Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

We collect the following categories of personal data, depending on how you use the Service.

2.1 Account Data

• Email address (used for authentication via magic link)
• Display name (optional, set by you)

2.2 Health and Special Category Data (GDPR Article 9)

The following data constitutes special category data under GDPR Article 9 because it concerns health. We process it only with your explicit consent.

• Menstrual cycle dates (start date, end date, cycle length)
• Flow intensity (e.g., light, medium, heavy)
• Physical symptoms (e.g., cramps, headaches, bloating — as logged by you)
• Mood logs and emotional state entries
• Energy level entries
• Weight entries (if logged by you)
• Intimacy logs

2.3 Relationship Observation Data

• Partner mood observations (entered by the account holder)
• Conflict log entries
• Acts of service log entries
• Partner notes (never shared with any third party or with the partner account)

2.4 Partner Sharing Consent Preferences

If you choose to link a partner account, we store your consent toggle settings across five sharing categories: mood, energy, cycle phase, symptoms, and intimacy. The default state for all categories is off (no sharing).

2.5 Google Calendar Data

If you connect Google Calendar (optional), we request OAuth access using two scopes: calendar.app.created (to create and manage a dedicated “Cycle” calendar) and calendar.events.readonly (to read your existing calendar events for schedule-aware planning). See Section 5 for full details and the Limited Use disclosure.

2.6 Payment Data

Payment processing is handled entirely by Stripe. We do not receive, store, or process your card number, bank account details, or any other sensitive payment instrument data. We receive from Stripe only the minimum necessary billing metadata (e.g., subscription status, plan identifier, last four digits of card for display purposes).

2.7 AI Conversation Data

When you use the AI coaching chat feature, your chat messages and relevant cycle/mood context are sent to AI language model providers (see Section 7). We store conversation history in our database to provide conversation continuity. Chat history is deleted when you delete your account.

2.8 Technical Data

• IP address (retained in standard server logs for up to 30 days)
• Browser type and version
• Device operating system
• Pages visited and timestamps (for security and fraud prevention purposes)

We do not use analytics platforms (e.g., Google Analytics). Technical data is used solely for operating, securing, and debugging the Service.

3. Legal Bases for Processing

We process your personal data only where we have a valid legal basis under GDPR Article 6. Where we process special category (health) data, we rely on GDPR Article 9(2) in addition.

Where we rely on consent as a legal basis, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may withdraw consent from within the app Settings or by contacting us at privacy@puzzlepiece.app.

Where we rely on legitimate interests, we have conducted a balancing test and concluded that our interest in securing the Service and preventing fraud does not override your fundamental rights and freedoms, given the limited scope and sensitivity of the data processed for this purpose.

4. How We Use Your Data

We use the data we collect for the following purposes only:

• Providing and personalising the Service (cycle tracking, mood analysis, PLAN view, INSIGHTS)
• Generating AI-powered relationship coaching and cycle insights in the CHAT feature
• Syncing predicted cycle events to your Google Calendar (where you have connected it)
• Processing your subscription payments via Stripe
• Sending transactional emails (magic link login, subscription receipts, important account notices) via Resend
• Enabling the partner sharing feature based on your explicit per-category consent choices
• Detecting and preventing fraud, abuse, and security incidents
• Complying with applicable legal obligations (e.g., tax record keeping)
• Responding to your support requests

We do not sell your personal data. We do not use your data for advertising or behavioural profiling for advertising purposes. We do not share your data with data brokers or marketing platforms.

5. Google API Limited Use Disclosure

What Google data we access

• Read: Existing calendar events in your Google Calendar account, solely to display them alongside your cycle data in the PLAN view and to provide scheduling context to the AI coach.
• Write: Creation and management of a dedicated “Cycle” calendar under your Google account, used to sync your predicted menstrual and fertility window events.

