Last updated: Oct. 30th, 2025
We respect and protect the personal privacy of all users of the Service. It's important to us that you know how to control and protect your privacy. For this reason, we encourage you to read this Privacy Policy thoroughly.
This Privacy Policy explains our procedures concerning the information we collect from you or that you provide to us. We also let you know your rights and where you can control your information in the Service, with helpful examples. By using the Service, you acknowledge this notice. For each purpose described below, we state the applicable legal basis.
If you have any questions about how we use your information or want further information about this Privacy Policy and what it means, please contact us at support@myendora.health. We will endeavor to provide detailed answers to your questions promptly. You may also retrieve a copy of your data or request deletion by emailing support@myendora.health.
Additional information for individuals in the EU/EEA or UK, as well as for users who reside in California, can be found in separate sections of this Privacy Policy.
If you are an individual in the UK, please also refer to Section II – UK Privacy Policy.
Words with an initial capital letter have the meanings defined under the following conditions. The following definitions have the same meaning regardless of whether they appear in singular or plural.
For the purposes of this Privacy Policy:
The information we collect and process depends on how you use the Service. Some features require certain information to function (e.g., cycle tracking); other information is optional but may affect your experience if not provided. The Service supports offline use for certain features, but cloud backup and sync require an account and network connectivity.
Lotus is a women's health companion designed to help users track their cycles and wellness, visualize trends, and receive AI-powered insights (see "Core app features" below). You may choose to log, among other things:
You control what you log. Health-related features are provided only with your explicit consent, which you can withdraw at any time in the app.
To enable cloud backup, sync, and cross-device access, an account is required. We support email/password, Apple, and Google sign-in. We process: name, email, and password hash (for email sign-in).
When you interact with the Service, we may collect event-level usage data (e.g., screen views, taps), performance metrics, crash logs, and diagnostics to improve stability and performance. We also collect country/region, IP address, Device identifiers (IDFA/GAID) (as applicable), push notification tokens, and similar telemetry where enabled.
With your opt-in, we process data to send in-app messages, push notifications, email or SMS (e.g., cycle reminders, product updates, or promotions). You can manage these preferences at any time in Profile → Edit Profile.
If you choose to upload images (e.g., stomach photos for bloating tracking), they are processed to provide the requested features and stored securely.
If you log in via Apple or Google, we receive identifiers and profile information those services share (e.g., name, email). You can revoke access via your social account settings.
Lotus provides:
You can manage key privacy controls in Profile → Edit Profile, including: view/edit profile, enable/disable specific health categories, connect/disconnect Apple/Google services, opt-in/opt-out of push and email marketing.
Important: We do not deploy a cookie/consent banner (CMP) in the EEA because we do not use web cookies for advertising. For app telemetry and notifications, we rely on your in-app consent and settings.
We do not sell personal data.
We share personal data only as described below, and only with appropriate safeguards and contractual protections:
These providers process data solely to perform services for us and are bound by confidentiality and data protection obligations.
Advertising SDKs: We do not serve personalized ads in the EEA/UK without consent. If advertising features are introduced, we will request consent and update this section accordingly.
You can opt out of marketing communications and adjust notifications in Profile → Edit Profile or your device settings. You can request access, export, or deletion of your data at support@myendora.health.
We use information to operate and improve the Service and provide a personalized, helpful experience:
We retain data only as long as necessary for the purposes described or as required by law:
You can delete data using in-app controls or by emailing support@myendora.health (see "Exercising your rights" below).
Primary hosting is in Belgium (EU) via Firebase. We do not transfer personal data outside the EEA/UK in the ordinary course of business. If an exceptional transfer becomes necessary (e.g., a specific support interaction), we will implement appropriate safeguards (e.g., Standard Contractual Clauses) and notify you as required.
We implement administrative, technical, and physical security measures designed to protect your information, including:
While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We continuously improve our safeguards but cannot guarantee absolute security.
In general, your data is stored on your device and within our Firebase environment (EU region). We do not operate our own data centers.
Depending on the processing activity, we rely on one or more of the following legal bases:
We are happy to clarify the specific legal basis for any processing on request.
