Privacy Policy

Last modified: May 26, 2026

1. Our Privacy Commitment

UndoEndo™ was built by someone who lives with endometriosis, for everyone who does too. We understand that reproductive and menstrual health data is among the most sensitive personal information a person can share. We treat it accordingly.

We are committed to:

  • Protecting user privacy as a core design principle, not an afterthought

  • Collecting only the data necessary to provide and improve our services

  • Being transparent about how your data is collected, stored, and used

  • Never selling, renting, or monetizing your personal health data

  • Giving you full control over your information, including the right to delete it

Your health information belongs to you. We are only ever stewards of it.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Display name or nickname (optional)

  • Email address

  • Encrypted password credentials

  • Google login credentials (if used)

  • Apple login credentials (if used)

2.2 Health & Wellness Information You Voluntarily Provide

You may choose to log personal wellness information including:

  • Pain levels and pain locations

  • Symptoms (physical, cognitive, hormonal, digestive)

  • Menstrual cycle data (cycle length, period start dates, flow)

  • Cervical mucus observations

  • Sleep quality and duration

  • Mood and emotional state

  • Energy levels

  • Food and lifestyle trigger tracking

  • Interventions and what helps

  • Diet preferences and restrictions

  • Personal wellness notes

  • Goals and health priorities (set during onboarding)

  • Diagnosis status (self-reported)

All health data is voluntarily entered by you. We do not collect health data passively without your knowledge or consent.

2.3 Device & Technical Information

We may collect:

  • Device type and model

  • Operating system and version

  • App version

  • IP address

  • Device identifiers (where permitted)

  • Crash reports and performance data

2.4 Usage Information

We may collect:

  • App engagement metrics

  • Feature usage data

  • Session duration

  • Analytics data to improve the product

3. How We Use Your Information

We use your information to:

  • Provide symptom tracking, cycle analysis, and wellness insight services

  • Generate personalized pattern insights based on your logged data

  • Provide daily wellness tips matched to your cycle phase

  • Improve app functionality and user experience

  • Develop future features including AI-assisted health guidance

  • Send important service updates and notifications (with your consent)

  • Maintain platform security and prevent fraud

  • Comply with applicable legal obligations

We do not use your health data for advertising. We do not sell your data. We do not share your reproductive health information with third parties for commercial purposes.

4. Cloud Storage & Data Location

4.1 Firebase & Google Cloud

UndoEndo uses Google Firebase as its backend infrastructure. Firebase services used include:

  • Firebase Authentication; for secure account login

  • Cloud Firestore; for storing your health logs, profile, and settings

Firebase is operated by Google LLC. Data stored in Firebase may be processed and stored on Google Cloud servers located in the United States or other countries outside Canada. Canada currently does not have a dedicated Google Cloud or Firebase region. As a result, your personal health data, including symptom logs, cycle data, and profile information, may be stored and processed outside of Canada, including in the United States.

4.2 Canadian Privacy Law — PIPEDA & BC PIPA

UndoEndo Digital Health Inc. is incorporated in Canada and is subject to:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada’s federal private-sector privacy law

  • The Personal Information Protection Act (PIPA) — British Columbia’s provincial private-sector privacy law

Under PIPEDA and BC PIPA, we are responsible for your personal information even when it is transferred to or processed by third-party service providers such as Google Firebase. We have taken steps to ensure that Google Firebase provides an adequate level of protection for your information, including:

  • Encryption in transit (TLS/SSL) for all data transmitted between your device and Firebase servers

  • Encryption at rest for Firestore database contents

  • Strict Firestore security rules ensuring users can only access their own data

  • Google Cloud’s compliance with SOC 2, ISO 27001, and other security certifications

By using UndoEndo, you acknowledge and consent to your personal information being transferred to and stored in countries outside Canada, including the United States, where different privacy laws may apply.

4.3 Security Measures

We implement reasonable safeguards including:

  • Secure authentication (email/password, Apple, Google)

  • Encrypted data transmission over HTTPS/TLS

  • Firestore security rules restricting each user to their own data

  • No employee or internal access to individual user health logs

  • Regular review of third-party provider security practices

No system is completely secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

5. How We Share Information

We may share information only as follows:

  • Cloud infrastructure providers (Google Firebase) to operate the service

  • Analytics providers to understand app usage in aggregate (non-identifiable)

  • Authentication providers (Google, Apple) to manage login

  • Legal authorities when required by court order, warrant, or applicable law

  • Successor entities in connection with a merger, acquisition, or asset sale

We do not:

  • Sell personal health data to any third party

  • Share reproductive health information for advertising purposes

  • Share individual health logs with employers, insurers, or government bodies without legal compulsion

  • Use your data to train third-party AI models without your explicit consent

6. AI-Generated Insights & Automated Features

UndoEndo uses automated systems including rule-based algorithms and, in future premium versions, artificial intelligence to generate wellness insights, cycle phase analysis, symptom pattern summaries, and personalized tips. These outputs:

  • Are generated based solely on data you have entered into the app

  • May be incomplete, inaccurate, or not applicable to your individual situation

  • Are not reviewed by licensed healthcare professionals before delivery

  • Are not medical diagnoses, clinical assessments, or professional health advice

  • Should not be used as the basis for medical decisions without consulting a healthcare provider

When the AI Health Assistant feature launches, users will be required to provide explicit informed consent before using it. A separate disclosure will be provided at that time.

7. Your Privacy Rights

Depending on your jurisdiction, you have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate personal information

  • Delete your account and associated health data

  • Withdraw consent where processing is consent-based

  • Request a copy of your personal data in a portable format

  • Object to certain types of processing

To exercise any of these rights, contact us at contact@undoendo.ca. We will respond within 30 days. Account deletion is also available directly in the app under Settings > Account > Delete account.

8. Data Retention

We retain your personal information for as long as:

  • Your account is active

  • Necessary to provide services you have requested

  • Required to comply with legal obligations

  • Necessary to resolve disputes or enforce agreements

Upon account deletion, we will delete your personal health logs and profile data from Firestore. Some anonymized, non-identifiable aggregate analytics data may be retained for product improvement purposes. Deletion from Firebase backup infrastructure may take up to 90 days to propagate fully.

9. Children’s Privacy

UndoEndo is intended for users 16 years of age or older. We do not knowingly collect personal information from individuals under 16. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has used our platform, contact us at contact@undoendo.ca.

10. International Users

UndoEndo may be accessed from anywhere in the world. If you are located outside Canada, you acknowledge that your personal information will be transferred to and processed in Canada and the United States (via Firebase). These jurisdictions may have different privacy protections than your home country. By using UndoEndo, you consent to these international transfers.

11. Cookies & Website Tracking

Our websites (www.undoendo.ca and www.undoendo.com) may use cookies and analytics tools to improve functionality and understand visitor behaviour. You may manage cookies through your browser settings. We do not use cookies to track health-related behaviour.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the Last Updated date at the top of this document and post the revised policy at www.undoendo.ca/privacy. For material changes, we will notify you by email or through an in-app notification. Continued use of UndoEndo after changes are posted constitutes acceptance of the updated policy.