This Consumer Health Data Privacy Policy explains how GetMyMood Inc. ("GetMyMood", "we", "us") collects, uses, and shares consumer health data, and the rights you have over that data, under the Washington My Health My Data Act (MHMDA) and Nevada's consumer health data law (SB 370). It applies to Washington and Nevada residents, and to consumer health data collected in those states, in connection with the GetMyMood: Period & Cycle Tracker mobile app and related pages (the "Services").
This policy supplements our Privacy Policy. If this policy and the Privacy Policy differ with respect to consumer health data of Washington or Nevada residents, this policy controls.
1) Consumer health data we collect
We collect the following categories of consumer health data:
- Cycle and symptom information you enter: period dates, symptom selections (for example mood, physical, energy), flow intensity, and optional notes.
- Derived and inferred health information: cycle phase, cycle day, cycle-length and period-length statistics, and period, ovulation, and fertile-window estimates computed from the information you enter.
- Health-related preferences and settings: cycle settings, tracking goals, and reminder preferences related to your cycle.
- Health-related analytics events (only with your separate, optional health analytics consent): pseudonymized, mostly bucketed signals such as cycle-length ranges, symptom logging activity, and a limited set of specific values such as the current cycle day, tied to a hashed telemetry identifier.
- Limited operational events (collected without the optional health analytics consent): pseudonymized signals that may indicate you use tracking features, such as confirmations that data was deleted (including how many records were deleted) and opens of cycle reminders and widgets, processed through our analytics providers as described in the Privacy Policy.
- Age-assurance eligibility state (where required by law or app-store policy): coarse, derived eligibility status for health-data features and, on iOS, a salted, hashed App Store transaction reference linked to your account (created when the app links your account), together with a consent-status flag if Apple notifies us that a parent or guardian has withdrawn consent. These records never include an age range, birth date, or raw platform identifier.
- Partner Sharing information (only if you use that feature): the selected cycle-related information you direct us to make visible to your invited partner, as described in the Privacy Policy.
We do not collect precise location or geolocation that could indicate an attempt to acquire health services, we request no location permissions, and we do not use geofencing of any kind, including around facilities that provide health care services.
2) Sources of consumer health data
- You, directly, through the information you enter in the app.
- Your device, through the app's operation (for example, when predictions are computed from your entries).
- The app store or operating system, limited to coarse age-assurance signals where required by law or app-store policy.
We do not collect consumer health data from data brokers, advertisers, or any source other than those listed above.
3) Why we collect and use consumer health data
- Provide core functionality: tracking, calculations, predictions, reminders, and account features.
- Sync your data across sessions and devices and maintain service reliability.
- Provide Partner Sharing when you choose to use it.
- Improve the Services through pseudonymized, consent-gated health analytics (optional).
- Determine eligibility for health-data features where age-assurance requirements apply.
- Secure the Services, prevent abuse, respond to support requests, and comply with legal obligations.
We collect and use consumer health data with your consent or as strictly necessary to provide a service you request, and only for the purposes described in this policy and the Privacy Policy. We do not sell consumer health data, and we do not use it for advertising or share it for cross-context behavioral advertising.
4) How consumer health data is shared
We share consumer health data only:
- With processors acting on our behalf, under contractual confidentiality and security obligations:
- Google / Firebase (Google LLC) — cloud hosting, database, authentication, crash reporting, in-app messaging, and analytics infrastructure.
- Amplitude, Inc. — pseudonymized health analytics (consent-gated health events, plus the limited operational events described in Section 1).
- RevenueCat, Inc. — subscription and entitlement management (account identifier and purchase state; RevenueCat does not receive your cycle or symptom information).
- With the partner you invite, if you enable Partner Sharing — limited to the selected cycle-related information described in the Privacy Policy, at your direction.
- When required by law, legal process, or to protect rights, safety, and service integrity.
We have no affiliates with whom consumer health data is shared. Google AdMob (ads) does not receive your cycle, symptom, or other health-related data.
5) Your rights
If you are a Washington or Nevada resident, you have the right to:
- Access your consumer health data, including a list of the third parties and affiliates with whom we have shared it and, where applicable, an active email address or other online mechanism to contact those third parties.
- Withdraw consent to the collection and sharing of consumer health data. You can withdraw health analytics consent at any time in Settings > Account and Data. You can withdraw consent to core health-data processing by deleting your account (Settings > Account and Data > Delete Account), because the tracking service cannot operate without that data.
- Delete your consumer health data. You can delete individual data categories (for example period history or symptoms) in Settings > Account and Data, delete your account in the app, or request deletion at /delete-account or by email. When you delete data, we delete it from our systems, notify our processors and direct them to delete it — including requesting deletion of pseudonymized analytics events keyed to your hashed telemetry identifier — and ensure residual copies in backups and disaster-recovery systems are removed or expire within the time allowed by applicable law (for Washington residents, no later than six months after we authenticate your request).
- Not be discriminated against for exercising any of these rights. Exercising your rights does not change the price or availability of the Services.
6) How to exercise your rights
- In the app: Settings > Account and Data.
- On the web: /delete-account for deletion without app access.
- By email: support@getmymood.com with "Consumer Health Data Request" in the subject line.
We will verify your request using your account email and respond within the time required by applicable law (generally within 45 days, extendable once by 45 days where reasonably necessary; deletion requests from Nevada residents are actioned, and our processors notified, within 30 days).
7) Appeals
If we decline to act on your request, you may appeal by replying to our response or emailing support@getmymood.com with "Consumer Health Data Appeal" in the subject line. We will respond to your appeal in writing within the time required by applicable law, with an explanation of our decision. If your appeal is unsuccessful, you may contact:
- Washington residents: the Washington State Attorney General.
- Nevada residents: the Office of the Nevada Attorney General (Bureau of Consumer Protection complaint process).
8) Changes to this policy
This policy is effective as of the "Last updated" date shown above. We may update this policy from time to time. We will post updates at /consumer-health-privacy and revise the "Last updated" date above. Material changes may also be communicated in-app or by other appropriate means.
9) Contact us
Email: support@getmymood.com
Mail:
GetMyMood Inc.
2 Bloor Street East, Suite 3500
Toronto, Ontario M4W 1A8
Canada