How we use Google Calendar data

• Display your calendar events alongside cycle data in the PLAN view (read-only display)
• Sync predicted cycle phase events (e.g., period start, ovulation window) to your Google Calendar
• Provide the AI coach with scheduling context when responding to planning-related questions

Storage of Google data

Your Google OAuth tokens (access token and refresh token) are stored encrypted at rest in our Supabase database, secured by row-level security policies. Calendar event data retrieved from the Google Calendar API is read transiently at request time and is not persisted to our database. We do not store copies of your Google Calendar event content.

Sharing of Google data

Google Calendar data is not shared with any third parties, not used for advertising, and not used for any purpose beyond those described above. We do not use Google Calendar data to build advertising profiles, and we do not allow humans to read your Google Calendar data except for the purpose of debugging a specific issue you have reported, with your explicit permission.

Revoking Google Calendar access

You may disconnect Google Calendar at any time from Settings → Integrations. Upon disconnection, we immediately delete your stored OAuth tokens from our database. You may also revoke access directly from your Google Account permissions page.

6. Partner Data Sharing Model

PuzzlePiece.app allows you to optionally link a partner account so that relevant insights can be surfaced to them. This feature is designed with privacy as the default.

Default state: zero sharing

All sharing toggles default to off. No data is shared with a linked partner account until you explicitly enable each category.

Consent categories

Sharing is controlled independently across five categories. You may enable or disable each at any time:

• Mood
• Energy level
• Cycle phase
• Physical symptoms
• Intimacy

What is never shareable

Private notes you enter are never shareable under any circumstances. Raw health data values are never transmitted directly to a partner account.

AI-mediated sharing only

Where sharing is enabled, a partner account does not see your raw data points. Instead, our AI translates enabled data into contextual insights and coaching language. A partner never has direct access to your logged values.

Silent revocation

Either party may unlink the partner connection at any time from Settings. Unlinking is silent — the other party does not receive a notification. Upon unlinking, the partner account immediately loses access to all shared insights derived from your data.

7. AI Processing Disclosure

Our AI coaching features send data to third-party AI language model providers via Vercel AI Gateway. We are transparent about this processing.

Providers and routing

• Anthropic (Claude models) — used for complex analysis and coaching responses
• OpenAI (GPT models) — used for certain summarisation and lightweight tasks
• Both are accessed via the Vercel AI Gateway, which handles routing and rate-limiting

What is sent to AI providers

• Relevant cycle context (current cycle phase, predicted dates) — anonymised where possible
• Mood and energy log summaries
• Relationship observation summaries
• Your chat messages typed in the CHAT feature

We do not send your email address, name, or any directly identifying information to AI providers. Data sent is contextual and pseudonymised.

How your data flows through AI processing

Data retention by AI providers

All AI API requests are made with Zero Data Retention (ZDR) explicitly enabled at the code level — every call to an AI provider includes the zeroDataRetention: true flag routed through the Vercel AI Gateway. This instructs the gateway and downstream providers to process data transiently: prompt data and AI responses are held only in memory for the duration of the request and are not persisted to any storage layer.

Anthropic and OpenAI operate under commercial API terms with data protection commitments. Under these terms, data submitted via their APIs is not used to train their models. With ZDR enabled, neither provider retains request data beyond what is required for real-time processing. Without ZDR, Anthropic would retain API inputs for up to 30 days for trust and safety monitoring, and OpenAI for up to 30 days for abuse detection — but with ZDR active, these retention windows do not apply.

Please review Anthropic's and OpenAI's respective data processing addenda for the most current commitments regarding zero-retention processing.

AI output is not medical advice

AI-generated responses are provided for informational and coaching purposes only. They do not constitute medical advice, diagnosis, or treatment. PuzzlePiece.app does not perform automated decision-making as defined under GDPR Article 22 — all AI output is for your review and consideration, with no automated legal or similarly significant effects. If you have health concerns, consult a qualified healthcare professional.

