PRIVACY POLICY
Last Updated: April 17, 2026
This Privacy Policy describes how Asteria LLC ("Pregmate," "we," "us," or "our") collects, uses, discloses, and protects your information when you use our mobile application ("App"), our website, and related products and services (collectively, the "Services").
Pregmate is a consumer wellness app that helps users track their menstrual cycles, fertility, and pregnancy. Pregmate is not a medical device, and nothing in our Services constitutes medical advice, diagnosis, or treatment. We understand that the information you share with us — including reproductive health data — is deeply personal. We are committed to handling it with care, transparency, and respect for your autonomy.
If you have questions about this Privacy Policy, please contact us at support@pregmate.app.
1. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically, and information received from third parties.
A. Information You Provide
When you create an account or use our Services, you may provide:
- Account Information. Your name, email address, and password, or credentials from Apple Sign-In or Google Sign-In.
- Profile and Health Information. Information you enter to use our tracking features, such as date of birth, menstrual cycle dates, symptoms, fertility observations, pregnancy milestones, and other reproductive health data. See Section 2 for more detail.
- Test Scanner Images. If you use our pregnancy, ovulation, or menopause test scanner feature, photographs of your test strips. See Section 2 for how we handle these images.
- Communications. Information you provide when you contact our support team or respond to surveys.
B. Information Collected Automatically
When you use our Services, we automatically collect:
- Device Information. Device model, operating system and version, unique device identifiers, IP address, language settings, and mobile carrier.
- Usage Information. How you interact with the App, including screens viewed, features used, actions taken, and the dates and times of your interactions.
- Advertising Identifiers. If you grant permission through Apple's App Tracking Transparency prompt, we may collect your device's Identifier for Advertisers (IDFA). See Section 4.
- Approximate Location. We may infer your general location from your IP address. We do not collect precise GPS location data.
- Crash and Performance Data. Error reports and performance metrics used to maintain and improve the App.
C. Information from Third Parties
We may receive limited information from third-party services, including:
- Authentication Providers. If you sign in using Apple or Google, we receive your name, email address, and a unique account identifier. We do not receive your password.
- Attribution Partners. Our advertising attribution partners (currently Adjust and AppsFlyer) may provide us with information about how you discovered or installed the App, such as the advertising campaign or source that referred you. This information is tied to device-level identifiers, not to your health data.
- Payment Processors. Stripe and the Apple App Store / Google Play Store provide us with transaction confirmation and subscription status information. We do not receive or store your full credit card number.
2. Sensitive Health Information
We recognize that reproductive health data is among the most personal information a person can share. This section describes specifically what sensitive health information we collect, how we use it, and how we protect it.
What We Collect
- Cycle and Fertility Data. Menstrual cycle dates, period length, ovulation predictions, fertility window estimates, symptoms, basal body temperature, and related observations you enter.
- Pregnancy Data. Pregnancy milestones, due dates, and related information you choose to track.
- Test Scanner Images and Results. When you use our test scanner, you photograph a physical pregnancy, ovulation, or menopause test strip. The photograph is uploaded to our servers (hosted on Amazon Web Services in the United States) and processed to provide you with a result interpretation. The photograph is stored on our servers.
- Menopause-Related Data. Symptoms, test results, and related information if you use our menopause tracking features.
How We Use Sensitive Health Data
We use your sensitive health information for the following purposes:
- To provide and personalize the Services. This includes generating your cycle predictions, fertility windows, pregnancy timelines, test result interpretations, and Daily Insights content.
- Daily Insights. We provide personalized informational content based on your cycle phase, pregnancy week, or other health data you have entered. This content is currently editorially curated. In the future, we may use artificial intelligence or machine learning to generate or personalize this content. If we make this change, we will update this Privacy Policy and notify you within the App. Daily Insights are informational only and are not medical advice.
