Privacy Policy

On this page
  1. The short version
  2. Who we are
  3. Scope
  4. Data we collect
  5. How we use data
  6. Legal bases (GDPR)
  7. Sharing and third-party processors
  8. What we never do
  9. App Tracking Transparency
  10. Data retention
  11. Your rights
  12. Regional disclosures
  13. Do Not Sell or Share My Personal Information
  14. Limit the Use of My Sensitive Personal Information
  15. US state privacy rights
  16. Children
  17. Security
  18. International transfers
  19. Changes to this policy
  20. Contact

The short version

Last Updated: 2026-05-03

  • What we collect. Your email, optional name, profile answers, and the health check-ins you log in the app.
  • Why. To run the service, compute your Glo Score, and make Insights and doctor-ready reports useful.
  • Who we share with. Four named processors. Supabase, RevenueCat, PostHog, and Sentry. No advertisers. No data brokers.
  • How long we keep it. For the life of your account. After you delete, our copies are gone within 30 to 90 days.
  • How to delete it. In the app, go to Profile, then Settings, then Delete Account. It is final and it is free.

Who we are

Everglo is an iOS app published by Everglo Wellness Technology Limited. Everglo Wellness Technology Limited is the data controller for the information this policy covers.

Our registered address is RM Q, 5/F, Tong Nam Ah Central Comercio, 180 Alameda Dr. Carlos d’Assumpção, Macau. For privacy questions, write to privacy@everglo.app.

Scope

This policy covers the Everglo iOS app and the everglo.app website. It takes effect on 2026-05-03.

It applies to every person who installs the app or visits the site. It does not cover third-party sites or apps we link to.

Data we collect

Account data

Your email address and an optional display name. If you sign up with email and password, your password is handled by Supabase Auth as a salted hash. We never see or store your plaintext password.

If you sign up with Sign in with Apple, we receive only the identifier Apple returns to us, plus the email address you choose to share (which may be Apple’s Hide My Email relay address). If you sign up with Sign in with Google, we receive only the identifier Google returns and your verified email address. We never receive your Apple or Google password.

Profile data

Your age range, your menopause stage, and your goals across the five pillars. You can edit or clear these at any time in the app.

Health and symptom data

This is the sensitive category. We collect the check-ins, symptoms, hot flash logs, sleep quality, mood entries, and menopause stage that you record in the app.

This data is tied to your account and stays encrypted in transit and at rest. We do not use it for advertising, ever.

Device and diagnostic data

Device model and iOS version. Crash logs via Sentry. Anonymized product analytics via PostHog, gated by your App Tracking Transparency choice.

Subscription data

A transaction identifier via RevenueCat and Apple. Apple handles payment and we never see your card details. We receive only the receipt status needed to confirm premium access.

Communications

Emails you send to our support or privacy addresses. We keep these to answer you and to track the history of your request.

iOS permissions we request

The Everglo app requests the following iOS permissions, each with a purpose string shown at first prompt.

  • Notifications. To send check-in reminders and gentle prompts. You can disable this in iOS Settings at any time.
  • App Tracking Transparency. To ask your permission before Everglo links analytics activity with other apps or websites. Declining disables PostHog distinct ID and all cross-app tracking. The app still works fully.

How we use data

  • Providing the service and keeping your account working.
  • Computing your Glo Score from your check-ins.
  • Personalizing your Glo Practices and the evidence cards you see.
  • Generating Insights and the doctor-ready PDF reports you export.
  • Answering support messages from you.
  • Aggregate analytics to understand product use in a de-identified way.
  • Security, abuse prevention, and backup integrity.
  • Meeting legal and tax obligations that apply to us.

If you are in the EU or the UK, we rely on these legal bases under the GDPR.

  • Contract. To run the app you paid or signed up for. This covers account, profile, health, and subscription data.
  • Consent. For product analytics through PostHog. You can refuse or withdraw consent at any time.
  • Legitimate interest. For Sentry crash reports, security, fraud prevention, and low-volume service emails.
  • Legal obligation. For tax records, fraud responses, and lawful requests we must answer.

