Privacy Policy

Updated: 30 September 2025

Ahlya Limited (“Ahlya”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect the information you provide when using the Ahlya mobile application (the “App”).

We are a UK private limited company and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and global privacy laws including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and applicable international standards.

1. Information We Collect

We collect the following types of information when you use the Ahlya App:

  • Profile Information: Name, date of birth, and email address.

  • Menstrual & Cycle Data (special category data): Date of last period, typical cycle length, period duration, and manual adjustments to predictions.

  • Symptom Logs (special category data): Physical, emotional, and lifestyle tags (e.g., mood, stress, alcohol intake).

  • Calendar Data: Cycle phases, current cycle day, next period prediction.

  • Health Metrics (special category data): If you choose to connect Apple Health or Google Health Connect (e.g. steps, sleep, heart rate), we will securely sync this data to your Ahlya account so you can access your history across devices, restore your data if you change devices, and benefit from personalised insights. This data is encrypted, pseudonymised, and stored in our secure cloud infrastructure. You can disconnect Apple/Google Health at any time in your device settings, and we will stop syncing data immediately.

  • Mental Health Inputs (special category data): Gratitude entries, journaling, audio or meditation activities.

  • Usage Data: Frequency of use, feature engagement, interaction patterns.

  • Partner Sharing Data: Information you choose to share (e.g., current cycle phase or insights), sent through a separate partner-facing interface, only with your explicit consent. Partner sharing is entirely optional and can be turned off at any time.

The health, menstrual, reproductive, and mental health data you enter into Ahlya are considered special category data under data protection laws. We only process this information with your explicit consent, which you provide by entering or syncing such data into the app.

All app data is stored securely in our cloud database. Health data is encrypted in transit and at rest, and identifying details are stored separately from health records to reduce privacy risk.

We will never use your sensitive health data for advertising or sell it to third parties.

When you visit our website (www.ahlya.com), we may collect your name and email address if you sign up for a waitlist, newsletter, or contact us. We may also collect technical information (e.g., IP address, browser type, device information) to ensure site security and performance. We use cookies or similar technologies to understand how visitors interact with our site. Non-essential cookies are used only with your consent. You can manage your preferences at any time. You can read more about this in our Cookie Policy.

2. How We Use Your Information

We use your personal data to:

  • Deliver and personalize core app features, including period tracking, symptom logging, and wellness insights.

  • Tailor physical, mental, and lifestyle recommendations to your cycle phase.

  • Synchronize health metrics via Apple Health or Google Health Connect, with your consent.

  • Provide in-app sharing functionality to communicate select insights to a partner of your choice. Partner sharing is optional, requires your explicit opt-in, and can be turned off at any time.

  • Improve app performance and develop new features, using de-identified and aggregated data that cannot reasonably be used to identify you.

  • Generate insights using artificial intelligence (AI) or automated systems, always in a way that protects your privacy. Identifiable health data is never shared directly with external AI models.

  • Send you updates or content (e.g., reminders or new features), with your consent.

We will never use your health data for advertising, profiling unrelated to Ahlya’s services, or sale to third parties.

If you visit our website, we use your information to respond to enquiries, deliver email updates (if opted-in), and analyse visitor traffic. We may also use this data to monitor website performance and ensure security.

We process health and menstrual data on the basis of your explicit consent. We process account and usage data where necessary to deliver our contract with you (through the use of the App), and in some cases on the basis of our legitimate interests (for example, to improve app performance).

3. Automated Processing and AI

We use automated systems and artificial intelligence (AI) to analyse your inputs (for example, symptoms, cycle phase, and lifestyle data) and generate tailored insights. These insights are designed to support your well-being by offering informational suggestions across categories such as mood, productivity, nutrition, and social engagement.

  • Privacy Safeguards: Identifiable health data is never shared directly with external AI models. Where AI is used, we only process anonymised or aggregated values so your sensitive health records remain protected.

  • Consent: Because some of this information may include health or menstrual data (considered special category data under law), we only process it with your explicit consent.

  • Purpose Limitation: AI is used exclusively to deliver and improve Ahlya’s services. We will never use AI to profile you for advertising or unrelated purposes.

  • No Significant Effects: No automated decision-making is used to produce legally or similarly significant effects on you.

4. Legal Basis for Processing (UK/EU)

We process your data under the following legal bases:

  • Consent: For the collection and processing of sensitive personal data (special category data such as menstrual, reproductive, physical, and mental health information, as well as Apple Health or Google Health Connect integrations). You can withdraw your consent at any time in the app or by contacting us.

  • Performance of a Contract: To provide you with the features and services you request by registering for and using the App.

  • Legitimate Interests: For purposes such as improving our product, ensuring app security, performing analytics, and debugging, provided your rights and freedoms are not overridden. You have the right to object to processing carried out on this basis.

5. Sharing Your Data

We do not sell your data, and we will never share your sensitive health information with third parties for advertising or marketing purposes.

