TideCycle
Privacy Policy
Effective 20 June 2026 · Last updated 20 June 2026
The short version
TideCycle is a period and cycle tracker that keeps all of your data on your own device. We do not have an account system, we do not run a server that stores your data, and the app does not send your health information to us or to anyone else.
- We collect nothing. There are no accounts, no analytics, no advertising, and no third-party trackers.
- Your data never leaves your phone unless you choose to export an encrypted backup file, which only you can decrypt.
- Your data is encrypted on the device and can be locked behind a PIN or your fingerprint/face.
- Because everything is on your device, if you lose your phone and have no backup, your data is gone — even we cannot recover it. That is the honest cost of real privacy.
The rest of this policy explains the details.
1. Who we are
TideCycle (“the app”, “we”, “us”) is developed by the TideCycle team.
If you have any questions about this policy or your privacy, contact us at [email protected].
This policy applies to the TideCycle mobile application distributed through the Google Play Store and any other store where we publish it.
2. What information the app handles
TideCycle lets you record personal health information, including:
- Cycle data — period start/end dates and flow intensity.
- Symptoms and spotting — from a built-in list and any custom symptoms you add.
- Basal body temperature (BBT) — optional daily readings.
- Notes — free-text notes you attach to a day.
- Predictions and insights — next-period, fertile-window, and ovulation estimates, plus trends, all calculated on your device from your own history.
You decide what, if anything, to enter. None of it is required to be real, and the app works fully with as much or as little as you choose to log.
The app does not collect or process: your name, email, phone number, contacts, location, advertising identifiers, device fingerprints, or any other personal identifiers. It does not ask for them and has nowhere to send them.
3. Where your information is stored
All of the data described above is stored only on your device, inside an encrypted database (SQLCipher / AES-256). Your health data is never written to your device in unencrypted form, and it is never written to logs, the clipboard, or shared storage.
The key that decrypts your database is held in your device's operating-system secure key store (Android Keystore, hardware-backed where your device supports it). You can require a PIN or biometric (fingerprint/face) unlock before the app will open the database.
4. What leaves your device
By default, nothing. TideCycle does not send your health data anywhere. There is no TideCycle server that receives your data, because there is no account and no cloud service in this version of the app.
The only way your data leaves the device is if you deliberately use the Backup / Export feature:
- You choose a passphrase. The app encrypts your data into a single backup file using that passphrase (scrypt key derivation + XChaCha20-Poly1305 authenticated encryption).
- You choose where the file goes — for example saving it to your device, or sharing it to a location you control.
- We never receive this file or your passphrase. The backup is encrypted before it leaves the app, so anyone who obtains the file (including any cloud service you save it to) cannot read it without your passphrase.
If you later save that backup file to a third-party service (such as a cloud drive or email), that service's own privacy policy and security then apply to the stored file. The file remains encrypted, but where you put it is your choice.
5. We do not use analytics, ads, or trackers
TideCycle contains:
- No third-party analytics (no Google Analytics, Firebase Analytics, or similar).
- No advertising SDKs and no ads.
- No social-media SDKs or third-party trackers.
- No crash-reporting that transmits data off the device.
We make money, if at all, from the app itself — never by collecting or selling your data. We have no business model that depends on your information.
6. Permissions the app uses
| Permission | Why the app uses it |
|---|---|
| Biometric / fingerprint | So you can optionally unlock the app with your fingerprint or face instead of a PIN. The biometric check is performed by your device's operating system; the app never sees your fingerprint or face data. |
| Vibrate | Small haptic feedback during interactions. |
| Access to storage / file picker | Only when you export or import a backup file, to let you choose where the file is saved or read from. The app does not browse or read your files otherwise. |
The app does not request access to your contacts, camera, microphone, location, SMS, or call logs.
Note on network access: TideCycle does not connect to any TideCycle
server and does not transmit your health data. The production build does not
request the Android INTERNET permission, so the app is technically incapable
of sending your data anywhere.
7. Keeping your data, and deleting it
- You are in control of retention. Your data stays on your device until you delete it.
- Delete individual entries at any time from the calendar / day view.
- Delete everything by uninstalling the app, which removes the encrypted database and the encryption key from your device. Restoring from a backup is then only possible if you previously made one.
- Because we never receive your data, there is no server-side copy for you to request, correct, or delete — there is nothing on our side to act on. This is by design.
8. Children's privacy
TideCycle is not directed to children under the age required by your local law to consent to processing of personal data (for example, under 13 in the United States). Because the app stores data only locally and collects nothing, we do not knowingly collect personal information from anyone, including children.
9. Legal requests and law enforcement
Because TideCycle has no account system and no server that holds your data, we do not possess your health information and therefore have nothing to disclose in response to a subpoena, warrant, or other legal demand directed at us. Your data exists only on your device (and in any backup file you created and control).
This is a deliberate design choice, especially relevant for sensitive reproductive-health data.
10. Security
- Health data is encrypted at rest with SQLCipher (AES-256).
- The database key is stored in the OS secure key store, optionally gated by a PIN or biometric app lock with attempt rate-limiting.
- The app obscures its contents in the app switcher and can lock when sent to the background.
- Backups are protected with a passphrase-derived key and authenticated encryption, so a stolen backup is useless without your passphrase.
No security is absolute. In particular, we cannot protect data on a device that is compromised by malware while the app is unlocked, and we cannot recover your data if you lose both your device and your backup passphrase. We describe honestly, in our threat model, what the app does and does not defend against.
11. Changes to this policy
If we change how the app handles data, we will update this policy, change the “Last updated” date above, and publish the new version at the same URL. For material changes (for example, if optional cloud sync is ever introduced), we will surface the change in the app before the new behavior takes effect. Any future sync feature is designed to be opt-in and end-to-end encrypted, and this policy will be updated to describe it before it ships.
12. Contact
Questions, concerns, or privacy requests: [email protected].