Privacy Policy

Last updated 11 June 2026

The short version.

Everything you log in PMOS Vera — symptoms, cycle days, notes, labs, photos — stays on your iPhone, encrypted. There is no account and no Vera cloud. The only data that can ever leave your device is anonymous crash diagnostics that carry no health content and no personal details, and you can turn those off in Settings. This marketing website — which is separate from the app — uses privacy-respecting analytics; details are in Section 5.

This Privacy Policy explains how the PMOS Vera iOS app ("Vera", "the app", "we") handles your information, and how this website (pmosvera.com) behaves. You can reach us any time at support@pmosvera.com.

Vera is a tracking companion. It does not provide medical advice, diagnosis, or treatment.

1. Who we are

Your health data never leaves your device — you are the sole controller of that data. For the limited, anonymous crash diagnostics described in Section 4 (the only information that can ever leave your device), we act as the data controller. You can reach us about any privacy question at support@pmosvera.com.

2. What stays on your device (and never reaches us)

All the information you enter into Vera — including cycle days, symptoms, mood, food, medications, sleep, stress, lab values, free-text notes, and photos — is stored only on your iPhone. It is held in a database encrypted with SQLCipher (AES-256), and the encryption key is kept in the device's iOS Keychain. Photos are individually encrypted with AES-256-GCM. There is no Vera server, no cloud sync, and no account, so this information is never transmitted to us or to any third party. We have no technical means to read it.

3. Apple Health

If you grant permission, Vera reads sleep, steps, and period data from Apple Health to enrich your own history and insights. Vera does not write to Apple Health and does not transmit Apple Health data anywhere. This data, too, remains on your device.

4. The one thing that can leave: anonymous crash diagnostics

To keep Vera stable, the app can send crash reports, unhandled-error reports, and anonymous release-health "session" pings to our processor, Sentry. These diagnostics are deliberately minimised. They do not include:

  • any health, cycle, symptom, photo, or diary content;
  • your name, email, or other directly identifying information;
  • your IP address;
  • screenshots or screen contents;
  • behavioural or usage analytics;
  • performance traces.

Each report carries a pseudonymous installation identifier (a random ID for your app install) so that repeated crashes from the same installation can be grouped. This identifier is personal data under the GDPR, even though it does not identify you by name, which is why it is covered by this policy.

Legal basis (GDPR Art. 6(1)(f) — legitimate interests). We rely on our legitimate interest in keeping the app reliable and free of defects. We have weighed this against your interests: the data is stripped of health content and direct identifiers, no IP is collected, and it cannot be used to track you or build a profile. We consider this minimal, expected processing that does not override your rights — and you can object at any time (see below).

Your control. Crash diagnostics are on by default and can be switched off at any time in Settings → Privacy & Data inside the app. Turning them off stops all future transmission and satisfies your right to object (GDPR Art. 21).

Processor, location, and transfers. Diagnostics are processed by Sentry (operated by Functional Software, Inc.) under a data processing agreement, with data ingested in Sentry's EU region (Frankfurt, Germany). Where any processing or support access involves a transfer outside the EEA (for example by Sentry's US parent), it is covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Apple's definition of "tracking". Because these diagnostics are scrubbed, identity-stripped, and not linked to you for advertising or shared with data brokers, they do not constitute "tracking" under Apple's App Tracking Transparency framework. Vera's App Store privacy information lists Crash Data / Diagnostics as Not Linked to You and Not Used to Track You.

5. This website

This marketing website (pmosvera.com) is separate from the app and, unlike the app, uses a small amount of analytics so we can see which pages are helpful and improve them:

  • Analytics (PostHog). We use PostHog, hosted in the EU, to collect aggregate usage data: pages viewed, approximate region (derived from your IP address, not stored as a precise location), device and browser type, and the site that referred you. This uses cookies. It is never linked to any health data — your health data only ever lives on your iPhone and never reaches this website. Lawful basis: our legitimate interest in understanding and improving the site.
  • Contact form (Web3Forms). If you use the contact form on our Support page, your name, email address, and message are processed by Web3Forms solely to deliver your message to our support inbox. We use those details only to reply to you, never for marketing.

The website loads no advertising trackers and no social-media widgets, and the app itself remains analytics-free. You can block the website analytics with any standard content blocker or your browser's tracking-protection setting.

6. Data retention

Data you enter is retained on your device until you delete it (individual entries, or all data via Settings). Because we never receive it, we cannot retain or recover it. Crash and session diagnostics held by Sentry are retained for a limited period in line with Sentry's standard retention (approximately 90 days for error events) and then deleted.

7. Your rights

Under the GDPR you have the rights of access, rectification, erasure, restriction, objection, and data portability. For on-device data, you exercise these directly: you can view, edit, export (as a report), or erase your data from within the app at any time, without involving us. For the minimal crash diagnostics, contact us at support@pmosvera.com. You also have the right to lodge a complaint with your local data protection authority.

8. Children

Vera is intended for adults and is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with a revised "Last updated" date.

10. Contact

Questions about privacy: support@pmosvera.com.

This policy describes data practices; it is not medical advice.