Last Updated: July 11, 2026
We operate under absolute zero-knowledge guidelines. Your credentials and cycle records are decoupled and encrypted using device-side keys. We cannot read your logs even if requested. Your body's data belongs strictly to you.
EveFlow collects information to provide personalized cycle, pregnancy, and fitness syncing advice. Depending on your choice of account type (Anonymous vs. Standard), some data points are completely localized. We collect raw logged events (flow level, cramps, mood, energy levels), skin temperature deviations, and sleep architectures.
If you select our Anonymous Mode, authentication keys are created locally using device-bound cryptography. We do not prompt you for names, phone numbers, or email addresses, meaning logged inputs cannot be connected back to your offline identity. If you select email sign-in, credentials are hashed using modern cryptographic salts.
Health vitals (heart rate variability, sleep stages, sleeping skin temperatures) imported from Oura, Apple Health, or Garmin are compiled to compute cycle wave deviations. All health metrics are encrypted on-device via AES-2CM-256 before transport to cloud sync targets. We hold no decryption keys, ensuring zero broker access.
Conversations with our AI Coach are decoupled from email identifiers and hashed with ephemeral tokens. Conversational logs are stored only to maintain active dialogue context and are systematically purged from cache systems. We do not use your dialogues to train public LLM models.
We utilize anonymous, aggregated telemetry analytics to monitor server speeds and index prediction accuracies. These indicators contain zero identifying elements, zero advertising tracker payloads, and comply fully with GDPR guidelines for privacy-first operations.
In the event of an application crash, a non-identifying trace log containing device specifications (OS version, device model, line error location) is transmitted to help our developers fix bugs. These crash logs do not include credentials, names, cycle stages, or biometric counts.
We do not place tracking cookies or advertising scripts on your device. We use basic local session flags to persist your dark theme settings and keep your dashboard logged in. No cross-site or behavioral cookie logging is deployed.
We employ industry-leading protocols. Data is encrypted in transit using TLS 1.3 and encrypted at rest on our secure servers. Because we deploy zero-knowledge protocols, a security breech on our servers would still yield only mathematically encrypted files that cannot be decoded.
Under the General Data Protection Regulation (GDPR), you possess absolute rights: the right to inspect your logged metrics, the right to download a readable JSON backup of your telemetry logs, and the right to request immediate erasure of your records from our databases.
You can delete your account and all associated biological data at any time directly inside the Settings tab of the EveFlow app. Once clicked, a hard-delete trigger is fired, immediately erasing your database columns and purging all backups from our server instances.
If you have any questions concerning E2E keys, data export options, or erasure requests, reach our privacy protection lead at:
support@eveflow.health