Legal

Privacy Policy

Effective as of February 21, 2026 · Last updated: March 21, 2026

1. About Us & This Policy

Estroclic is a contraceptive pill tracking and reminder application operated by BeeDazl LLC, a Wyoming Limited Liability Company ("we," "us," or "our"). Our registered business address is in the State of Wyoming, United States.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Estroclic mobile application, visit our website at estroclic.com, or sign up for our waitlist (collectively, the "Service"). It also explains your rights and how to exercise them.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. Data We Collect & Why

Data You Provide Directly

• Account credentials: email address and password, collected to create and authenticate your account
• Pill type: whether you use a combined pill (21+7), progestin-only pill (28), or extended cycle pill (84+7), collected to calculate your correct cycle schedule
• Cycle start date & starting day: the date your current pack began and which pill day you are on, used to calculate your current position in the cycle
• Daily pill logs: the date and time you mark your pill as taken each day, stored in your pill history
• Pill brand: the name of your contraceptive pill brand, if you choose to enter it, used to display official medication information
• Reminder time: your chosen daily notification time, used to schedule your reminders
• Waitlist email: if you sign up on estroclic.com before downloading the app, we store your email to notify you at launch
• Support correspondence: any messages you send to our support email, retained to resolve your inquiry

Data Collected Automatically

• Device identifiers: device model, OS version, and push notification token, used to deliver reminders to your specific device
• Timezone: your device's current timezone, used to display the correct local time for reminders and to alert you when you travel to a different timezone. We do not use your IP address to infer location.

Data We Never Collect

3. Sensitive Health Data

Your pill type, cycle schedule, and pill-taking history constitute sensitive personal health data — classified as "special category" data under the EU General Data Protection Regulation (GDPR) and afforded the highest level of legal protection.

We process this data only with your explicit consent, obtained during onboarding when you enter your cycle details. You may withdraw this consent at any time by deleting your account. Withdrawal of consent will result in deletion of your health data and termination of your ability to use the core tracking features of the Service.

We never use your health data for advertising, profiling, insurance purposes, employer reporting, or any purpose other than operating the Estroclic Service for you personally.

4. Legal Bases for Processing

Where applicable law requires us to identify a legal basis for processing your personal data, we rely on the following:

• Explicit consent — for processing your sensitive health data (pill type, cycle data, pill history) and for sending marketing emails to waitlist subscribers
• Performance of a contract — for creating and maintaining your account, providing the core app functionality, and managing subscription payments
• Legitimate interests — for app security, fraud prevention, and protecting the integrity of the Service provided these do not override your fundamental rights
• Legal obligation — where we are required to process or retain data under applicable law (e.g., financial records for tax compliance)

5. How We Use Your Data

We use the data we collect exclusively for the following purposes:

• Creating, authenticating, and managing your Estroclic account
• Calculating your current pill day and cycle position from your entered start date
• Displaying your pill history, streak count, days left in cycle, and calendar view
• Sending daily pill reminders and intelligent backup notifications at your chosen time
• Processing Premium subscription payments via Google Play Billing
• Notifying waitlist subscribers when the app launches (with your consent)
• Responding to customer support requests
• Detecting and fixing bugs, improving performance, and developing new features
• Complying with legal obligations and protecting our legal rights

We do not use your data for behavioural advertising, third-party marketing, data brokerage, or AI model training.

6. Data Sharing & Third-Party Processors

We do not sell your personal data to anyone, ever.

We share your data only with the following trusted service providers, who act as data processors on our behalf under strict contractual obligations. They may only use your data for the specific purpose we instruct them:

• Supabase Inc. (USA) — database hosting, user authentication, and backend infrastructure. Your account credentials, pill history, and profile data are stored on Supabase's encrypted servers. Supabase is SOC 2 Type II certified. Supabase Privacy Policy
• RevenueCat Inc. (USA) — subscription management and entitlement verification. RevenueCat receives an anonymous app user ID (not your email or health data) to verify your subscription status. Payment data is processed directly by Google Play Billing. RevenueCat Privacy Policy
• Expo / Expo Push Notification Service (USA) — delivery of daily pill reminders to your device via push notifications. Only your device push token is shared. Expo Privacy Policy
• Vercel Inc. (USA) — hosting of the estroclic.com marketing website. Your IP address may be logged by Vercel as part of standard web server operation. Vercel Privacy Policy

We may also disclose your data if required to do so by law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of BeeDazl LLC, our users, or the public.

In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy. We will notify you before your data becomes subject to a materially different privacy policy.

