Legal

Privacy Policy

Last updated: May 9, 2026 — Controller: Femiloops (“we”, “us”). This Policy describes processing under the EU/UK GDPR where applicable, and references Turkish Law No. 6698 on the Protection of Personal Data (KVKK) for users in Türkiye where relevant.

1. Who we are and how to contact us

Femiloops acts as a controller of personal data processed through the Service. You may contact us via the Contact form or any additional channels we publish for privacy requests.

2. Categories of personal data

Depending on how you use the Service, we may process:

  • Identity & contact: name, email address, account identifiers.
  • Device & usage: device model, OS/app versions, diagnostic logs, cookies or similar identifiers on the web.
  • Health-related data you choose to enter: period-related dates, ovulation estimates, pregnancy week, symptoms, or related notes. Such data may qualify as special category data under GDPR Article 9 and/or sensitive data under KVKK, and is processed only where a lawful basis applies (for example explicit consent where required, or another statutory basis).
  • Payment-related records: transactions may be processed by app stores or payment providers; we typically do not store full card numbers.
  • AI interactions: chat inputs/outputs may be processed to operate, secure, and improve features; retention may be limited and policies may vary by feature.

3. Purposes of processing

  • Provide accounts, authentication, and core features,
  • Deliver predictions, reminders, and personalized educational content you request,
  • Maintain security, prevent fraud and abuse, and enforce policies,
  • Analyze reliability and performance (preferably using aggregated or de-identified data where feasible),
  • Comply with legal obligations and respond to lawful requests,
  • Send optional communications where permitted and separately consented when required.

4. Legal bases (GDPR)

Where GDPR applies, we rely on appropriate bases such as: performance of a contract, legitimate interests (balanced against your rights), legal obligation, or consent—particularly for special category data or marketing where consent is required.

5. International transfers

We may use service providers in other countries. Where GDPR applies, we implement appropriate safeguards (for example Standard Contractual Clauses) and comply with transfer rules. For transfers subject to KVKK, we follow applicable authorization or commitment mechanisms.

6. Sharing with processors and partners

We may share data with vendors that host infrastructure, provide analytics/crash reporting, customer support tools, email delivery, or payment processing, strictly as needed to operate the Service under contractual security obligations.

7. Retention

We retain personal data only as long as necessary for the purposes above, including legal retention periods. When retention ends, we delete or anonymize data, subject to limited backups and security logs.

8. Security

We implement technical and organizational measures such as access controls, encryption where appropriate, monitoring, and staff training. No method of transmission or storage is 100% secure; please report suspected incidents promptly.

9. Your privacy rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object, data portability, and withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority (for example, under GDPR) or with the Turkish Personal Data Protection Authority (KVKK) where applicable.

We may need to verify your identity before fulfilling requests. We will respond within statutory timelines (for example, within one month under GDPR, subject to extensions where permitted).

10. Cookies and similar technologies (web)

Our website may use cookies or local storage for essential functionality, preferences, or analytics. You can manage cookies via browser settings; disabling some cookies may affect features.

11. Children

The Service is not directed to children without compliant parental consent where required. If you believe we have collected data from a child without proper authority, contact us and we will take appropriate steps.

12. Automated decisions

Some features may produce automated outputs (including AI). These outputs are assistive and informational; they are not intended as solely automated decisions with legal or similarly significant effects under Article 22 GDPR without appropriate safeguards and transparency.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where required, provide additional notice.