Download Free
How It WorksFeaturesBlogSupport Download Free

Privacy Policy

Last updated: April 6, 2026

EndoTracking is a health app used by people managing endometriosis — one of the most personal health conditions someone can navigate. We built this app because we believe you deserve a tool that respects your data as much as it respects your experience. This policy explains, in plain language, exactly what we collect, what we do with it, and what we never do.

The short version

  • Your symptom data, pain logs, and cycle information stay on your device.
  • We do not sell your health data. Not ever, not to anyone.
  • We do not use your health data for advertising.
  • You can delete your account and all data at any time.
  • We use Firebase for account authentication only — not to store health records.

1. Who we are

EndoTracking is operated by Op Studio. If you have any questions about this policy, you can reach us at privacy@endotracking.com. We will respond within 5 business days.

2. What data we collect

Health and symptom data

When you log symptoms, pain levels, cycle dates, medications, or surgical history, that data is stored locally on your iPhone using Apple's secure on-device storage. This data is yours. It does not automatically sync to our servers. If you enable iCloud Backup on your iPhone, Apple may include this data in your iCloud backup under your own Apple ID — this is governed by Apple's privacy policy, not ours.

When you use the GP Report feature, a PDF is generated locally on your device. No content of that report is transmitted to EndoTracking servers.

Account information

If you create an account, we store your email address and a hashed password using Firebase Authentication. This is used solely to sync your preferences and subscription status across your devices. We do not associate your health data with your account on our servers.

Subscription and payment data

Payments are processed through Apple's App Store. We use RevenueCat to manage subscription status. Neither RevenueCat nor EndoTracking has access to your credit card or billing information — that data never leaves Apple.

Analytics

We collect anonymous, aggregate usage data — for example: how many users open the app each day, which screens are visited most, and crash reports. This data contains no personal identifiers and no health information. It is used only to fix bugs and improve the app. We use Firebase Analytics for this purpose, configured with IP anonymization and no cross-app tracking.

What we do NOT collect

  • Your name (unless you choose to enter it in your profile)
  • Your location or GPS data
  • Your contacts, photos, or camera (except if you choose to attach a photo to a log entry)
  • Any health data from Apple Health unless you explicitly grant permission
  • Advertising IDs (we do not run ads)

3. How we use your data

We use the data we collect for these purposes only:

  • To run the app: Authentication keeps you logged in across devices.
  • To process your subscription: RevenueCat tells us whether your subscription is active so we can unlock premium features.
  • To improve the app: Anonymous crash reports and aggregate feature usage help us fix problems and prioritize improvements.

We do not use your data for marketing profiling, behavioral advertising, or any form of automated decision-making that affects you.

4. Who we share your data with

We work with a small number of trusted service providers:

  • Google Firebase — Authentication and anonymous analytics. Firebase is GDPR-compliant and we have a Data Processing Agreement in place.
  • RevenueCat — Subscription management. RevenueCat receives your anonymized App Store subscriber ID, not your health data.
  • Apple — App Store distribution, payment processing, and device-level security. Governed by Apple's terms.

We do not sell, rent, or license your data to any third parties. We do not share your data with data brokers, insurance companies, employers, or marketers. If we are ever required by law to disclose data, we will notify you as permitted by law before doing so.

5. Data retention and deletion

Your health and symptom data lives on your device. If you delete the app, that data is deleted with it. If you created an account, your account data (email, subscription status) is retained on our servers until you request deletion. To delete your account and all associated data, go to Profile → Settings → Delete Account in the app, or email us at privacy@endotracking.com. We will process deletion within 30 days.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict certain types of processing
  • Data portability (receive your data in a machine-readable format)

To exercise any of these rights, contact us at privacy@endotracking.com. We will respond within 30 days.

7. Children's privacy

EndoTracking is not designed for, and does not knowingly collect data from, children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

8. Security

Your health data is stored locally using iOS's built-in data protection, which encrypts data at rest using your device passcode. Account credentials are handled by Firebase Authentication, which uses industry-standard encryption. We regularly review our security practices and will notify you of any breach that affects your personal data as required by applicable law.

9. Changes to this policy

If we make material changes to this policy, we will notify you via an in-app notification at least 14 days before the changes take effect. The updated date at the top of this page will always reflect the most recent revision. Continued use of the app after changes take effect constitutes your acceptance of the revised policy.

10. Contact us

Questions about this policy? We're real people and we want to hear from you.
Email: privacy@endotracking.com