Bleed

Privacy Policy

Last updated: 26 February 2026

Plain-language summary

We built this app so you can track your cycle without anyone watching. Everything you log stays on your phone. We don't track your location, we don't run analytics, and we don't sell anything to advertisers. No trackers, no cloud sync. Just tools. The app works offline. You only need internet to sign in or register. You can wipe your data whenever you want, and there's a passcode lock if someone else picks up your phone.

1. Introduction

This Privacy Policy (“Policy”) describes how BUCHLING LTD, registered at 123 Promenade, Second Floor, Cheltenham, England, GL50 1NW, company number 16173056 (“we,” “us,” or “our”) collects, uses, and protects information in connection with the Bleed mobile application (“App”). We are the data controller for the personal data described in this Policy.

By creating an account or using the App, you acknowledge that you have read and agree to this Policy.

The App is designed as an offline-first, privacy-focused period tracking tool. Health data entered into the App is stored exclusively on your device and is not transmitted to or accessible by us.

2. Information we collect

We collect and store the following limited information on our servers:

a) Account information. When you register, we collect the email address associated with your chosen authentication method (email, Google Sign-In, or Apple Sign-In). Providing an email address is a contractual requirement for account creation. Without it, you cannot register or use the App.

b) Donation records. If you voluntarily make a donation through the App, we store the donation amount and the date of the transaction.

We do not collect, transmit, or store any other personal data, health data, or usage data on our servers.

3. Information we do not collect

We do not collect, store, or process any of the following:

  • Health, cycle, or reproductive data
  • Location or geolocation data
  • Device identifiers or usage analytics
  • Browsing behaviour or cookies
  • Contact lists, photos, or other device content
  • Any data through third-party analytics, advertising networks, or data brokers

4. Health data and special category data

Cycle data, period tracking data, and related health information you enter into the App is classified as special category data (health data) under Article 9 of the UK GDPR.

This data is stored locally on your device only. It is never transmitted to our servers or any third party. We have no ability to view, access, or retrieve it.

The legal basis for processing this data on your device is your explicit consent (Article 9(2)(a) UK GDPR), which you provide by choosing to enter health information into the App. You may withdraw this consent at any time by deleting your data through the App or uninstalling the App.

5. Information stored on your device

All health-related data you enter into the App, including cycle data, health notes, and personal logs, is stored locally on your device only. This data is never transmitted to our servers or any third party. We have no ability to view, access, or retrieve this data.

The App functions fully offline. An internet connection is required only for account registration and sign-in.

6. Data backup and recovery

Because your health data is stored solely on your device, we have no ability to recover it in the event of device loss, damage, theft, or factory reset. You are solely responsible for maintaining backups of your data.

The App provides a data export function accessible in Settings. This feature allows you to download your data as a JSON file, which you may store in a location of your choosing. You may upload this file back into the App at any time to restore your data.

7. Legal basis for processing

Under UK GDPR Article 6, our legal bases for processing your data are:

a) Email address. Contractual necessity (Article 6(1)(b)). Processing your email is necessary to create and maintain your account.

b) Donation records. Legitimate interest (Article 6(1)(f)). We retain donation records for financial record-keeping of voluntary transactions. We also have a legal obligation under UK tax law to maintain these records (Article 6(1)(c)).

c) Health data on your device. Explicit consent (Article 9(2)(a)). You choose to enter health data into the App. This data is processed locally on your device and never reaches our servers.

8. Third-party services

a) Authentication providers. We use Google and Apple as third-party authentication providers for account registration and sign-in. These services process your authentication credentials in accordance with their respective privacy policies:

b) No other third-party processing. We do not use third-party analytics, advertising networks, cloud storage providers, or any external services that process your personal or health data.

c) Device-level backups. If your device automatically backs up app data through iCloud, Google Drive, or similar services, such backups are governed by the respective provider's privacy policy, not this Policy.

9. International data transfers

When you sign in using Google or Apple authentication, your authentication data may be processed in countries outside the United Kingdom, including the United States. Google and Apple maintain appropriate safeguards for international transfers, including Standard Contractual Clauses and adequacy decisions where applicable. Refer to their privacy policies (linked in Section 8) for details.

Your email address and donation records are stored on servers located in London, United Kingdom.

10. Data retention

a) Email address. Retained for as long as your account remains active. Deleted within 30 days of an account deletion request.

b) Donation records. Retained for 7 years from the date of the transaction, in accordance with UK tax record-keeping requirements (HMRC). After this period, records are deleted.

c) Health data on your device. Under your control. You may delete it at any time through the App or by uninstalling the App.

You may delete your account and all associated data through the Delete Account option in Settings. This removes all data from your device and deletes your account from our servers. You may also request deletion by contacting us (see Section 15).

11. Your rights

Under UK GDPR, you have the following rights regarding the personal data we hold about you (email address and donation records):

a) Right of access. You can request a copy of the personal data we hold about you.

b) Right to rectification. You can request correction of inaccurate personal data.

c) Right to erasure. You can delete your account directly through the Delete Account option in Settings, which wipes all data from your device and removes your account from our servers. You can also request deletion by contacting us. We will delete your account and associated data within 30 days, subject to any legal obligation to retain certain records.

d) Right to restriction of processing. You can request that we limit how we use your data in certain circumstances.

e) Right to data portability. You can request your personal data in a structured, commonly used, machine-readable format.

f) Right to object. You can object to processing based on legitimate interest (donation records).

g) Right to withdraw consent. Where processing is based on consent (health data on your device), you may withdraw consent at any time by deleting your data or uninstalling the App.

h) Rights related to automated decision-making. We do not make any automated decisions about you, including profiling.

To exercise any of these rights, contact us (see Section 15). We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

12. Children's privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us (see Section 15).

13. Security

Health data stored on your device is protected by your device's own security measures. We recommend enabling a passcode, biometric lock, or both on your device.

Account information and donation records stored on our servers are protected using industry-standard security measures, including encryption in transit and at rest. No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

14. Changes to this policy

We may update this Policy from time to time. If we make material changes, we will notify you through the App prior to the changes taking effect. The “Last updated” date at the top of this Policy indicates when it was most recently revised. Continued use of the App after changes take effect constitutes acceptance of the revised Policy.

15. Contact

If you have questions about this Policy, wish to exercise your rights, request deletion of your account data, or have any privacy-related concerns, please contact us at:

BUCHLING LTD
123 Promenade, Second Floor, Cheltenham, England, GL50 1NW
info@mybleed.io

Or through the support information provided in the App.