- To improve our test scanner accuracy. We use stored test images to train and improve our machine-learning models and to perform quality assurance on our scanning algorithms. When images are used for these purposes, we take steps to separate them from your account-level personally identifiable information where feasible.
- To improve the Services generally. We may use de-identified or aggregated health data to understand usage patterns, improve features, and conduct internal research.
How We Protect Sensitive Health Data
- Sensitive health data is encrypted in transit (TLS) and at rest.
- We do not sell your health data. We do not share your health data with advertisers, data brokers, or any third party for their own marketing purposes.
- We do not use your health data for advertising targeting. Advertising-related data processing (described in Section 4) uses only device-level identifiers and subscription events — never your cycle dates, test results, pregnancy status, or other health information.
- Access to health data within our organization is restricted to personnel who need it to provide or improve the Services.
- For our law enforcement access commitments regarding health data, see Section 9.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Services. Operating the App, creating and maintaining your account, processing your transactions, delivering features you request, and providing customer support.
- Personalization. Tailoring content, including Daily Insights, to your health profile and preferences.
- Improvement and Research. Analyzing usage patterns, diagnosing technical issues, testing new features, and improving the accuracy of our test scanner and other features.
- Advertising and Attribution. Measuring the effectiveness of our advertising campaigns and, with your permission, serving relevant advertisements. See Section 4.
- Analytics. Understanding how users interact with the App to improve the user experience. See Section 5.
- Communications. Sending you service-related messages (such as account verification, subscription confirmations, and technical notices), and, where you have opted in, promotional communications. You can opt out of promotional communications at any time.
- Security and Fraud Prevention. Protecting against unauthorized access, misuse, and fraudulent activity.
- Legal Compliance. Complying with applicable laws, regulations, and legal processes.
Legal Bases for Processing (EEA, UK, and Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
- Contract. Processing necessary to provide you with the Services you have requested.
- Consent. Processing of sensitive health data (Article 9 of the GDPR) is based on your explicit consent, which you may withdraw at any time. Processing of advertising identifiers is also based on your consent.
- Legitimate Interests. Processing for analytics, security, and service improvement, where our interests do not override your fundamental rights.
- Legal Obligation. Processing necessary to comply with applicable law.
4. Advertising, Tracking, and Attribution
App Tracking Transparency (ATT)
When you first launch the Pregmate App (or begin a free trial), we will ask your permission to enable tracking across other companies' apps and websites via Apple's App Tracking Transparency framework. If you allow tracking:
- We will link subscription events and in-app activity with your device's advertising identifier (IDFA) to measure advertising performance, attribute conversions, and build audiences for retargeting.
- We share this device-level data with our attribution partners (currently Adjust and AppsFlyer) and may share it with advertising networks.
Important:
- We do not use your health data (cycle dates, test results, pregnancy status, symptoms, or test images) for advertising purposes. Only device identifiers and subscription/transaction events are used.
- You are never required to enable tracking to use the Pregmate App.
- You can decline the ATT prompt or change your choice at any time via Settings → Privacy & Security → Tracking on your iOS device.
SKAdNetwork
Even if you decline tracking, Apple's SKAdNetwork may provide us with aggregated, non-identifying conversion data (such as whether a user who saw an ad subsequently started a free trial). This data cannot identify you across other apps or websites.
In-App Advertising
We may display advertisements within the App from third-party ad networks. These ads may be informed by non-health, non-identifying contextual signals. If you have enabled tracking, ads may also be personalized based on your device identifier. Your health data is never used to select or personalize ads.
California Residents: "Sale" and "Sharing" Under CCPA/CPRA
When you enable tracking and we make your device identifier available to attribution partners and ad networks for cross-context behavioral advertising, this may constitute "sharing" (and potentially "selling") of personal information under the California Consumer Privacy Rights Act (CPRA).
Your Choices:
- Use our "Do Not Sell or Share My Personal Information" option, which will be available in the App settings.
- Enable Global Privacy Control (GPC) in your browser or device — we honor GPC signals.
- Decline the ATT prompt on your iOS device.
For more on your California rights, see Section 13.
5. Session Replay and Analytics
Session Replay
We use Amplitude's session replay technology to understand how users interact with the App and improve the experience. Session replay captures interactions such as screen navigation, taps, and scrolling.
Privacy Protections:
- All fields that may contain personal or sensitive data — including health data entered in input fields, passwords, and payment details — are automatically masked and are not viewable in session recordings.
- Session replay data is used solely to identify usability issues and improve the App. It is not used to identify individual users or for any advertising purpose.
- Session replay data is not combined with your health data.
Other Analytics Tools
We use the following analytics services to understand App usage, measure performance, and improve our Services:
- Firebase Analytics (Google)
- Amplitude
- Google Analytics
- Adapty (subscription analytics)
These services receive device information, usage data, and subscription events. They do not receive your health data, test images, or other sensitive personal information.
6. Payment Processing
We offer subscriptions and purchases through the following payment channels:
- Apple App Store In-App Purchases and Google Play In-App Purchases. Subscription payments processed through Apple or Google are subject to their respective terms and privacy policies. We receive transaction confirmation and subscription status but do not receive your payment card details.
- Stripe. For users in the United States, we offer the option to purchase subscriptions and products directly through Stripe. When you pay via Stripe, your payment card information is collected and processed directly by Stripe. We do not receive or store your full card number. Stripe's handling of your payment information is governed by the Stripe Privacy Policy.
- Adapty. We use Adapty as a subscription management platform. Adapty receives subscription status and transaction data to manage your subscription lifecycle. Adapty does not receive your health data.
Auto-Renewal and Free Trials
- We may offer free trial periods (typically 7 days, though trial length may vary). At the end of a free trial, your subscription will automatically convert to a paid subscription at the then-current price unless you cancel before the trial ends.
- Subscriptions renew automatically at the end of each billing period unless you cancel.
- How to cancel: For subscriptions purchased through the Apple App Store, cancel via your Apple ID settings. For Google Play, cancel via your Google Play subscription settings. For subscriptions purchased via Stripe, cancel through the App or contact us at support@pregmate.app.
7. Third-Party Service Providers
We share information with the following categories of service providers, who process data on our behalf under contractual obligations to protect your information:
| Category |
Provider(s) |
Data Received |
| Cloud Hosting |
Amazon Web Services (AWS) |
All data stored by the Services, including health data and test images |
| Analytics |
Firebase Analytics, Amplitude, Google Analytics |
Device information, usage data, subscription events. Not health data or test images |
| Session Replay |
Amplitude |
Screen interactions with sensitive fields masked. Not health data |
| Advertising Attribution |
Adjust, AppsFlyer |
Device identifiers, advertising IDs (if permitted), install/conversion events. Not health data |
| Ad Networks |
[To be determined] |
Device identifiers, advertising IDs (if permitted). Not health data |
| Payment Processing |
Stripe, Apple, Google |
Transaction and payment data. Not health data |
| Subscription Management |
Adapty |
Subscription status and transaction events. Not health data |
| Authentication |
Apple Sign-In, Google Sign-In |
Name, email, account identifier |
We require each service provider to use your data only for the purposes for which it was disclosed and to maintain appropriate security measures.
8. When We Share Your Information
Beyond the service providers listed in Section 7, we may share your information in the following limited circumstances:
- With Your Consent. When you direct us to share information with a third party.
- Business Transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. If such a transaction involves your health data, we will require the acquiring entity to honor the commitments made in this Privacy Policy or notify you and provide you with the opportunity to delete your data before transfer.
- Legal Requirements. When required by law, regulation, or legal process. See Section 9 for our specific commitments regarding law enforcement requests.
- Safety. When we believe in good faith that disclosure is necessary to protect the safety of any person.