7. Data We Do Not Collect or Sell

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Our specific retention periods are:

• Account data (email, password hash): retained until you delete your account
• Health data (pill type, cycle dates, pill history): retained until you delete your account or submit a data deletion request
• Waitlist emails: retained until you unsubscribe or request deletion
• Support correspondence: retained for 2 years from the date of resolution
• Payment records: retained for 7 years as required by US tax law (processed by Google Play Billing; we retain only transaction reference IDs)
• Anonymised analytics: retained indefinitely in aggregated, non-identifiable form
• Encrypted backup systems: residual copies of deleted data may remain in encrypted backups for up to 90 days before being permanently purged

9. Your Privacy Rights (All Users)

Regardless of your location, we extend the following rights to all Estroclic users:

To exercise any of these rights, email support@estroclic.com. We will respond within 30 days. Account deletion is also available directly in the app under Profile → Delete Account.

10. Additional Rights for EU / EEA / UK Users (GDPR & UK GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following additional rights under the GDPR and UK GDPR:

• Right to restriction of processing: you may request that we limit how we process your data while a dispute or correction request is being resolved
• Right to object: you may object to processing based on legitimate interests at any time; we will cease such processing unless we can demonstrate compelling legitimate grounds that override your rights
• Right not to be subject to automated decision-making: Estroclic does not make automated decisions with legal or significant effects on you
• Right to lodge a complaint: you have the right to lodge a complaint with your local supervisory authority. In the EU, this is your national Data Protection Authority (DPA). In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk

Our legal basis for processing special category health data under GDPR Article 9 is your explicit consent (Article 9(2)(a)). You may withdraw this consent at any time without prejudice to the lawfulness of processing carried out before withdrawal.

For EU/EEA users, BeeDazl LLC acts as the data controller. Supabase Inc. acts as a data processor under a Data Processing Agreement compliant with GDPR requirements, including Standard Contractual Clauses for international data transfers.

11. Additional Rights for California Users (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: the categories of personal information we collect, the sources, the business purposes, and the categories of third parties with whom we share it
• Right to delete: request deletion of personal information we have collected about you
• Right to correct: request correction of inaccurate personal information
• Right to opt out of sale or sharing: we do not sell or share your personal information, so this right does not apply in practice — but we honour it as a matter of policy
• Right to limit use of sensitive personal information: you may direct us to use your sensitive personal information (health data) only for providing the Service
• Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA rights

To submit a CCPA rights request, email support@estroclic.com with the subject line "CCPA Rights Request." We will verify your identity and respond within 45 days.

12. International Data Transfers

BeeDazl LLC is headquartered in the United States. If you use the Service from outside the US, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your country of residence.

For transfers from the EU/EEA/UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the appropriate safeguard for international data transfers. Our data processing agreements with Supabase and other US-based processors incorporate these SCCs.

13. Security Measures

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, loss, destruction, or alteration, including:

• Encryption in transit: all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
• Encryption at rest: your data is stored in encrypted form on Supabase's infrastructure
• Row-level security (RLS): database policies ensure that each user can only access their own data — no user can read another user's records
• Authentication: passwords are hashed using industry-standard algorithms; we never store plaintext passwords
• Access controls: access to production systems is restricted to authorised personnel only
• Regular updates: we maintain up-to-date dependencies and conduct regular security reviews

Despite these measures, no system is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law (within 72 hours where GDPR applies).

14. Children's Privacy

Estroclic is not directed to individuals under the age of 18, and we do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at support@estroclic.com. We will promptly delete such information from our systems.

If we become aware that we have inadvertently collected personal data from a child under 13 (or under 16 in the EU/EEA), we will take immediate steps to delete it in compliance with the Children's Online Privacy Protection Act (COPPA) and applicable law.

15. Push Notifications

Estroclic sends push notifications to remind you to take your daily pill. To receive these notifications, you must grant notification permissions on your device. You can manage or revoke notification permissions at any time through your device's system settings (Settings → Notifications → Estroclic).

We use Expo's push notification infrastructure to deliver reminders. Your device push token is shared with Expo solely for this delivery purpose. Revoking notification permissions will not affect your account or data.

16. Cookies & Web Tracking

Our website (estroclic.com) may use essential cookies to operate correctly (e.g., remembering your waitlist form submission). We do not use tracking cookies, advertising cookies, or third-party analytics cookies that profile your behaviour across the web.

The Estroclic mobile application does not use cookies. It does use local device storage to maintain your login session.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email at least 14 days before the changes take effect
• Display an in-app notice where appropriate

If you do not agree with a material update, you may delete your account before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

18. Contact & Data Requests

To exercise your rights, submit a data request, report a privacy concern, or ask any question about this Privacy Policy, please contact us:

• Email: support@estroclic.com
• Company: BeeDazl LLC, Wyoming, United States

We aim to respond to all data subject requests within 30 days. For complex requests, we may extend this period by a further 60 days, in which case we will notify you of the extension within the initial 30-day period.