Sharing and third-party processors

We use four processors. Each one has a signed data processing agreement with Everglo Wellness Technology Limited. None of them sell your data.

Supabase

Supabase runs our Postgres database and authentication. It receives your account, profile, and health data. Processing happens in the EU or the US Postgres region we select.

Privacy policy: supabase.com/privacy.

RevenueCat

RevenueCat validates your subscription receipt from Apple's StoreKit 2. It receives a transaction identifier and your anonymous app user ID. It does not receive card details or health data.

Privacy policy: revenuecat.com/privacy.

PostHog

PostHog powers our product analytics and feature flags. It receives anonymized event telemetry such as taps and screen views. A PII filter strips identifiers before events leave the device.

If you decline the iOS App Tracking Transparency prompt, the PostHog distinct ID is not set. The app still works fully.

Privacy policy: posthog.com/privacy.

Sentry

Sentry captures crash reports and performance traces. It receives device model, iOS version, stack traces, and breadcrumb logs. We configure PII scrubbing so health values are not attached to events.

Privacy policy: sentry.io/privacy.

Third-party AI services

Everglo does not send your identifiable health data to any third-party AI service without your explicit consent. If that ever changes, we will update this policy and ask you first.

What we never do

  • We never sell your health data. Not to anyone. Not for any price.
  • We never use your health data for advertising or for data mining.
  • We never share identifiable data with advertisers or data brokers.
  • We never store your personal health data in iCloud.

App Tracking Transparency

On first launch, iOS shows the App Tracking Transparency prompt. This is Apple's system-level question about cross-app tracking. Your answer controls what Everglo can do with analytics identifiers.

If you decline, we do not set the PostHog distinct ID. We do not track you across other apps or websites. Every feature of Everglo still works.

You can change your answer in iOS Settings under Privacy and Security, then Tracking. You can also change it in the app under Profile, then Privacy.

Data retention

We keep your account and health data for the life of your account. You can export or delete it at any time.

When you delete your account, our retention clock starts.

  • Supabase records. Erased within 30 days.
  • Sentry crash data. Purged within 90 days.
  • PostHog anonymous events. Purged within 90 days.
  • Local SwiftData on your device. Wiped immediately when you confirm in-app deletion.
  • Sign in with Apple tokens. Revoked through Apple’s REST API at the time of deletion.
  • Sign in with Google tokens. Revoked through Google’s OAuth revocation endpoint at the time of deletion.

Backups roll off on the same schedule and are not restored after deletion.

Your rights

  • Access. You can ask for a copy of the data we hold about you.
  • Correction. You can fix anything that is wrong or out of date.
  • Deletion. You can erase your account and your data.
  • Export. You can download your data in a common, readable format.
  • Objection. You can object to processing based on legitimate interest.
  • Withdrawal of consent. You can turn off anything you had opted into.
  • Complaint. You can complain to your local data protection supervisory authority.

Step-by-step instructions are on our privacy choices page. To start any request, write to privacy@everglo.app.

Regional disclosures

EU and UK (GDPR)

If you are in the EU or the UK, the GDPR gives you the rights listed above. Everglo Wellness Technology Limited is the data controller. Our data protection contact is privacy@everglo.app.

You can also complain to your national supervisory authority at any time.

California (CCPA and CPRA)

If you live in California, you have the right to know what we collect about you. You have the right to delete your data and to correct it. You have the right to limit how we use sensitive personal information.

To use any of these rights, write to privacy@everglo.app. We will verify your request before we act on it.

Washington (My Health My Data Act)

Everglo handles consumer health data as that term is defined by the Washington My Health My Data Act. The full notice required by the Act is published as a separate document. See our Consumer Health Data Privacy Policy for the categories collected, named affiliates, processing purposes, and consumer rights.

Do Not Sell or Share My Personal Information

Everglo Wellness Technology Limited does not sell your personal information, and we do not share it for cross-context behavioural advertising.

This is the case for every user, regardless of which state or country they live in. We do not have a sale-of-data business model and we do not run advertising in or around the Everglo app.

