Privacy Policy

Last updated: February 18, 2026

Quick Summary

  • We never sell your personal data to anyone.
  • We do not collect your device ID or precise location.
  • Your health data is only processed with your explicit consent.
  • You can opt out of analytics tracking at any time in app settings.
  • You can delete your account and all data instantly from the app.

Please read the full policy below for complete details.

At Astraea ("we", "us", "our"), operated by App Branch, LLC, we believe your data is deeply personal. This Privacy Policy explains how we collect, use, and protect your information with the care it deserves. We will never sell your data.

1. Information We Collect

Personal Information

When you use Astraea, we collect your name and age to personalize your experience. We use anonymous authentication, meaning you don't need to provide an email address to use the app.

PCOS-Related Data

  • PCOS status and related symptoms
  • Symptom logs (fatigue, mood, pain levels)
  • Menstrual cycle data and last period date
  • Medications and supplements you track
  • Weight, water intake, and other tracked metrics

Photos

When you use our Food Scanner feature, photos of meals are processed by our AI to provide PCOS-focused nutritional information. Photos are sent to OpenAI for processing and are not permanently stored.

AI Interactions

Messages you send to our AI assistant are processed to provide personalized information. Your conversation history may be stored to improve your experience. AI responses are for informational purposes only and do not constitute medical advice.

Usage Data

We track your usage of AI features (chat messages and food scans) to manage feature limits for free and premium users.

Analytics Data

We use Mixpanel, a third-party analytics service, to understand how our app is used and to improve your experience. This includes:

  • App usage patterns (e.g., features used, screens visited)
  • Session information (app opens, session duration)
  • Device information (platform, OS version, app version)
  • Subscription status (free or premium)
  • Onboarding completion status

Analytics data is associated with a randomly generated pseudonymous identifier. We do not collect your device ID (IDFA, IDFV, Android ID), nor do we derive your location from your IP address. Analytics data does not include your name, health data, or symptom logs. You can opt out of analytics tracking at any time in the app settings under Privacy & Data.

What We Do NOT Collect

To be clear, Astraea does not collect:

  • Device identifiers (IDFA, IDFV, Android ID, or any hardware ID)
  • Precise or approximate location (GPS or IP-derived)
  • Contacts, call logs, or SMS data
  • Browsing history outside the app
  • Data from other apps on your device

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Data Type Legal Basis Purpose
Health & symptom data Your explicit consent Provide personalized tracking and insights
AI interactions & photos Your explicit consent Power AI assistant and Food Scanner features
Analytics data Your consent (opt-in during onboarding) Improve app experience and fix issues
Account data (name, age) Contract performance Provide and personalize the service
Subscription data Contract performance Manage subscriptions and billing
Security & error logs Legitimate interest Maintain app security and stability

3. Consent & Your Choices

Your consent is required before we process your health data or enable analytics. During onboarding, we present a dedicated consent screen where you must actively agree to:

  • The processing of your health data for personalized tracking and AI-powered insights
  • Our Privacy Policy and Terms of Service

You cannot proceed without providing consent. You may withdraw your consent at any time by:

  • Analytics: Toggle off analytics tracking in Settings → Privacy & Data
  • All data: Delete your account in Settings → Account → Delete Account, which immediately and permanently removes all your data
  • Contact us: Email support@pcoshealth.app to request data deletion or withdrawal of consent

Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

4. How We Use Your Data

  • Provide personalized insights and information
  • Track and analyze your symptoms over time
  • Power our AI assistant with relevant context
  • Improve our services and develop new features
  • Send important updates about your account

We do not use your health data for advertising, marketing, or any purpose other than providing and improving the service for you.

5. AI Features & Data Processing

Our AI assistant and Food Scanner use OpenAI's technology:

  • AI Chat: Your messages and relevant context are sent to OpenAI. Your name is not included in AI requests. AI responses are for informational purposes only.
  • Food Scanner: Photos are sent to OpenAI for PCOS-focused nutritional information. Photos are processed in real-time and not permanently stored by OpenAI. Scores are informational indicators, not clinical assessments.
  • AI responses are generated based on your profile to provide personalized PCOS-friendly suggestions, not medical advice.
  • We track your AI usage (number of chats and scans) to manage feature limits.

OpenAI processes data on our behalf as a data processor. Per our agreement with OpenAI, data sent through the API is not used to train their models. For more information, see OpenAI's Privacy Policy.

6. Third-Party Services

We share your data with the following third-party service providers, who act as data processors on our behalf:

  • Supabase: Secure database and authentication (hosted in the United States)
  • OpenAI: AI-powered features — receives anonymized conversation context and food photos only (United States)
  • RevenueCat: Subscription management (United States)
  • Apple/Google: In-app purchases and authentication
  • Mixpanel: Product analytics — receives only pseudonymous usage data, no health data (United States)

We do not sell, rent, or trade your personal data to any third party. These service providers are contractually required to process your data only as instructed by us and to maintain appropriate security measures.

7. International Data Transfers

Astraea is operated by App Branch, LLC, based in the United States. Your personal data is transferred to and processed in the United States, where our service providers (Supabase, OpenAI, RevenueCat, Mixpanel) are located. The laws in the United States may differ from the data protection laws in your country.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction with data transfer restrictions, please be aware that by using Astraea and providing your consent during onboarding, you consent to the transfer of your data to the United States. We take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.

8. Data Storage & Security

We understand that personal data, especially related to PCOS and menstrual cycles, is highly sensitive. We protect it with:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Row-level security policies in our database
  • Anonymous authentication (no email required)
  • Strict access controls and regular security reviews

Your data is stored on secure cloud servers provided by Supabase in the United States.

Security Incidents: In the unlikely event of a data breach that affects your personal data, we will notify you via the app or email (if available) and the relevant data protection authorities, as required by applicable law, within 72 hours of becoming aware of the breach.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account through the app settings, all your personal data is immediately and permanently deleted from our systems.

If you simply uninstall the app without deleting your account, we will retain your data for up to 2 years in case you decide to return. After 2 years of inactivity, your data will be automatically deleted.

You can also request deletion at any time by emailing us at support@pcoshealth.app.

10. Your Rights

Regardless of where you live, we provide the following rights to all users:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your data ("right to be forgotten") — instantly via the app
  • Portability: Export your data in a common format (available in Settings)
  • Restriction: Request that we limit processing of your data
  • Objection: Object to certain processing activities
  • Withdraw consent: At any time, without affecting the lawfulness of prior processing

To exercise any of these rights, use the in-app settings or email us at support@pcoshealth.app. We will respond to your request within 30 days.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

Astraea is intended for users aged 13 and older (16 and older for residents of the European Economic Area and the United Kingdom). We do not knowingly collect personal information from children under these age thresholds. If you believe a child under the applicable age has provided us with personal data, please contact us at support@pcoshealth.app and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy in the app and, where possible, by sending you a notification. Your continued use of Astraea after the changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

Questions about your privacy? Reach out to us:

App Branch, LLC

131 Continental Dr Suite 305

Newark, DE 19713, United States

Email: support@pcoshealth.app