The Short Version
We don't collect your health data. Lova stores all your personal health information on your device only. We have no servers that store user health data and no way to access your health information. Your account credentials are handled by Apple, Google, or secure email authentication.
Information We Don't Collect
Unlike most apps, we'll start with what we don't collect, because the list of what we do collect is much shorter:
- Health data: Period dates, symptoms, moods, fertility tracking, pregnancy data, BBT readings, notes - all stored only on your device
- Personal identifiers: No names, emails, phone numbers, or accounts
- Location data: Never collected
- Device identifiers: No advertising IDs, no device fingerprinting
- Usage analytics: No tracking of how you use the app
Information We May Collect
2.1 Website Analytics (This Website Only)
On this website (lova.health), we use privacy-respecting analytics:
- Page views (aggregated, not individual)
- Referral sources
- General geographic region (country level)
- Device type (mobile/desktop)
We use Plausible Analytics, which doesn't use cookies, doesn't track individuals, and is GDPR-compliant by design.
2.2 Crash Reports (Optional)
If you opt in to crash reporting:
- Technical information about the crash
- Device model and OS version
- App version
Crash reports never include health data. This feature is off by default and requires explicit opt-in.
2.3 Support Requests
If you contact us for support:
- Email address (to respond)
- Any information you choose to share
We delete support correspondence after 90 days unless you request otherwise.
How Your Data Is Stored
All health data is stored locally on your device:
- Database: Encrypted SQLite using SQLCipher (AES-256)
- Keys: Stored in OS secure storage (Keychain, Keystore, etc.)
- Location: App's private storage container
How Data Is Shared (By You)
You control all sharing:
- Partner sharing: Direct device-to-device, you control permissions
- Export to doctor: FHIR/CSV/JSON files you create and send
- Device backup: May be included in OS backups (encrypted)
We cannot share your data because we don't have it.
Third Parties
The Lova app does not include:
- Third-party analytics SDKs
- Advertising networks
- Social media integrations
- Any SDK that transmits health data
Data Retention
Your health data remains on your device until you delete it. We cannot impose retention policies on data we don't have.
For the limited data we may collect (website analytics, crash reports, support):
- Website analytics: Aggregated, no individual data retained
- Crash reports: 90 days
- Support requests: 90 days after resolution
Your Rights
You have complete control over your data:
- Access: All data is already on your device
- Portability: Export anytime in FHIR, CSV, or JSON
- Deletion: Delete instantly in the app
- Correction: Edit any entry directly
For GDPR, CCPA, or other privacy law requests regarding website/support data, contact privacy@lova.health.
Children's Privacy
Lova is not directed at children under 13. We do not knowingly collect data from children. Since we don't collect user data in general, this is inherently enforced.
International Users
Since your data stays on your device, there are no international data transfers for health information. Website analytics may be processed in the EU (Plausible is EU-based).
Changes to This Policy
We may update this policy to reflect changes in our practices or for legal reasons. We will note the date of the last update at the top of this page.
Verify Our Claims
Don't trust, verify. You can confirm our privacy claims:
- Monitor network traffic to see no health data is transmitted
- Use the app in airplane mode—everything works offline
- Check app permissions in your device settings