If you would like written confirmation of this for your records, or if you would like to formally exercise your right to opt out under the California Consumer Privacy Act (CCPA) or any other US state privacy law, email privacy@everglo.app with the subject line “Do Not Sell or Share.”

We will respond within 15 business days. We authenticate the request using a one-time passcode sent to the email address on your Everglo account.

Limit the Use of My Sensitive Personal Information

The California Privacy Rights Act (CPRA) classifies information about your health, including the symptom and check-in data you record in Everglo, as sensitive personal information.

Everglo only uses your sensitive personal information for the specific purposes that allow the app to function for you — computing your Glo Score, surfacing Insights, generating doctor-ready PDF reports, providing support, and meeting our legal obligations. We do not use it to infer characteristics about you for any other purpose, and we do not disclose it to third parties for purposes other than the four named processors listed above.

Because we already limit the use of sensitive personal information to these necessary purposes, no further opt-out is required under CPRA. If you want us to confirm this in writing, or if you want us to stop processing your sensitive personal information beyond what is strictly required to deliver the service to you, email privacy@everglo.app with the subject line “Limit Sensitive PI.”

US state privacy rights

A growing list of US states give residents specific rights over their personal information. The rights below apply if you are a resident of one of these states.

  • California (CCPA / CPRA). See the dedicated section above and the Do Not Sell or Share and Limit Sensitive PI notices.
  • Virginia (VCDPA). Right to access, correct, delete, port, and opt out of sale, targeted advertising, and certain profiling.
  • Colorado (CPA). Right to access, correct, delete, port, and opt out of sale, targeted advertising, and profiling. Right to appeal a denied request.
  • Connecticut (CTDPA). Right to access, correct, delete, port, and opt out of sale, targeted advertising, and profiling.
  • Texas (TDPSA). Right to access, correct, delete, port, and opt out of sale, targeted advertising, and profiling.
  • Utah (UCPA). Right to access, delete, port, and opt out of sale and targeted advertising.
  • Oregon (OCPA). Right to access, correct, delete, port, and opt out of sale, targeted advertising, and profiling, and to obtain a list of specific third parties to whom personal information has been disclosed.
  • Washington. See the dedicated Consumer Health Data Privacy Policy for rights specific to consumer health data.

We do not sell personal information in the meaning of any of these statutes, we do not engage in targeted advertising, and we do not engage in profiling that produces legal or similarly significant effects. Where these laws give you rights, you can exercise them by emailing privacy@everglo.app with your state of residence in the subject line.

We respond to verified requests within 45 days and may extend that period once by a further 45 days when reasonably necessary, as permitted by these laws. If we deny a request you have the right to appeal by replying to our denial email; we will respond to appeals within 45 days.

Children

Everglo is for adults. The app is not intended for users under 17 and is not directed at children.

We do not knowingly collect data from minors. If you believe a child has given us data, write to privacy@everglo.app and we will delete it.

Security

  • All network traffic uses TLS 1.2 or higher in transit.
  • Data at rest is encrypted on Supabase-managed Postgres.
  • Supabase Row-Level Security enforces that no user can read another user's data.
  • Sentry and PostHog have PII scrubbing configured to strip identifiers and health values.
  • Apple's secure payment flow handles all card data. We never see it.
  • If a breach affects your data, we will notify you without undue delay and within the timelines regulators require.

International transfers

Your data is stored with Supabase in the EU or the US Postgres region we select. If we transfer data out of the EU or the UK, we use the Standard Contractual Clauses approved by the European Commission.

We apply the same safeguards to transfers from the UK under the UK International Data Transfer Addendum. Processors are bound to those same clauses.

Changes to this policy

We update this policy when the law changes or when we change how we process your data. The Last Updated date at the top reflects the latest version.

For material changes, we will notify you in two ways. An in-app banner will appear on your next launch. An email will go to the address on your account.

Contact

For any question about this policy or your data, email privacy@everglo.app. We reply within 5 business days.

Postal mail:
Everglo Wellness Technology Limited
RM Q, 5/F, Tong Nam Ah Central Comercio
180 Alameda Dr. Carlos d’Assumpção
Macau