Privacy Policy

1. Who we are

Reyha is a women's cycle intelligence app operated by Reyha Limited, a company registered in England and Wales (company number 17252526), registered office 76 Hecham Close, London E17 5QT, England.

For the purposes of UK GDPR and the Data Protection Act 2018, Reyha Limited is the data controller of the personal information described in this policy. That means we are responsible for deciding how and why your data is used, and for protecting it.

2. The data we collect

We only collect what we need to make Reyha useful to you. This falls into a few categories:

Account information

• Your email address and authentication details
• Optional profile information you choose to provide, such as your name or year of birth

Health and cycle data Special category

Some of the information you log is, under UK GDPR, special category data — data concerning health, which carries the highest level of legal protection. This includes:

• Menstrual cycle dates and the start and end of your period
• Cervical mucus observations and other fertility-awareness signals you choose to record
• Symptoms, mood, energy, sleep quality and training notes you log
• Any conditions you tell us about (for example PCOS, endometriosis, perimenopause) so we can tailor content to you

Wearable and device data

If you choose to connect a wearable (such as Oura, Apple Watch, Garmin or Whoop), we receive biometric signals through our integration partner, Terra. This can include heart rate variability, resting heart rate, skin temperature and sleep data. You control whether to connect a device, and you can disconnect it at any time.

Technical and usage data

• Basic device and app information needed to run the service securely
• How you use core features, so we can improve them

3. Our legal basis for using your data

We rely on the following legal bases under UK GDPR:

• Explicit consent for your health and cycle data. Because this is special category data, we process it under Article 9(2)(a) — your explicit consent. You give this when you choose to log health information or connect a wearable, and you can withdraw it at any time.
• Contract for the information we need to provide the service you've signed up for, such as your account details.
• Legitimate interests for keeping the app secure and improving how it works, balanced carefully against your rights.

You are never required to log health data to use Reyha. Where we rely on consent, withdrawing it is as easy as giving it, and doing so will not affect anything we did lawfully before you withdrew.

4. How we use your data

We use your information to:

• Estimate your cycle phase and surface guidance and education relevant to where you are in your cycle
• Personalise the content you see based on what you log and the signals from any connected wearable
• Maintain your account and keep the service running and secure
• Respond to you when you contact us

We do not sell your data. We do not use your health or cycle data for advertising, and we do not share it with advertisers or data brokers. We do not use your personal health data to train third-party AI models.

5. How content personalisation works

Reyha personalises guidance by taking content we have written in advance and selecting and adapting the most relevant version for you. To do this, signals such as your cycle phase, a cervical mucus observation, sleep quality or training intensity may be sent to our language-model provider to choose and tailor that content.

This processing is governed by data-protection terms that prohibit the provider from using your data to train their models or for any purpose other than returning a result to you. We minimise what is sent and never include information that isn't needed to personalise the content.

6. Who we share data with

We share data only with the service providers we need to run Reyha, and only to the extent necessary. These include:

• Supabase — secure database and authentication hosting for your account and logs
• Terra — the integration layer that connects your wearable, if you choose to link one
• Our language-model provider, for the content personalisation described above
• Infrastructure and hosting providers needed to deliver the service

Each of these acts as a data processor on our behalf, under a written agreement that requires them to protect your data and use it only for the purposes we specify. We may also disclose data where we are legally required to do so.

7. How long we keep your data

We keep your data for as long as your account is active. If you delete your account, we delete your personal data — including your health and cycle data — within 30 days, except where we are legally required to retain limited information for longer.

You can export or delete your data at any time from within the app, or by contacting us.

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct data that is inaccurate or incomplete
• Delete your data ("right to erasure")
• Restrict or object to certain processing
• Withdraw consent at any time, where we rely on it
• Receive your data in a portable format

To exercise any of these rights, contact us using the details below. We will respond within 30 days.

9. Data security

We take security seriously, particularly given the sensitivity of reproductive health data. Our measures include:

• All data encrypted in transit (TLS) and at rest
• Row-level security on our database — your data is accessible only to you
• Access controls limiting who can access user data
• Regular security reviews

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by UK GDPR.

10. International data transfers

We aim to keep your data within the UK and EU. Where any data is processed by a third-party provider outside these regions, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or an adequacy decision) before any transfer takes place.

11. Children

Reyha is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us and we will delete the account and associated data promptly.

12. Medical disclaimer

Reyha is a wellness and self-tracking tool. It is not a medical device and does not provide medical advice, diagnosis, or treatment. Cycle phase estimates are informational. They should not be used as a method of contraception or to make clinical decisions. Always consult a qualified healthcare provider for medical concerns.

13. Changes to this policy

If we make material changes to this policy, we will notify you via in-app notification and email at least 14 days before the changes take effect. The current version will always be available at this URL. Continued use of the app after that date constitutes acceptance of the updated policy.

14. Contact us