Privacy Policy
Last updated: March 2026
Our commitment
Soma is built on a simple principle: your health data belongs to you. We will never sell, share, or monetise your personal information. This policy explains what data the app collects, why, and how it is protected.
Data processing
Soma processes cycle data, daily logs, profile settings, and partner-sharing preferences to provide tracking, predictions, and partner features.
Health data categories
Depending on your usage, this can include period dates, cycle length patterns, symptoms, mood, energy, notes, hydration and sleep entries, and reminder preferences.
Legal basis and consent
Core processing is required to provide Soma. Optional analytics and optional partner-sharing settings are consent-based and can be managed in-app from Data Consent Center.
Storage and transport
Data is transmitted over secure network connections and stored for app functionality such as insights, history, and partner sharing. Sensitive actions are controlled with authentication and row-level access rules.
Partner Sync
Partner Sync lets you share a subset of your cycle data with one trusted person. You control exactly what is shared and can revoke access at any time. Partners never see your raw data — only a curated, read-only view you authorise.
Anonymous usage
You can use Soma without creating an account. The app assigns an anonymous session identifier to enable optional features. This identifier is not linked to any personal information and is deleted when you log out or delete the app.
Analytics and crash reporting
Soma may use PostHog for product analytics and Sentry for crash/error monitoring when enabled. We do not sell your data, and we avoid sending personal health note content in telemetry payloads.
Retention and deletion
Account data is retained until deletion by you. Operational logs and telemetry are retained only as needed for security, reliability, and legal obligations, then removed or anonymized.
Your privacy rights
You may request access, export, correction, or deletion of your data. If you are in the EEA/UK, GDPR rights may include portability, objection, and complaint rights with your local authority.
Cookies and similar technologies
Our website may use essential storage mechanisms and, when enabled, analytics identifiers to keep the experience functional and improve performance. See our Cookie Notice for details.
Data deletion
You can delete your account data at any time from Settings → Account → Delete Account. This action is irreversible.
Children
Soma is not directed at children under 13. We do not knowingly collect data from anyone under 13.
Contact
Questions about this policy? Email us at privacy@soma-app.com.