1. Who we are
SB22 Female Health ApS provides a menopause health companion app for consumers. We are the data controller for personal data described in this policy.
2. What data we collect
- Account and profile data, such as name, phone number, and email.
- Health and symptom entries you submit in the app or connected channels.
- Message content and support communications.
- Technical and usage data required to operate, secure, and improve the service.
3. Why we process your data
- To provide the service you request and keep your account running.
- To generate symptom insights and summaries.
- To provide customer support and communicate important service updates.
- To secure the platform and prevent abuse or fraud.
- To comply with legal obligations.
Legal bases include contract performance, legitimate interests, consent where required, and legal obligations.
4. Health data
Some data you provide can be considered health-related information under GDPR. We handle this data with heightened safeguards and only process it for the purposes described above.
5. Where your data is stored
Our primary application data is stored in EU, including our Supabase project for database and storage services.
If any processor access or support activity involves transfers outside the EEA, we rely on GDPR transfer safeguards, such as the EU Standard Contractual Clauses (SCCs), where required.
6. Processors and subprocessors
We use trusted processors to deliver the service, including infrastructure and messaging providers.
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Database, auth, and file storage | EU project region |
| Twilio | Messaging delivery (for WhatsApp/SMS features) | Depends on routing and account setup |
| n8n | Workflow automation for message handling | Depends on deployment setup |
7. Retention
We keep personal data only as long as needed for the purposes above, or as required by law. We delete or anonymize data when retention is no longer necessary.
8. Your rights
Under GDPR, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You may also withdraw consent where processing is based on consent.
You can also lodge a complaint with your local supervisory authority, including Datatilsynet in Denmark.
9. Cookies and tracking
We use necessary cookies for core functionality. Non-essential cookies or tracking technologies are used only after consent where required by law.
10. Security
We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration.
11. Children
Our service is intended for adults and is not directed to children under 18.
12. Contact
For privacy requests or questions, contact us at:
If you are a business customer and need a Data Processing Agreement (DPA), contact us and we can provide one.