We do not sell your personally identifiable information. We do not share your health data with third parties for their own marketing purposes.
9. Law Enforcement and Government Access
We understand that users of reproductive health apps may have concerns about whether their data could be disclosed to law enforcement or government agencies. We make the following commitments:
- Warrant Requirement for Health Data. We will not disclose your health data (including cycle data, test results, test images, pregnancy status, or any other reproductive health information) to any law enforcement or government agency unless we receive a valid warrant issued by a court of competent jurisdiction, supported by probable cause, and specifically describing the data to be disclosed. We will not comply with informal requests, subpoenas, or other compulsory process that does not meet the warrant standard for health data.
- User Notification. If we receive a legal demand for your health data, we will notify you before disclosing the data unless we are legally prohibited from doing so (for example, by a court-issued gag order). If we are prohibited from notifying you, we will take reasonable steps to challenge the prohibition and will notify you as soon as the prohibition is lifted.
- Narrow Compliance. We will interpret any legal demand as narrowly as possible and will disclose only the specific data required — not your entire account or health history.
10. Data Retention and Deletion
We retain your information for as long as necessary to provide the Services and for the purposes described in this Privacy Policy. Specific retention periods are as follows:
| Data Type |
Retention Period |
| Account information (name, email) |
Until you delete your account |
| Health and cycle data |
Until you delete your account |
| Test scanner images |
Retained indefinitely for service improvement, ML model training, and quality assurance. Upon account deletion, images are de-identified (separated from your account-level PII) but may be retained in de-identified form. |
| Analytics and usage data |
Up to 25 months from collection |
| Advertising/attribution data |
Up to 12 months from collection, or as required by the attribution partner |
| Payment/transaction records |
As required by applicable tax and accounting laws (typically 7 years) |
| Session replay data |
Up to 12 months from collection |
Account Deletion
You may delete your account at any time through the App settings or by contacting us at support@pregmate.app. When you delete your account:
- We will delete your personally identifiable information (name, email, account credentials) within 30 days.
- We will delete your health and cycle data within 30 days.
- Test scanner images will be de-identified (stripped of association with your account) but may be retained in de-identified form for model training and quality assurance.
- We may retain certain information as required by law (such as transaction records for tax compliance) or to resolve disputes.
- Deletion from backup systems may take up to an additional 90 days.
11. Data Security
We implement technical and organizational measures designed to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest.
- Access controls restricting who within our organization can access personal and health data.
- Regular security assessments of our systems and third-party service providers.
- Secure hosting on Amazon Web Services infrastructure.
No method of electronic transmission or storage is perfectly secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately at support@pregmate.app.
12. Children's Privacy
Pregmate is not intended for use by anyone under the age of 18 (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact us at support@pregmate.app, and we will take steps to delete that information promptly.
13. Your Privacy Rights — United States
All U.S. Users
Regardless of your state of residence, you may:
- Access your personal information by contacting us.
- Delete your account and associated personal information through the App or by contacting us.
- Opt out of tracking by declining the ATT prompt or adjusting your device settings.
California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Rights Act:
- Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete. You may request deletion of your personal information, subject to certain legal exceptions.
- Right to Correct. You may request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing. You may opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. Use our "Do Not Sell or Share My Personal Information" option, which will be available in the App settings, or enable Global Privacy Control (GPC). We honor GPC signals.
- Right to Limit Use of Sensitive Personal Information. Your reproductive health data and account login credentials are "sensitive personal information" under the CPRA. You may direct us to limit our use of sensitive personal information to what is necessary to provide the Services. To exercise this right, use the "Limit the Use of My Sensitive Personal Information" option, which will be available in the App settings, or contact us.
- No Discrimination. We will not discriminate against you for exercising any of these rights.