Subject to conditions and exceptions in law, you have the right to:
Contact support@myendora.health. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local supervisory authority in the EEA.
Email support@myendora.health. We will respond within timeframes required by law. Any opt-out is browser/device-specific.
We do not sell personal information. If, in the future, we engage in cross-context behavioral advertising, we will provide appropriate opt-out mechanisms and update this Policy.
Our website and app do not respond to DNT signals. Some third parties may track your activities; you can set DNT preferences in your browser.
California residents under 18 who are registered users may request removal of content they posted publicly by contacting support@myendora.health. This does not guarantee complete removal if retention is required by law or the content has been copied by others.
Our Service is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe your child has provided us personal data, please contact support@myendora.health so we can take appropriate action.
We may update this Privacy Policy from time to time. We will notify you by posting the new Privacy Policy on this page and, where appropriate, by a prominent notice in the Service prior to the change becoming effective. The "Last updated" date at the top will be revised accordingly. Changes are effective when posted unless otherwise stated.
If you have concerns about your information or questions about this Privacy Policy, please email support@myendora.health. You may request access, export, or deletion of your data via the same email.
Last updated: Oct. 30th, 2025
We respect and protect the personal privacy of all users of the Service. It's important to us that you know how to control and protect your privacy. For this reason, we encourage you to read this Privacy Policy thoroughly.
This UK Privacy Policy explains our procedures concerning information we collect from you or that you provide to us when you use the Service in the United Kingdom. In summary, we process limited personal data necessary to provide the Service (e.g., account credentials, device identifiers, analytics/crash diagnostics where enabled, and optional health data you choose to log). Health features are offered only with your explicit consent. By using the Service, you acknowledge this notice.
If you have any questions about how we use your information or want further information about this UK Privacy Policy and what it means, please contact support@myendora.health.
Interpretation and Definitions are as set out in Section I.1 above. In the UK, references to GDPR are to the UK GDPR and the Data Protection Act 2018.
The information we collect and process in the UK depends on how you use the Service. Where you enable health features, we rely on explicit consent. You may log cycle details, symptoms, and health data (e.g., sleep, sport, water intake, food/alimentation, stomach photos for bloating). We also process account data (name, email, password hash for email sign-in), device/IP information, analytics, performance metrics, crash logs, and push tokens where you have consented. You can manage privacy settings in Profile → Edit Profile and withdraw consent at any time.
We do not sell personal data. We share data with service providers strictly as necessary to operate the Service, including Google/Firebase (analytics, crash, hosting), Apple/Google (notifications, sign-in, store purchases), all under appropriate contractual safeguards. If advertising features are introduced, we will request consent first and update this policy.
Payments for in-app purchases are processed by Apple and Google under their privacy policies. We do not store your card details.
We may disclose information to comply with law, protect users, or in connection with business transfers (with prior notice as described in Section I.3).
We use information to provide and improve the Service, including personalization, diagnostics, support, communications (product updates, reminders, and—where opted in—marketing via in-app, push, email, or SMS). Legal bases are primarily consent (including explicit consent for health data) and, where applicable, legitimate interests for proportionate security needs.
You may delete data in-app or email support@myendora.health.
Data is hosted in the EU (Belgium) with Firebase. We currently do not transfer personal data outside the UK/EEA in the ordinary course. If an exceptional transfer is needed, we will implement appropriate safeguards (e.g., IDTA or UK Addendum to the SCCs) and notify you where required.
We implement organizational and technical measures as described in Section I.7 (e.g., encryption in transit/at rest where applicable, access controls, vulnerability testing). No method is 100% secure, but we continuously improve our safeguards.
Our Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact support@myendora.health.
We will notify you in the Service and update the "Last updated" date before changes take effect. Please review periodically.
For privacy questions or to exercise your rights under the UK GDPR and Data Protection Act 2018, contact support@myendora.health. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Email support@myendora.health to access, export, correct, delete, or otherwise exercise your privacy rights. If you wish to retrieve or remove your data, simply send an email request to support@myendora.health. We may need to verify your identity before acting on your request.