privacy policy

 

Last updated: May 2026

SYNC Cycle Limited ("SYNC", "we", "us", or "our"), a company registered in England and Wales (Company No. 16878445) with its registered office at 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, is committed to protecting your personal data.

This Privacy Notice explains how we collect, use, store, and protect your personal information when you use the SYNC app, connect wearable devices or third-party health platforms, or visit our website. It also explains your rights under UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this notice carefully before using SYNC. By creating an account and using the SYNC app you confirm that you have read and understood this notice.

1. Contact Details

If you have any questions about this Privacy Notice, or wish to exercise your data protection rights, please contact us at:

Email: hello@sync-your-cycle.com

Post: SYNC Cycle Limited, 71–75 Shelton Street, Covent Garden, London WC2H 9JQ

2. Information We Collect

We collect the following categories of personal data when you use SYNC. Health and cycle data is special category data under UK data protection law and is processed only on the basis of your explicit consent (see Section 4).

Account data

Full name, email address, phone number, date of birth and age.

Source: Provided by you.

Health and cycle data

Menstrual cycle dates and phase, daily check-in responses (mood, energy, symptoms), sleep data, resting heart rate (RHR), heart rate variability (HRV), activity data and exercise minutes, basal body temperature (BBT), wrist temperature, respiratory rate.

Source: Provided by you and generated by SYNC.

Wearable and third-party health data

Apple: menstruation, sleep, RHR, HRV, respiratory rate, wrist temperature, exercise minutes, workouts, BBT.

Oura: activity, sleep and biometric data.

Source: Connected third-party platforms and wearable devices, with your authorisation. These are independent data controllers; their own privacy policies govern how they collect and hold your data.

Device and usage data

Device type, operating system version, app version, push notification preferences.

Source: Your device, automatically.

Diagnostic data

Crash reports and error logs (technical only; health data is explicitly excluded).

Source: Your device.

Website data

Cookies and analytics data.

Source: Your browser or device.

The specific information we collect may change from time to time but always within the categories listed above. While we will aim to keep this section updated with the specific data types that we collect, it may not always be comprehensive.

3. How We Use Your Information

The following sets out the purposes for which we process your personal data and the lawful basis we rely on in each case.

Create and manage your SYNC account

Data used: Account data. Lawful basis: Contract.

Provide the SYNC app and its core features, including cycle tracking and personalised insights

Data used: Health and cycle data, wearable data. Lawful basis: Consent.

Generate your daily SYNC Score and personalised recommendations using AI

Data used: Health and cycle data, wearable data. Lawful basis: Consent.

Send push notifications about your health data and SYNC Score

Data used: Account data. Lawful basis: Consent.

Send transactional communications (e.g. one-time passcodes for login)

Data used: Email address. Lawful basis: Contract.

Monitor app stability and fix technical errors

Data used: Diagnostic data (technical only; no health data). Lawful basis: Legitimate interests - maintaining a reliable service.

Analyse website performance and improve user experience

Data used: Website and cookies data. Lawful basis: Legitimate interests - improving our service.

Send marketing communications to you

Data used: Email address. Lawful basis: Consent (or legitimate interests where sent on the basis of a soft opt-in).

4.  Health and Cycle Information

Health and cycle data (including menstrual information, biometric signals, and any other data that reveals information about your physical health) is classified as special category data and attracts a higher level of protection under UK data protection law.

We process your health and cycle data solely on the basis of your explicit, informed consent. You give this consent when you actively opt in to health data processing as part of the SYNC onboarding flow. This means:

  • We will not process your health data without your explicit consent.

  • You can withdraw your consent at any time by contacting us at hello@sync-your-cycle.com or by deleting your account in the app. Withdrawal does not affect the lawfulness of any processing carried out before you withdrew consent.

  • Where you withdraw consent, we will stop processing your health data. Please note that withdrawal of consent may mean that SYNC can no longer provide you with personalised insights or your SYNC Score, as these features depend on health data.

Health data you provide to SYNC is not used for any purpose beyond those set out in this Privacy Notice, and is not shared with advertising networks or used for any commercial purpose other than providing the SYNC service to you.

5. Who We Share Your Data With

We share your data with a small number of service providers who process data on our behalf, including AI model providers to help generate your SYNC Score and other health insights.

The following third-party service providers process data on our behalf. They are permitted to use your data only as we direct and are bound by contractual obligations to protect it.

Anthropic (Claude AI)

Purpose: AI analysis to generate your daily SYNC Score and personalised recommendations.

Data shared: Health signals - cycle data, sleep, RHR, activity data.

Location: USA (adequate safeguards in place).

Amazon SES

Purpose: Transactional email delivery (e.g. one-time passcodes for login).

Data shared: Email address only.

Location: EU / USA.

Sentry

Purpose: Crash reporting and app error monitoring.

Data shared: Technical diagnostic data only. Health data is explicitly excluded and technical measures are in place to prevent it from appearing in Sentry logs.

Location: USA (adequate safeguards in place).

Railway

Purpose: Cloud infrastructure and primary data storage.

Data shared: All user data.

Location: EU (Amsterdam, Netherlands).

Where processors are located outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as applicable.

