payment card details. Payment processors handle all payment data according to their own privacy policies and PCI-DSS compliance standards.

6. Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of all your personal and health data stored in our systems
  • Correction: Update or correct any inaccurate or incomplete information
  • Deletion: Request deletion of your account and all associated data
  • Data Export: Export your health data in standard formats (PDF reports, JSON)
  • Consent Withdrawal: Withdraw consent for data processing at any time
  • Objection: Object to certain types of data processing
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at [email protected] or through the app settings.

7. Data Retention

We retain your data only as long as necessary to provide our services:

  • Active accounts: Data is retained while your account is active and in use
  • Inactive accounts: Data may be deleted after 2 years of account inactivity
  • Account deletion: Upon account deletion request, data is permanently deleted within 30 days. This includes all health entries, onboarding data, AI chat history, and preferences. Some data may be retained longer if required by law (such as billing records for tax compliance).
  • Subscription data: Billing and transaction records are retained as required for financial and tax compliance
  • Legal requirements: Some data may be retained longer if required by applicable laws

8. Children's Privacy

FemHealth is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Last updated" date. Your continued use of the app after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: