Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how PERIOD DEALER LTD, registered at 123 Promenade, Second Floor, Cheltenham, England, GL50 1NW, company number 16173056 (“we,” “us,” or “our”) handles information in connection with the Bleed mobile application (“App”). We are the data controller for the limited information described in this Policy.

By installing and using the App, you acknowledge that you have read and understood this Policy.

The App is an offline-first, privacy-focused period tracking tool. You do not need to create an account, provide an email address, or share any personal information to use any feature of the App. Health data entered into the App is stored exclusively on your device and is not transmitted to or accessible by us.

2. No Account, No Identifiers

The App does not require registration. We do not collect or store:

• Your name
• Your email address
• Your phone number
• Your physical or postal address
• Any government-issued identifier
• Any social media handle
• Any account credentials of any kind

There is no log-in screen and no sign-up flow. The App is fully usable from the moment it is installed.

3. What Stays on Your Device

All of the following information is stored locally on your device only. It is never transmitted to our servers:

• Period log (start dates, end dates, flow)
• Symptoms, moods, and notes
• Intimacy log
• Personal cycle journal entries
• Predictions for upcoming periods and the fertile window (calculated on-device)
• Historical cycle analytics
• Any data you import from Apple Health (see Section 4)
• Any JSON backup file you export from the App
• Any doctor's report or summary you export from the App
• Biometric or passcode lock state, which is handled by your device's operating system

We have no ability to view, retrieve, or restore any of this information.

4. Apple Health

During first-time setup, the App offers you a choice: import your existing cycle data from Apple Health, or start fresh with a clean slate. This is entirely optional, and you can decline.

If you choose to import:

• The import is a one-time read performed on your device. The App does not continuously pull data from Apple Health in the background.
• The App reads your cycle data from Apple Health on your device only.
• The imported data is copied into your local on-device records.
• The data is never transmitted from your device to our servers, and we cannot see it.
• Apple Health itself is governed by Apple's privacy controls. We do not interact with Apple Health beyond the one-time on-device read you authorise.

If you choose to start fresh, the App does not read anything from Apple Health.

You can review and manage Apple Health permissions at any time from iOS Settings → Privacy & Security → Health → Bleed.

5. Information That Leaves Your Device

The App is offline-first, but a small number of network interactions exist. None of them involve your name, email, phone number, identity, or health data. The complete list is:

a) In-app messaging. Periodically (and at most every 48 hours), the App checks our server for new messages from us — for example, occasional notes from the founder, product updates, or research updates. The check itself reveals only that a Bleed app instance polled for messages. It does not include any identifier we can link back to you.

b) Optional message responses. Some in-app messages may invite a response (a like, a dislike, a rating, or a short text reply). Replying is entirely optional. If you reply, only the content of your response is stored. We do not capture, attach, or infer who sent it.

c) Optional feedback form. If you choose to send us feedback through the in-app feedback form, the text you submit is sent to our server. We do not capture your name, email, or any device identifier. Only the content of the message is stored, and only because you chose to send it.

d) Optional support (donation) processing. If you choose to support the App with an optional in-app contribution, the payment is handled by Apple and processed via RevenueCat (see Section 6). We do not receive or store your name, email, payment card, or billing details. No cycle, period, or health data is involved in the support flow.

We do not collect, transmit, or store any other information from your device.

6. Support (Optional Contributions)

The App is free to use. There are no paid tiers, no subscriptions, and no features hidden behind any paywall — and that is never changing.

If you wish to support the App, you can choose to make an optional one-time contribution from within the App. Supporting Bleed is purely voluntary. It does not unlock features, remove anything, or change how the App behaves in any way.

Support payments are handled by:

a) Apple In-App Purchase. Apple processes the payment under its own privacy and payment terms.

b) RevenueCat. We use RevenueCat to facilitate the in-app purchase. RevenueCat is the data controller for the limited technical data it processes (such as a RevenueCat-generated app user ID, purchase events, and basic diagnostics) for the purpose of completing the transaction.

We do not see, store, or process your payment card, billing address, name, or email. You can review RevenueCat's privacy practices and terms here:

• RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
• RevenueCat Terms of Service: https://www.revenuecat.com/terms

If you have a question about a support contribution or want to request a refund, contact us (see Section 18) and we will direct you through the Apple refund process.

7. Information We Do Not Collect

We do not collect, store, or process any of the following:

• Health, cycle, or reproductive data
• Apple Health data
• Location or geolocation data
• Device identifiers (IDFA, advertising ID, MAC address, IMEI)
• Usage analytics, crash analytics, or behavioural analytics SDKs
• Browsing behaviour or cookies
• Contact lists, photos, or other device content
• Any data through third-party advertising networks or data brokers
• Apple Push Notification (APNs) tokens — the App does not use push notifications
• Names, emails, phone numbers, or any other personal identifiers

8. Health Data and Special Category Data

Cycle data, period tracking data, symptoms, intimacy logs, and any related health information you enter into the App is classified as special category data (health data) under Article 9 of the UK GDPR.

