Privacy policy · effective 2026-05-09

Your cycle data stays on your device.

Plain-language version below. The legal version is identical. Post-Roe / GDPR / APPI / PIPA covered. Reading time ~8 minutes — please skim.

Last reviewed by counsel · 2026-05-02

1. What this is

QiFlux is a period and cycle tracker built by Yves Studio. This document tells you, in plain language, exactly what data the app collects, where it lives, and what we do with it. The legal version is structurally identical — we just read it less.

Two principles guide every paragraph below:

  1. On-device by default. Your cycle data stays on your phone unless you turn on a feature that needs the network.
  2. Anonymous by default. The app works fully without an account. Sign-in is opt-in.

2. Data we never collect

We do not collect, store, or transmit:

  • Your name, email, or phone number — unless you opt in to cloud sync, in which case Apple or Google authenticates you and we receive only an opaque ID.
  • Your IP address — except as the operating system passes it to Apple StoreKit / Google Play Billing.
  • Your contacts, calendar, photos, microphone, or precise location.
  • Health data from Apple Health or Google Health Connect — unless you grant access in Settings, and even then it stays on the device.

3. Data stored on your device

The app keeps the following locally, encrypted at rest using the operating system's secure enclave:

  • Cycle days, period flow level, symptoms, mood, sleep notes, body temperature.
  • Your 體質 selection if you turn on the Asia culture pack.
  • Your subscription status (Premium / Free) and AI 點數 balance.
  • App preferences (locale, dark mode, notification settings).

We never copy this data to our servers. If you uninstall the app, it is destroyed with the app's storage container.

4. Optional cloud features

Three features can leave the device, all opt-in, all switchable off in one tap:

  • iCloud / Google Drive backup — encrypted blob, passed straight through Apple or Google. We never see it.
  • Cloud AI — see §5.
  • Sentry crash reports — see §6.

5. Cloud AI opt-in

If you turn on cloud AI in Settings, the "How am I today?" check sends a prompt to Google's Gemini Flash on the paid no-train tier. The prompt contains only:

  • Cycle phase (one of: menstruation / follicular / ovulation / luteal).
  • 體質 tag if you set one (one of: 寒 / 熱 / 燥 / 濕 / 平和 / 不確定).
  • Up to 3 symptoms you chose for that day.
  • Locale code (e.g. zh-TW).

It does not contain your name, email, age, location, device ID, or anything Google could combine with another dataset to identify you. The audit script for this lives in the public repo at docs/design/scripts/audit-prompt-payload.ts.

If you don't trust us on this, please verify it. The audit script runs in 30 seconds and prints every field that ever leaves the device.

6. Analytics & crash reports

The app ships with zero analytics. No Google Analytics, no Mixpanel, no PostHog, no Amplitude.

Sentry crash reporting is included but off by default. If you turn it on in Settings → Help us improve, the app sends a stack trace and device model when it crashes. No cycle data is included in the crash payload.

This site (qiflux.app) uses Cloudflare Web Analytics — first-party, cookieless, privacy-preserving. No data is shared with third parties.

7. Subscription & billing

QiFlux Premium is sold via Apple StoreKit and Google Play Billing. The receipt is validated by RevenueCat to unlock features. RevenueCat receives:

  • An anonymous user ID generated on first launch (UUID, not your Apple/Google ID).
  • The subscription product purchased and its current status.

RevenueCat never sees your cycle data, name, email, or payment details. Apple and Google never see your cycle data.

8. Backups & sync

If you opt in, your local database is encrypted on-device and uploaded as an opaque blob to your iCloud or Google Drive. We do not have a server. We cannot read these backups even if compelled.

9. Post-Roe protection

QiFlux is built specifically to be unable to comply with a subpoena for your cycle data, because we don't have it.

  • No server-side database of cycle records exists.
  • The cloud AI prompt is anonymized and not retained beyond Google's paid-tier no-train commitment.
  • If law enforcement contacts us, we can hand over: subscription status (anonymized UUID), nothing else.

10. GDPR / APPI / PIPA

Under the GDPR (EU), APPI (Japan), PIPA (Korea), PDPA (Taiwan, Singapore, Thailand), and PIPL (China), you have the rights to access, correct, port, and erase your personal data. Because your data lives on your device, you exercise these rights yourself: open the app, view it, edit it, export it, delete it.

The only data we control is your subscription UUID. Email [email protected] with a simple "delete my UUID" and we will, within 30 days.

11. Children's privacy

QiFlux is rated 17+ on the App Store and Teen+ on Google Play. We do not knowingly collect data from anyone under 13 (US COPPA), 16 (EU GDPR-K), or 14 (China PIPL). If we learn we have, we delete it.

12. Changes to this policy

If we change this policy in a way that reduces your privacy, the app shows a full-screen notice on next launch and the change does not take effect until you tap "Got it". The diff is published on this page with the prior version preserved.

Version history: v2 · 2026-05-09 · v1 archive

13. Contact us

Privacy questions: [email protected]
General questions: [email protected]
Mail: Yves Studio · Taipei 110 · Taiwan