Categories of Personal Information Collected in the Past 12 Months:
| Category (CCPA) |
Examples |
Collected |
| A. Identifiers | Name, email address, device identifiers, IP address, advertising ID | Yes |
| B. California Customer Records | Name, email address | Yes |
| C. Protected Classifications | Age/date of birth, sex/gender (if provided for cycle tracking) | Yes |
| D. Commercial Information | Subscription and purchase history | Yes |
| E. Biometric Information | N/A | No |
| F. Internet/Network Activity | App usage data, screens viewed, features used | Yes |
| G. Geolocation Data | Approximate location inferred from IP address | Yes |
| H. Audio/Visual Information | Test scanner photographs | Yes |
| I. Professional/Employment Info | N/A | No |
| J. Education Information | N/A | No |
| K. Inferences | Cycle predictions, fertility estimates, personalized content selections | Yes |
| L. Sensitive Personal Information | Account login credentials, health data (cycle, fertility, pregnancy, test results) | Yes |
Sharing/Selling: When users opt in to tracking, we may "share" (as defined by the CPRA) device identifiers with attribution partners and ad networks for cross-context behavioral advertising. We do not sell or share your health data.
Virginia, Colorado, Connecticut, and Other State Privacy Laws
If you are a resident of Virginia, Colorado, Connecticut, Oregon, Texas, Montana, or another state with a comprehensive consumer privacy law, you may have similar rights to access, delete, correct, and opt out of targeted advertising and the sale of personal information. You may also have the right to appeal our response to your request. To exercise these rights or to appeal a decision, contact us at support@pregmate.app.
Verification: When you submit a rights request, we will verify your identity by matching information you provide against information we have on file. We will not ask you to provide sensitive information solely for verification purposes.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. We will require the agent to provide proof of authorization and may require you to verify your identity directly.
Response Timing: We will respond to verifiable requests within 45 days (or the timeframe required by your state's law), with extensions where permitted.
14. Your Privacy Rights — European Economic Area, United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
- Access. Request a copy of the personal data we hold about you.
- Rectification. Request correction of inaccurate or incomplete data.
- Erasure. Request deletion of your personal data ("right to be forgotten").
- Restriction. Request that we restrict processing of your data in certain circumstances.
- Portability. Receive your personal data in a structured, commonly used, machine-readable format.
- Object. Object to processing based on legitimate interests, including for direct marketing.
- Withdraw Consent. Where processing is based on consent (including for health data under Article 9), you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise these rights, contact us at support@pregmate.app.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ICO). For Switzerland, contact the Federal Data Protection and Information Commissioner (FDPIC).
Data Controller: Asteria LLC is the data controller for purposes of the GDPR.
15. Your Privacy Rights — Canada
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial legislation, including the right to access, correct, and withdraw consent for the processing of your personal information. To exercise these rights, contact us at support@pregmate.app.
We process your information with your knowledge and consent, except in limited circumstances permitted by law (such as legal compliance, fraud prevention, or emergencies).
16. International Data Transfers
Asteria LLC is based in the United States. Your information is stored and processed in the United States on Amazon Web Services infrastructure. If you access the Services from outside the United States, your information will be transferred to the United States.
For users in the EEA, UK, or Switzerland, we implement appropriate safeguards for the transfer of personal data outside the EEA/UK/Switzerland as required by applicable law. For more information about the safeguards we use, please contact us at support@pregmate.app.
For users in other jurisdictions, by using the Services, you consent to the transfer and processing of your information in the United States.
17. Do-Not-Track and Global Privacy Control
- Global Privacy Control (GPC). We honor GPC signals. If your browser or device sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information under applicable state laws.
- Do-Not-Track (DNT). There is no uniform standard for DNT signals. We do not currently respond to browser-based DNT signals, but we do honor GPC as described above.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes — particularly changes affecting how we handle your health data — we will notify you through the App or by email before the changes take effect. We will always indicate the date of the most recent update at the top of this page. We encourage you to review this Privacy Policy periodically.
19. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
This Privacy Policy is effective as of April 17, 2026.