← Knoodlepot Studio

Privacy Policy

Selene — Knoodlepot Studio

Last updated: 22 May 2026

1. Who we are

This Privacy Policy explains how Knoodlepot Studio (sole trader) collects, uses, and protects your personal data when you use Selene.

Data controller: Knoodlepot Studio (sole trader)
Email: knoodlepot@knoodlepotstudio.com
ICO registration: ZC143302 — verify here

2. Your rights under UK GDPR

You have the following rights regarding your personal data. Email us at knoodlepot@knoodlepotstudio.com to exercise any of them. We will respond within one calendar month.

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Restriction — ask us to stop processing your data in certain circumstances.
  • Portability — ask for your data in a portable format. You can also export everything directly from Settings → Export as CSV at any time, without contacting us.
  • Objection — object to processing based on legitimate interests.
  • Complaint to the ICO — if you are not satisfied with our response: ico.org.uk/make-a-complaint or 0303 123 1113.

3. The plain-English summary

All data you enter in Selene stays on your phone. We have no servers, no database, and no cloud storage for health data. We structurally cannot see your cycle logs, symptoms, moods, or any other health information you record — not because we promise not to look, but because there is nowhere for it to go.

The only information that ever leaves your device is:

  • Purchase receipt — processed by RevenueCat to verify your one-off purchase. This contains an anonymous random ID. It does not contain your name, email, or any health data.
  • Crash reports — if the app crashes, an error report is sent to Sentry. This contains technical information only (stack trace, device model, app version). It never contains your health data, cycle logs, or anything you have typed into the app.
  • Encrypted backup (opt-in only) — if you choose to set up Google Drive backup, an AES-256 encrypted file is uploaded to a private folder in your own Google Drive account. Google cannot read this file. Neither can we. Only you can, using your passphrase.

December 2024 UK police guidance. In December 2024, guidance acknowledged that period app data could theoretically be accessed by police in certain circumstances. With Selene, this risk does not apply to data we hold — because we hold none. Police can request data from us, but we have nothing to provide. Your data lives on your device, encrypted, accessible only with your device PIN or biometric. The one risk we cannot remove is physical access to your unlocked device; no app can protect against that. We recommend a screen lock. The optional Discreet Mode in Settings adds an extra layer.

4. Special Category health data

The data you enter in Selene — cycle dates, symptoms, moods, pain levels, test results, and related information — is classified as Special Category personal data under UK GDPR (Article 9). This is the highest level of legal protection for personal data.

We process this data on the legal basis of explicit consent (UK GDPR Article 9(2)(a)), given by you during onboarding. You can withdraw consent at any time by deleting the app, which also deletes all data from your device.

Because this data is stored entirely on your device and never transmitted to us, we act as a data controller only in the limited technical sense of providing the software that processes it locally. We never receive, access, or store your health data on any server we operate.

5. What we collect directly

We do not collect your name, email address, phone number, location, contacts, photos, or browsing history. The app does not require an account.

The only information stored outside your device is:

  • Support correspondence — if you email us, we keep the message to respond and follow up.

6. Hosting — Vercel

This privacy policy page is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When you visit this page, Vercel receives standard server log information (your IP address, browser type, page requested, timestamp). This is used solely to serve the page and is not shared with us in identifiable form.

Legal basis: legitimate interests (UK GDPR Article 6(1)(f)). Vercel privacy policy.

7. Purchase verification — RevenueCat

We use RevenueCat (RevenueCat, Inc., 1032 E Brandon Blvd #3003, Brandon, FL 33511, USA) to verify your one-off purchase and unlock paid features.

RevenueCat receives:

  • An anonymous App User ID — a random identifier generated on your device. Not linked to your name, email, or any contact details.
  • Purchase history — subscription status, products purchased, transaction dates.
  • Locale and currency code — e.g. en_GB and GBP, for showing prices. Not your location.
  • Standard HTTP metadata — your IP address, SDK version, operating system.

RevenueCat does not receive your health data, cycle logs, symptoms, moods, or any other information you enter into the app.

Legal basis: performance of a contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) for fraud prevention. RevenueCat privacy policy.

8. Crash reporting — Sentry

We use Sentry (Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) to receive reports when the app encounters an error or crash.

Sentry receives:

  • The error or crash type and stack trace
  • Device model, operating system version, and app version
  • A short trail of recent app events leading to the error (e.g. "user opened settings", "backup started") — these do not include any health data or content you have entered
  • Your IP address

Sentry does not receive your health data, cycle logs, symptoms, or any information you have entered into the app. Crash reports are retained for up to 90 days then deleted automatically.

