In today’s digital world, we understand there’s a lot of questions around how your data is used and protected. At Natural Cycles, we take data protection seriously – we realize the trust you put into us to keep your sensitive data safe, and since many of us who work here use the app ourselves, we truly do treat your data as if it’s our own.
You can read our full Privacy Policy here or in the app but we have also answered some commonly asked questions around data privacy below.
Do you sell my data to third parties?
No. We have never – and never will – sell our users’ data. That's one of the reasons why you pay your subscription fee; so we don't need to make money elsewhere.
Who owns the sensitive data that I put into the app?
All data you provide to us is owned by you, even when you provide your consent for us to store or use the data. In accordance with GDPR, you may ask us to delete your data at any time or export it for you in a readable, usable format.
Should I be concerned about my data being shared with government agencies?
At Natural Cycles, we will always do everything in our power to make sure that our users’ data is safe with us, no matter the circumstances. We remain focused on being a company committed to doing the right thing for our users. As U.S. users face potential legislation changes, we will be evolving our privacy policy to make sure all of our users – regardless of where they are located – are protected against to-date unimaginable potential legal situations.
What types of data do you collect through the app and why?
Natural Cycles may process the following personal data about you — this is collectively referred to as “Personal Data”:
We also collect information such as the temperature measurements you input each day and information you provide about the days you have had unprotected sex. This is a special category of Personal Data, which needs special protection. We call this Sensitive Data, and for us to store and process this information, we must have explicit consent. We need Sensitive Data to provide you with the service you signed up for – i.e. to help you prevent or plan a pregnancy.
Another way that we use this data is to help us monitor the effectiveness of our product as a method of contraception. To do this, we anonymize the Sensitive Data from all our users, combine it into one large data pool and review it monthly to check that our effectiveness rate remains constant; this is a requirement of the notified body that granted our certification for contraception.
What types of data do you need explicit consent to collect?
For us to store and process any data relating to health and sexual life (i.e. Sensitive Data), it is mandatory that we have explicit consent from you.
Your consent is our legal basis for processing these Sensitive Data (special categories of Personal Data), as stated in Article 9 of the GDPR.
For all other personal data, like name, age, and contact information, you agree to us storing and processing them by signing up and creating a user account, so we do not need your explicit consent for processing these.
‘Processing’ includes actions such as collect, store, structure, align, run the algorithm, or a combination of the mentioned.
If I do not give consent to Natural Cycles to store my sensitive data, will I still be able to use the app?
If you do not give consent for us to store and process your sensitive data, the app will not work.
For us to store and process any data relating to health and sexual life, we need to have explicit consent from you. We require this information to provide you with the service you signed up for – i.e. to help you prevent or plan a pregnancy.
Should you still wish to remove that consent, click the top menu > Settings > Consent and Permissions > untick ‘I consent to Natural Cycles’ use of sensitive personal data that I add to the app, such as health and intercourse data, to enable and provide the services’.
Where is the sensitive data stored?
Sensitive data provided by you is stored on our servers.
We choose to store sensitive data within the EEA (European Economic Area) as much as possible. However, data can be transferred outside of EEA; in those cases, we have agreements in place with the processors to ensure the highest security standards.
For how long do you store my sensitive data?
To ensure compliance with GDPR standards, we anonymise all sensitive data and delete all personal data that can identify a user 3 years after an individual stops using our service. However, a user may request the deletion of their account and anonymization of their data at any time.
Do you share my sensitive data with third parties?
If you’ve consented for us to use your health data for research in women’s reproductive health, this data will be shared with organizations such as universities, who help us to conduct scientific research.
We understand that the information you give to us is confidential. We take our responsibility to manage that information very seriously, take every precaution, and comply with advanced industry standards to protect its security. We have never – and never will – sell users’ data.
We are a regulated medical device that follows GDPR and we also have our own very heavy data security measures in place that include pseudonymization. For any activities that need real user data, such as clinical research and app development, we use pseudonymized copies of production data wherever possible and very few employees have access to the non-pseudonymized data (i.e. full data). In order to pseudonymize the data we use a method called k-anonymity, with a k of 10.
Somewhat simplified, that means we remove sufficient data to ensure that any data we keep could apply to at least 10 real people, thus eliminating even very sophisticated identity reversal techniques and cross-references with other data sources. That includes removing all direct identifiers like name, street address, email, IP address etc., but it also includes masking a part of postal codes, birthdays etc. that risk referring to less than 10 users.
All partners that we work with to process data undergo a rigorous assessment by us, which includes requirements related to data protection, cybersecurity and our medical device. We have Data Processor Agreements with all our data processing partners.
Protecting user’s information has always been a top priority for Natural Cycles and as that sensitive data becomes more sensitive, we’ll continue to make sure your data is safe with us.
What if I do not want Natural Cycles to use my data for research purposes?
You do not need to give your consent if you do not want to. If you do not give your consent, you will still be able to use the app, and your data will not be used for research purposes.
When you start using the app, you are asked if you consent for your data to be used for research in women’s reproductive health. To do this we use pseudonymized copies of production data wherever possible. This means that this data cannot be linked back to you as an individual. We anonymize information by either deleting all information that can be connected to you or encrypting it in such a way that it cannot be reversed.
By giving us your consent to use your data for research purposes, you are contributing to driving women’s health forward by making sure that the studies and research that are conducted are representative of people like you. For examples of how we conduct research in women’s reproductive health you can visit our research library here.
You can give or remove your consent at any time by going to the top menu > Settings > Consent and Permissions > tick/untick ‘Natural Cycles can use my health data for research in women’s reproductive health’.
How do you anonymize my data?
For any activities that need real user data, such as clinical research and app development, we use pseudonymized copies of production data wherever possible. This means that this data cannot be linked back to you as an individual. We anonymize information by either deleting all information that can be connected to you or encrypting it in such a way that it cannot be reversed.
We remove sufficient data to ensure that any data we keep could apply to at least 10 real people, thus eliminating even very sophisticated identity reversal techniques and cross-references with other data sources. That includes removing all direct identifiers like name, street address, email, IP address etc., but it also includes masking part of postal codes, birthdays etc.
Do you store my notes?
We store your notes and save them, otherwise, you would not be able to access them if you should get logged out or if you log on to the app from a new device. We only process anonymized data and we do not view individual notes, but only overall statistics (e.g. overall number of women that log #PMS).