top of page
  • Black Facebook Icon
  • Black Instagram Icon
  • Black YouTube Icon

Privacy Policy

​

Last Updated: January, 2025

 

1. Introduction

 

Welcome to codeXX.health ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

 

​

Email: hello@codexx.at

Address: Hütteldorfer Straße 12, 1150 Vienna

 

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSGVO).

 

---

 

2. Data We Collect

 

2.1 Information You Provide Directly

 

Account Information:

- Email address

- Display name

- Date of birth

- Physical characteristics (height, weight)

- Ethnicity (optional, for personalized predictions)

 

Health Data:

- Menstrual cycle information (start dates, period length, cycle length)

- Symptom tracking data (cramps, headaches, mood changes, etc.)

- Mood entries

- Medical conditions (optional)

- Contraception usage information

 

2.2 Automatically Collected Information

 

Usage Data:

- App interaction data (features used, time spent)

- Device information (device type, operating system version)

- Crash reports and performance data

 

2.3 Data We Do NOT Collect

 

- Your precise location

- Your contacts

- Photos or media files

- Payment information (app is free)

 

---

 

3. How We Use Your Data

 

We use your data for the following purposes:

 

3.1 Core App Functions (Legal Basis: Contract Performance)

- Predicting your menstrual cycle phases

- Providing personalized health recommendations

- Tracking your cycle history

- Generating health insights

 

3.2 AI-Powered Features (Legal Basis: Legitimate Interest)

- Training our AI model using **federated learning**

- Providing the AI health assistant chatbot

- Personalizing recommendations

 

3.3 App Improvement (Legal Basis: Legitimate Interest)

- Analyzing app usage to improve features

- Fixing bugs and technical issues

- Developing new features

 

3.4 Communication (Legal Basis: Consent)

- Sending push notifications (if you opt-in)

- Sending cycle reminders and health tips

- Responding to your support requests

 

---

 

4. Privacy-First Architecture: Federated Learning

 

codeXX.health uses federated learning technology, which means:

 

Your personal health data NEVER leaves your device

- All cycle predictions and personalized recommendations are computed locally on your iPhone

- Your raw health data is stored only on your device and in your private encrypted cloud storage

 

Anonymous Pattern Learning

- Our AI model learns from aggregate patterns across many users

- Only anonymous, encrypted model updates are sent to our servers

- It's mathematically impossible to extract individual user data from these updates

 

Zero-Trust Architecture

- We cannot access your personal health information

- Even if our servers were compromised, your data remains private

- You have complete control over your data

 

---

 

5. Data Sharing and Third-Party Services

 

5.1 Services We Use

 

Firebase (Google LLC)

- Purpose: Authentication, cloud database, analytics

- Data shared: Account information, anonymized usage data

- Location: EU and USA (GDPR-compliant with Standard Contractual Clauses)

- Privacy Policy: https://firebase.google.com/support/privacy

 

Contentful

- Purpose: Delivering educational content (recipes, fitness videos, articles)

- Data shared: No personal data, only content requests

- Location: EU/USA

- Privacy Policy: https://www.contentful.com/legal/privacy-at-contentful/

 

Apple HealthKit (Optional)

- Purpose: Syncing cycle data with Apple Health

- Data shared: Only if you explicitly grant permission

- Your HealthKit data stays on your device and iCloud

 

5.2 We DO NOT

 

- Sell your data to third parties

- Share your health data with advertisers

- Use your data for purposes other than stated here

- Share your data without your consent (except where legally required)

 

---

 

6. Data Retention

 

- Account Data: Stored until you delete your account

- Health Data: Stored on your device and in encrypted cloud storage until you delete it

- Analytics Data: Anonymized and retained for up to 24 months

- Federated Learning Updates: Anonymous model updates are retained indefinitely

 

You can delete all your data at any time through the app's settings.

 

---

 

 7. Your Rights Under GDPR

 

As a user in the EU/Austria, you have the following rights:

 

7.1 Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

 

7.2 Right to Rectification (Art. 16 GDPR)

You can update or correct your information in the app settings.

 

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can delete your account and all associated data at any time through: Profile → Privacy Settings → Delete Account

 

7.4 Right to Data Portability (Art. 20 GDPR)

You can export your health data from the app.

 

7.5 Right to Object (Art. 21 GDPR)

You can opt-out of data processing for analytics and federated learning.

 

7.6 Right to Withdraw Consent (Art. 7 GDPR)

You can withdraw consent for push notifications and optional features at any time.

 

7.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde):

 

---

 

8. Data Security

 

We implement industry-standard security measures:

 

- End-to-end encryption for data transmission

- Encrypted cloud storage (Firebase with encryption at rest)

- Local device encryption (iOS Keychain)

- Secure authentication (Firebase Auth)

- Regular security audits

- No storage of sensitive data on our servers

 

---

 

9. Children's Privacy

 

codeXX.health is intended for users aged 15 and above. We do not knowingly collect data from children under 15. If you believe we have inadvertently collected data from a child under 15, please contact us immediately.

 

---

 

10. International Data Transfers

 

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States (due to Firebase). These transfers are protected by:

- Standard Contractual Clauses (SCCs) approved by the EU Commission

- GDPR-compliant data processing agreements with all third-party services

 

---

 

11. Medical Disclaimer

 

codeXX.health is NOT a medical device and does NOT provide medical advice.

 

- Our predictions and recommendations are for informational purposes only

- Always consult a qualified healthcare provider for medical concerns

- Do not use this app for contraception or pregnancy prevention

- The app is not intended to diagnose, treat, cure, or prevent any disease

 

---

 

12. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

- Posting the new Privacy Policy in the app

- Sending you a push notification (if enabled)

- Updating the "Last Updated" date at the top

 

Your continued use of the app after changes constitutes acceptance of the updated policy.

 

---

 

13. Contact Us

 

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:

 

Email: hello@codexx.at

Website: https://www.codexx.health

 

Response Time: We aim to respond to all inquiries within 30 days as required by GDPR.

 

---

 

14. Legal Information

 

This Privacy Policy is governed by Austrian law and EU GDPR regulations.

 

---

 

© 2025 codeXX.health. All rights reserved.

  • Instagram
  • LinkedIn

get in touch

hello@codexx.at

Thanks for submitting!

Subscribe for News, Games, Promotions and More!

  • Facebook - Black Circle
  • Instagram - Black Circle
  • YouTube - Black Circle

Thanks for submitting!

©2023 by Readie. Proudly created with Wix.com

bottom of page