AI processing

SYNC uses artificial intelligence (AI) to analyse your health and cycle data and generate your daily SYNC Score and personalised recommendations. This is a core feature of the SYNC service and this processing is automated. Any third party AI model providers (as with all of our data processors) are contractually prohibited from using your data for any purpose other than delivering these insights on SYNC, and your data will not be used to train their models.

Other types of sharing

Only to the extent necessary, we may also share your personal data with:

  • SYNC affiliates and group companies;

  • Our Professional advisors including legal advisors, auditors and accountants;

  • trusted third party companies and individuals to help us provide, analyse, and improve our services (including but not limited to data storage, maintenance services, web communications, database management, web analytics, payment processing, and improvement of our services);

  • business partners and joint ventures;

  • a prospective seller or buyer of our business and their advisors or in connection with a business transaction or reorganisation. Also, in the unlikely event of our bankruptcy, receivership, or insolvency, your personal data may be disclosed, transferred, or assigned to third parties in connection with the proceedings or disposition of our assets;

  • insurers;

  • courts, court-appointed persons/entities, receivers and liquidators;

  • third parties such as legal advisors and law enforcement where necessary to comply with a legal obligation, to enforce a contract, to prevent fraud or to protect the rights, property or safety of our employees, customers or others;

  • to governmental departments, local government, statutory and regulatory bodies including (in the UK) the Information Commissioner’s Office, the police and His Majesty’s Revenue and Customs;

  • with your consent or at your direction, we may disclose your personal data to certain other third parties or publicly;

  • our marketing providers in order to advertise and communicate with you about the Services;

  • with third-party ad networks and advertising partners to deliver advertising and personalized content on our Services, on other websites and services, and across other devices. These parties may collect information automatically from your browser or device when you visit our websites and other services through the use of cookies and related technologies;

  • your employer or colleagues if you interact with our Services in connection with your employment.

6. How Your Data Is Stored and Security

Storage location. All user data is stored on Railway’s cloud infrastructure, hosted within the European Union (Amsterdam, Netherlands). If any disclosures of personal data mean that your personal data will be transferred outside the European Economic Area, we will only make that transfer in accordance with applicable data protection laws, ensuring appropriate safeguards are in place.

Security measures. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Current security measures include:

Encryption in transit (TLS) for all data transmitted between your device and our servers

Encryption at rest for stored data

Technical controls to ensure health data is excluded from diagnostic and error logging systems

Access controls limiting who within SYNC can access personal data

No method of transmission over the internet or method of electronic storage is completely secure. While we take the protection of your data seriously and use commercially reasonable measures, we cannot guarantee absolute security.

If you believe your data has been compromised, please contact us immediately at hello@sync-your-cycle.com.

7. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law.

Health and cycle data - Retained for the duration of your active account. Deleted following account deletion (see below).

Account data (name, email, date of birth, phone number) - Retained for the duration of your active account. We may retain certain account identifiers for up to 6 years after deletion where required by applicable law or to resolve disputes.

Diagnostic data (crash logs, error reports) - Retained on a rolling 90-day basis, then automatically deleted.

Website analytics and cookies - In accordance with your cookie preferences.

Account deletion

When you request deletion of your account:

  • We will initiate deletion of your personal data within 30 days of your request.

  • You may cancel your deletion request within this 30-day window by contacting us at hello@sync-your-cycle.com.

  • Where you need immediate deletion prior to the 30-day window expiring, we will action this on request.

Following completion of the deletion process, your health and cycle data, account data, and any associated SYNC Scores and recommendations will be permanently deleted from our systems and those of our data processors, subject to any legal retention obligations.

8. Cookies and Website Analytics

Our website uses cookies and analytics tools to understand how visitors interact with the site and to improve the user experience. Analytics data is collected and processed on the basis of legitimate interests.

You can control or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website.

For full details of the cookies we use, please refer to our Cookie Policy, accessible via the cookie preferences link on our website.

9. Product Improvement and Research

We may use information collected through SYNC in anonymised and aggregated form to improve the SYNC product and to develop a better understanding of how women’s physiology interacts with training, recovery, psychological readiness, and menstrual cycle patterns.

Anonymised and aggregated data does not identify you as an individual and does not constitute personal data. No personally identifiable information will be shared or published without your consent.

10. Your Data Protection Rights

Under UK data protection law, you have the following rights in relation to your personal data:

Right of access

You can request a copy of the personal data we hold about you.

Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to erasure

You can ask us to delete your personal data in certain circumstances, including where you withdraw consent.

Right to restrict processing

You can ask us to restrict the processing of your personal data in certain circumstances.

Right to data portability

Where processing is based on consent or contract and carried out by automated means, you can ask us to provide your data in a structured, commonly used, machine-readable format.

Right to withdraw consent

Where we process your data on the basis of consent (including for all health data), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to object

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights in relation to automated decision-making

You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any of your rights, please contact us at: hello@sync-your-cycle.com.

We will respond to your request within one calendar month. We may ask you to verify your identity before processing your request.

11. Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes to our services, technology, or legal requirements. Where changes are material, we will notify you in-app or by email before they take effect. The latest version will always be available on our website.

The date at the top of this notice indicates when it was last updated.

12. Contact and Complaints

If you have any concerns about how we handle your personal data, please contact us in the first instance at hello@sync-your-cycle.com. We will do our best to resolve your concern promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: ico.org.uk | Helpline: 0303 123 1113