Privacy Notice

Last updated: May 22, 2026

Who we are

This notice describes how Grace & Sinew ("we", "us") collects and uses your personal data. We act as the data controller for the personal data you submit to the service.

What we collect

• Account data — email address, hashed password, and authentication identifiers (e.g. from Google sign-in).
• Health & wellness data — the nutrition, hormone, cycle, sleep, HRV, and mood entries you log into the service.
• Support data — messages and attachments you send when you contact us.
• Technical data — IP address, device and browser information, and basic usage telemetry needed to operate and secure the service.

Why we use it and our legal basis

• To provide the service (contract performance) — creating your account, storing your entries, and showing them back to you.
• To keep the service secure (legitimate interests) — preventing fraud, abuse, and unauthorised access.
• To improve the product (legitimate interests) — aggregated, non-identifying usage analytics.
• To support you (contract performance / legitimate interests) — responding to your questions.
• To comply with the law (legal obligation) — for example, tax and accounting records.

Your health and wellness entries are sensitive personal data. We only process them to provide the tracker to you and we do not sell them.

Who we share data with

• Hosting and infrastructure providers that store and serve the application on our behalf.
• Professional advisers such as lawyers and accountants when needed.
• Authorities where we are required to disclose data by law.

We do not sell your personal data and we do not use it for third-party advertising.

International transfers

Some of our service providers may process data outside your country. Where this happens we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) to protect your data.

How long we keep it

We keep your account and health data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, unless we are required to keep it longer for legal, tax, or security reasons.

Your rights

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• delete your data ("right to be forgotten");
• restrict or object to certain processing;
• receive a copy of your data in a portable format;
• withdraw consent where processing is based on consent;
• complain to your local data protection authority.

To exercise these rights, contact us using the support email shown in your account settings. We will respond within one month.

Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and row-level security on our database.

Cookies

We use only essential cookies and similar storage needed to keep you signed in and to operate the service. We do not use third-party advertising cookies. If this changes we will update this notice and provide a cookie preferences control.

Changes

We may update this notice from time to time. The "last updated" date above will reflect the latest revision.

See also our Terms of Service.