Privacy Policy

Your symptoms, journal entries, and check-ins are some of the most personal data you can put into a piece of software. We treat them that way. This policy explains what we collect, why, and what you can do about it.

1. Who we are

Desperate Healthwives ("we", "us", "our") provides a private symptom tracking, journaling and pattern-recognition tool. For questions about this policy, contact privacy@desperatehealthwives.com.

2. What we collect

Account data

• Email address (for sign-in and security notifications)
• Encrypted password, or an OAuth identifier if you sign in with Google
• Display name (optional)

Health and journal data you give us

• Symptom logs (category, symptom, severity, notes, timestamp)
• Daily check-ins (mood, energy, sleep, stress, cycle day, notes)
• Journal entries
• Onboarding answers (age range, cycle status, primary concerns)
• Appointment briefs you generate
• Community posts you choose to publish (anonymous by default)

Technical data

• Basic usage information (page views, error logs)
• Device and browser metadata

We do not knowingly collect data from anyone under 16.

3. How we use it

• To run the service and show you your own case file
• To generate the patterns, summaries and appointment briefs you ask us to generate
• To keep accounts secure and prevent abuse
• To send essential account email (sign-in, password reset, security)

We do not sell your data. We do not use your symptom or journal content to train third-party AI models. We do not run advertising or behavioural ad tracking.

4. Who processes your data

We use a small number of vetted infrastructure providers ("sub-processors") to run the service:

• Cloud hosting and database (encrypted at rest and in transit)
• Authentication infrastructure
• Transactional email delivery
• An AI inference provider, called only when you generate an appointment brief or summary

When you generate an AI brief, the relevant logs and notes are sent to the AI provider to produce the output. Providers are contractually prohibited from using your content for training.

5. Your rights (GDPR, UK GDPR, CCPA)

You can, at any time:

• Access a copy of your data
• Correct inaccurate data
• Delete your account and all associated case-file data
• Export your dossier as a portable file
• Withdraw consent at any point
• Object to processing or lodge a complaint with your local data protection authority

Email privacy@desperatehealthwives.com and we will act within 30 days.

6. Data retention

We keep your data for as long as your account is active. When you delete your account, your symptom logs, journal entries, check-ins and briefs are deleted within 30 days, except where we are required to retain limited records for legal or fraud-prevention reasons.

7. Security

All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, logged, and audited. Row-level security policies on our database mean one user cannot read another user's case file. No system is ever 100% secure — if we discover a breach affecting your data, we will notify you without undue delay.

8. International transfers

Our infrastructure providers may process data outside your country of residence. Where required we rely on Standard Contractual Clauses and equivalent safeguards.

9. Changes to this policy

We will post material changes here and, if significant, notify you by email before they take effect.