Legal basis: legitimate interests (Article 6(1)(f)) — keeping the app working properly. Sentry privacy policy.

9. Encrypted backup — Google Drive (opt-in)

If you choose to enable Google Drive backup, the app asks you to sign in with Google and encrypts all your data on your device using AES-256-CBC before uploading it to a private app data folder in your own Google Drive account.

What Google receives:an encrypted blob that is unreadable without your passphrase. Google cannot read your health data. Neither can we. The file is stored in your Drive's app data folder, which is invisible in your Drive file list and accessible only by Selene. It is automatically deleted if you uninstall the app.

Your passphrase is never transmitted anywhere.It exists only in your memory and temporarily in your device's RAM during encryption/decryption. If you forget your passphrase, the backup is permanently unreadable. We cannot reset or recover it.

Google Sign-In processes standard authentication data (your Google account email, an OAuth token) to identify your Drive account. This is handled by Google and subject to Google's privacy policy. We do not receive or store your Google account email.

Legal basis: performance of a contract (Article 6(1)(b)) — you have explicitly requested this feature. Backup is entirely optional and can be disabled at any time in Settings.

10. Distribution — Google Play

Selene is distributed through the Google Play Store. When you download, install, update, or purchase the app, Google processes information about that transaction under their own privacy policy. We have no control over this processing. Google privacy policy.

11. On-device PIN lock (Discreet Mode)

If you enable Discreet Mode, the app uses Android's BiometricPrompt API or a PIN you set to lock access to the app. Your biometric data never leaves your phone. Android handles biometric matching entirely within your device's secure hardware. We do not receive, see, or store any biometric or PIN information.

Important: the Discreet Mode PIN is deliberately unrecoverable. If you forget it, you cannot unlock the app. This is stated clearly before you set one.

12. Manual health measurements (BBT, LH, heart rate, HRV)

Selene allows you to manually enter basal body temperature, LH test results, resting heart rate, and heart rate variability. All of these are stored only on your device. None of this data is transmitted anywhere.

Selene does not connect to any wearable device, fitness tracker, smartwatch, or phone camera. Manual entry is deliberate: every smartwatch syncs data to the manufacturer's servers before it reaches your phone. By requiring manual entry, we ensure that data exists in Selene only because you chose to put it there.

BBT disclaimer: Selene logs and charts BBT readings but does not claim this data can be used as contraception. Natural Cycles is the only app with regulatory approval for that use. Do not use Selene for fertility planning or contraception.

13. Data we never collect

To make this explicit, we do not:

  • Sell, rent, or trade your personal data to anyone, ever.
  • Use your data for advertising or behavioural profiling.
  • Include any advertising SDKs, analytics SDKs, or tracking SDKs in the app.
  • Share your data with advertisers, data brokers, or social media platforms.
  • Use Firebase Analytics, Crashlytics, Google Analytics, Mixpanel, Amplitude, or any equivalent.
  • Connect to Health Connect, any wearable SDK, or any camera-based biometric measurement system.

14. International transfers

RevenueCat, Sentry, and Vercel process data in the United States. For each transfer we rely on the UK International Data Transfer Addendum to Standard Contractual Clauses, and where applicable the EU-US and UK-US Data Privacy Framework. You can request details of the specific safeguards by emailing us.

15. Retention

Health data (cycle logs, symptoms, etc.) exists only on your device. Deleting the app deletes it permanently. We hold no copy.

  • Purchase records (RevenueCat): retained for 6 years for legal and tax purposes.
  • Crash reports (Sentry): 30 to 90 days, then automatically deleted.
  • Support correspondence: 2 years from last contact.
  • Vercel access logs: approximately 30 days.

16. Security

All health data stored on your device is encrypted using the Android Keystore system. The optional Google Drive backup is AES-256-CBC encrypted before it leaves your device. Crash reports are transmitted over TLS. No system is perfectly secure; in the event of a personal data breach affecting your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.

17. Children

Selene is for users aged 16 and over. The app shows an age gate on first launch and does not operate if you indicate you are under 16. We do not knowingly collect data from anyone under 16.

18. Changes to this policy

We may update this policy from time to time. If a change expands what data leaves your device or who it is shared with, we will give you clear notice before the change takes effect. The "Last updated" date at the top of this page shows when it was last changed.

19. Contact

For any privacy question, request, or complaint:

Knoodlepot Studio
knoodlepot@knoodlepotstudio.com

If you are not satisfied with our response, you can complain to the ICO:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
ico.org.uk/make-a-complaint