We may share your data with:

  • Service providers and processors who support the operation of the Ahlya App (for example, cloud hosting, analytics, or IT support). This means that your data will be stored in secure cloud infrastructure operated by these providers. They act strictly under our instructions, are bound by confidentiality obligations, and must implement appropriate security measures.

  • Apple HealthKit or Google Health Connect, but only if you authorise this in your device settings. With your consent, certain health metrics may also be securely synced to Ahlya’s servers to enable cross-device use and account restoration. You control what data is shared and can withdraw permissions at any time. If you disconnect Apple/Google Health, we will stop syncing and delete previously synced data within a certain timeframe.

  • Your designated partner, via the dedicated partner interface, but only with your express opt-in consent. You can withdraw access at any time in the app settings.

6. International Data Transfers

Your data is stored in secure cloud infrastructure. In some cases, this may involve transfers outside the UK or European Economic Area (EEA). Where this occurs, we implement appropriate safeguards to protect your data, such as Standard Contractual Clauses approved by the European Commission and, where relevant, the UK International Data Transfer Addendum. These safeguards ensure your data receives an equivalent level of protection wherever it is processed.

7. Data Retention

We retain your personal and health data for as long as you maintain an account with Ahlya. If you delete your account, we will retain your personal and health data for up to 12 months in case you wish to reactivate your account during that time. After 12 months, your data will be permanently erased from our active systems.

Encrypted backups may be retained for up to 90 days for disaster recovery purposes, after which they are permanently deleted.

If you would like your data to be deleted immediately when you close your account, you may request this at any time by contacting us.

We may retain limited non-identifying information (for example, app usage logs or security records) where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

8. Your Rights (UK & EU Users)

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate or incomplete data.

  • Request deletion of your personal data (“the right to be forgotten”).

  • Object to or restrict processing of your data in certain circumstances.

  • Withdraw your consent at any time, including for the processing of health and menstrual data (special category data).

  • Request data portability, allowing you to obtain your data in a structured, commonly used, and machine-readable format and transfer it to another service.

To exercise any of these rights, please contact us at lynda@ahlya.com. We will respond to your request within one month. We may require you to verify your identity before fulfilling certain requests.

9. Your Rights (U.S. Users – California & Other States)

If you reside in California or certain other U.S. states with privacy laws, you may have the following rights (subject to applicable law):

  • Know what personal data we collect, use, and disclose.

  • Access and receive a copy of your personal data.

  • Request correction of inaccurate personal data.

  • Request deletion of your personal data.

  • Request your data in a portable format so you can transfer it to another service.

  • Opt out of the sale or sharing of personal data (Note: Ahlya does not sell your personal data).

  • Designate an authorised agent to make requests on your behalf.

To exercise these rights, please contact us at lynda@ahlya.com. We may need to verify your identity (and, if applicable, the authority of your agent) before fulfilling your request.

We will not discriminate against you for exercising your privacy rights.

10. Data Security

We use industry-standard technical and organisational safeguards to protect your personal and health data from unauthorised access, disclosure, or loss. These include:

  • Encryption: All data is encrypted both in transit (when sent between your device and our servers) and at rest (when stored in our systems).

  • Pseudonymisation: Sensitive health entries are stored separately from identifiers and linked only by randomly generated IDs, reducing the risk of re-identification.

  • Access Controls: Access to production data is restricted to a very small number of authorised personnel, only where strictly necessary.

  • Testing Environments: Testing and debugging are performed using synthetic or anonymised data. Real user data is not copied into staging or development environments.

While we take strong measures to protect your data, we also encourage you to keep your device secure and protect your login credentials.

11. Children’s Privacy

The Ahlya App is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

If we learn that we have collected personal data from a child without appropriate consent, we will delete it promptly. Parents or guardians who believe their child has provided us with personal information should contact us at lynda@ahlya.com.

12. Not Medical Advice

The App is designed for general well-being and informational purposes only. It is not a medical device, and the insights provided do not constitute medical advice, diagnosis, or treatment.

You should not rely on Ahlya as a substitute for professional medical care. Always consult a qualified healthcare professional with any questions or concerns about your health, including menstrual or reproductive health.

The App is not intended for use in medical emergencies. If you believe you may be experiencing a medical emergency, call your doctor or local emergency services immediately.

Ahlya is not a healthcare provider and is not subject to HIPAA (the U.S. Health Insurance Portability and Accountability Act). Instead, Ahlya processes your personal and health data under the UK GDPR, EU GDPR, and other applicable privacy laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. When we make material changes, we will notify you through the app, by email, or by other appropriate means, and update the “Effective Date” at the top of this page.

For non-material changes, such as clarifications or formatting updates, we will simply update the posted Privacy Policy with a revised Effective Date.

14. Contact Us

If you have any questions or requests regarding this policy, please contact us Ahlya Limited at Kenley, Grange Heights, Douglas, Cork, Ireland or by email to lynda@ahlya.com.

If you are based in the UK or EU and are not satisfied with how we handle your request, you also have the right to lodge a complaint with your local data protection authority (for example, the Information Commissioner’s Office (ICO) in the UK).