Privacy Policy

Last updated: April 7, 2026

At Perimosa, your privacy is fundamental to everything we build. This policy explains what data we collect, how we use it, and the control you have over it. We wrote this to be clear and straightforward, not buried in legal jargon.

The short version: We collect only what we need to make the app work for you. We never sell your data. You can export or delete everything at any time.

1. Information We Collect

Account Information

When you create a Perimosa account, we collect your name and email address. If you sign in with Apple, we receive only the information you choose to share (which may include a private relay email address).

Health and Wellness Data

The core of Perimosa is daily tracking. When you use the app, you may log the following:

  • Mood, energy, sleep quality, and stress levels
  • Symptoms (hot flashes, brain fog, night sweats, joint pain, and 30+ others)
  • Period and cycle tracking data
  • Medications and supplements
  • Free-text notes you add to your entries

This data is provided entirely by you. We do not infer or generate health data about you beyond what you explicitly log.

Apple HealthKit Data

If you grant permission, Perimosa can read and write data from Apple HealthKit, including menstrual cycle data, sleep analysis, and activity metrics. In accordance with Apple's requirements:

  • HealthKit data is used solely to enhance your tracking experience within Perimosa
  • We do not sell HealthKit data to third parties, including advertising platforms or data brokers
  • HealthKit data is not used for advertising or marketing purposes
  • HealthKit data is not shared with third parties without your explicit consent
  • We do not use HealthKit data to build user profiles for purposes unrelated to your health tracking

Usage Analytics

We collect basic, anonymized usage analytics to understand how the app is used and where we can improve. This includes which features you use, session duration, and crash reports. We do not track individual behavior or build advertising profiles.

2. How We Use Your Data

We use your data for these purposes:

  • Tracking and insights: To display your logged data, detect patterns, and generate your personal timeline
  • AI-powered insights: To provide personalized observations based on your tracking history (see Section 4 for how this works)
  • Syncing: To keep your data consistent across your devices via Apple CloudKit
  • Notifications: To send you check-in reminders and insight alerts, if you opt in
  • App improvement: To fix bugs, improve performance, and develop new features based on anonymized usage patterns

We do not use your data for advertising. We do not sell your data. Ever.

3. How We Store and Protect Your Data

On Your Device

Your health data is encrypted on your device using AES-GCM encryption. Encryption keys are stored in the iOS Keychain, which is protected by your device passcode and the Secure Enclave.

In the Cloud

If you use sync, your data is stored in Apple CloudKit (your private iCloud database) and our backend servers. Data transmitted between your device and our servers is encrypted in transit using TLS. Our backend database stores your data with access controls and encryption at rest.

Security Measures

  • AES-GCM encryption for local health data storage
  • iOS Keychain for encryption key management
  • Certificate pinning for API communications
  • TLS encryption for all data in transit
  • JWT-based authentication with bcrypt password hashing
  • Rate limiting to prevent abuse

4. AI Insights and Third-Party Processing

Perimosa uses OpenAI to generate personalized insights based on your tracking data. When insights are generated:

  • Your data is anonymized before being sent to OpenAI — no name, email, or account identifiers are included
  • Only the tracking data relevant to generating the insight is shared (e.g., recent mood and symptom patterns)
  • OpenAI does not use your data to train their models (per our data processing agreement)
  • You can use Perimosa without AI insights if you prefer

5. Third-Party Services

We work with a limited number of third-party services:

  • Apple (Sign in with Apple, CloudKit, HealthKit, APNs): For authentication, cloud sync, health data integration, and push notifications. Governed by Apple's privacy policy.
  • OpenAI: For generating AI-powered insights from anonymized data. Governed by our data processing agreement with OpenAI. OpenAI does not retain or train on data sent through the API.
  • Deepgram: Used for the “Read aloud” voice synthesis and optional voice-to-text on the Perimosa AI chat. Audio is streamed in real-time and is not retained by Deepgram per their API terms.
  • Resend: Used to deliver transactional emails (welcome, password reset, security alerts). Receives only your email address and the message content sent to you — never your tracking data.
  • Sentry: Used for crash and error reporting in the iOS app. Receives only stack traces and device metadata (model, iOS version). User identifiers, health data, and entry content are explicitly stripped before any event is sent. Disabled by default; enabled per release at the publisher's discretion.

We do not use third-party advertising SDKs, social media trackers, or data brokers.

6. Your Rights and Choices

Data Export

You can export all of your Perimosa data at any time from within the app. Your export includes all check-ins, symptoms, notes, and tracked data in a portable format.

Data Deletion

You can delete your account and all associated data at any time from the app settings. When you delete your account:

  • All data on our servers is permanently deleted within 30 days
  • CloudKit data is removed from your iCloud account
  • Local data on your device is erased
  • This action is irreversible

Notification Preferences

You control which notifications you receive. You can adjust or disable all notifications in the app settings or through your device's notification settings.

HealthKit Permissions

HealthKit access is entirely optional. You can grant or revoke HealthKit permissions at any time through your device's Settings > Privacy > Health.

7. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Port your data to another service
  • Restrict or object to certain processing
  • Withdraw consent at any time

Our legal basis for processing your data is your explicit consent (which you provide when creating an account and using the app) and our legitimate interest in providing and improving the service.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. CCPA Compliance (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data, so there is nothing to opt out of)
  • Non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at [email protected].

9. Children's Privacy

Perimosa is designed for adults. We do not knowingly collect data from anyone under the age of 18. If we learn that we have collected data from a minor, we will delete it promptly.

10. Data Retention

We retain your data for as long as your account is active. If you delete your account, all data is permanently removed within 30 days. Anonymized, aggregated analytics data (which cannot be linked back to you) may be retained for product improvement purposes.

11. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app or by email. The “last updated” date at the top of this page reflects the most recent revision.

12. Contact Us

If you have questions about this privacy policy or how your data is handled, reach out to us:

We take every privacy inquiry seriously and will respond as quickly as possible.