This data is stored locally on your device only. It is never transmitted to our servers or to any third party. We have no ability to view, access, or retrieve it.

The legal basis for processing this data on your device is your explicit consent (Article 9(2)(a) UK GDPR), which you provide by choosing to enter health information into the App. You may withdraw this consent at any time by deleting your data through the App or uninstalling the App.

9. Data Backup and Recovery

Because your health data is stored solely on your device, we have no ability to recover it in the event of device loss, damage, theft, or factory reset. You are solely responsible for maintaining backups.

The App provides a data export function in Settings. This feature lets you download your data as a JSON file, which you may store wherever you choose. You may upload this file back into the App at any time to restore your data. The export and any device-level backup (iCloud, Google Drive, etc.) are governed by the policies of whichever service you choose to store them in, not by us.

10. Legal Basis for Processing

Under UK GDPR Article 6, our legal bases for the limited processing described above are:

a) In-app messaging poll, message responses, and feedback submissions. Legitimate interest (Article 6(1)(f)). We have a legitimate interest in being able to communicate with users of the App and in receiving voluntary feedback to improve the product. The processing is minimal, anonymous, and contains no identifiers we can attribute to you.

b) Optional support contributions. Contractual necessity (Article 6(1)(b)) for completing the transaction you initiated, and legitimate interest (Article 6(1)(f)) for retaining basic transaction records. We do not receive or store payment or identity details ourselves.

c) Health data on your device. Explicit consent (Article 9(2)(a)). You choose to enter health data into the App. The data is processed locally and never reaches our servers.

11. Third-Party Services

a) Apple In-App Purchase and Apple Health. Apple's privacy policy applies to data Apple processes on its own platforms: https://www.apple.com/legal/privacy/

b) RevenueCat. RevenueCat processes transaction data for support contributions under its own privacy policy: https://www.revenuecat.com/privacy

c) No analytics, advertising, or tracking SDKs. The App contains no analytics SDKs, no advertising SDKs, no marketing automation, no third-party tracking, and no data brokers.

d) Device-level backups.If your device automatically backs up app data through iCloud, Google Drive, or similar services, those backups are governed by the respective provider's privacy policy, not this Policy.

12. International Data Transfers

The data described in Section 5 (the in-app messaging poll, optional message responses, and optional feedback content) is stored on servers located in the United Kingdom.

RevenueCat may process transaction data in countries outside the United Kingdom, including the United States. RevenueCat maintains appropriate safeguards for international transfers (Standard Contractual Clauses or equivalent) under its own privacy policy.

13. Data Retention

a) In-app message poll requests. Aggregated only — not retained in any form that could be linked to a specific user or device.

b) Optional message responses and feedback content. Retained while operationally useful for product decisions, then deleted on a rolling basis. Because these submissions are anonymous, we cannot retrieve, attribute, or selectively delete an individual submission on request.

c) Support transaction records. Held by Apple and RevenueCat under their own retention practices and applicable tax obligations. We do not receive or store the transaction details ourselves.

d) Health data on your device. Under your control. You may delete it at any time through the App or by uninstalling.

14. Your Rights

Under UK GDPR you have rights in relation to personal data we hold about you. Because the App does not collect or store any data that identifies you, we hold no records that we can link back to you specifically. As a result:

• We cannot produce a record of “your” data, because we do not know which submissions came from you.
• We cannot selectively delete a single feedback or response, for the same reason.
• You can fully exercise control over your health data by deleting it in-app or uninstalling the App.

If you have a general privacy question or wish to raise a concern, contact us at info@mybleed.io. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113

15. Children's Privacy

The App is not intended for use by individuals under the age of 18. Because we do not collect identifying information, we cannot verify age. If you are under 18, do not use the App.

16. Security

Health data stored on your device is protected by your device's own security measures. We recommend enabling a device passcode and biometric lock.

The minimal data sent in the interactions described in Section 5 is transmitted over encrypted connections. No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

17. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you through the App prior to the changes taking effect. The “Last updated” date at the top of this Policy indicates when it was most recently revised. Continued use of the App after changes take effect constitutes acceptance of the revised Policy.

18. Contact

If you have questions about this Policy or any privacy-related concerns, please contact us at:

PERIOD DEALER LTD
123 Promenade, Second Floor, Cheltenham, England, GL50 1NW
info@mybleed.io

Or through the support information provided in the App.