8. AI Analysis and Scoring Features

How AI analyses your data

Beyond the CHAT feature, the Service uses AI and algorithmic systems to generate several types of analysis:

• Relationship intelligence scoring: We calculate a composite relationship health score across multiple dimensions (communication, emotional support, physical intimacy, conflict frequency, and acts of service) based on data you log. This score is presented to you as a personal reference metric and has no legal, medical, or professional significance. It does not influence any decision made about you by any institution or third party.
• Conflict probability forecasting: We use your logged cycle phase, mood, and relationship observation data to generate a probability estimate of elevated conflict likelihood. This forecast is advisory only and is presented to help you plan your interactions. It is not a determination of your behaviour or character.
• Monthly AI reports: At the end of each calendar month, an AI system synthesises your logged data to produce a summary report. This report is generated automatically without human review before delivery. The report is personal, private, and not shared with any third party.

All of these features involve automated processing of your personal data, including health data, to produce assessments of patterns in your behaviour and relationship. This constitutes profiling within the meaning of GDPR Article 4(4). However, none of these features produce legal effects or similarly significant effects: all outputs are presented to you for your own reflection and are not used to make decisions that affect your access to services, your employment, your financial status, or any other consequential outcome. You may request cessation of profiling at any time by contacting privacy@puzzlepiece.app.

AI analysis of data about your partner

When you log observations about your partner (mood observations, conflict events, acts of service), this data is used by our AI systems to generate insights and coaching responses. Your partner is a data subject whose personal data we process on the basis of your consent and our legitimate interest in providing the Service you have requested.

Your partner's data is used for the following purposes only: generating relationship intelligence scores, conflict forecasts, and coaching responses within your account. This data is never shared with third parties and is never used for advertising.

If a partner account is connected, they may access coaching features of the Service which draw on shared data categories they have consented to. Private notes you enter about your partner are never accessible to the partner account and are never sent to AI providers.

Your partner may exercise their GDPR data subject rights (access, erasure, restriction, objection) by contacting privacy@puzzlepiece.app. Upon receiving a verified request from a data subject whose data is processed through another user's account, we will assess the request and take appropriate action, which may include deleting the relevant observation data.

9. Sub-Processors and International Transfers

We engage the following sub-processors who may process personal data on our behalf. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (EU Standard Contractual Clauses or adequacy decisions).

Our primary database infrastructure is hosted within the EU (Frankfurt, Germany), meaning the majority of your personal data is stored and processed within the EEA. Transfers to US-based sub-processors occur under EU Standard Contractual Clauses (Module 2: Controller to Processor) where required.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law.

You may request account deletion at any time from Settings → Account → Delete Account or by emailing privacy@puzzlepiece.app. We process deletion requests within 30 days. Note that payment records are retained for 7 years as required by Estonian tax law, but these records contain only transactional metadata (amount, date, plan) — not your health data.

11. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. We will respond to all verifiable requests within 30 days (extendable by two further months in complex cases, with notice).

Right of access (Article 15)

You have the right to obtain confirmation of whether we process personal data about you and, if so, to receive a copy of that data along with information about how it is processed.

Right to rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed. Most data can be corrected directly in the app. For account email changes, contact support.

Right to erasure / right to be forgotten (Article 17)

You have the right to request deletion of your personal data where: it is no longer necessary for the purposes for which it was collected; you withdraw consent (and there is no other legal basis); you object to processing and there are no overriding legitimate grounds; or the data has been unlawfully processed. Note that certain data may be retained where we have a legal obligation (e.g., tax records).

Right to restriction of processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as while you contest the accuracy of the data or while an objection is pending.

Right to data portability (Article 20)

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format (JSON or CSV), and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means. To request a data export, email privacy@puzzlepiece.app.

Right to object (Article 21)

You have the right to object to processing based on legitimate interests (Article 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or the processing is necessary for the establishment, exercise, or defence of legal claims.

Right to withdraw consent

Where processing is based on your consent (including explicit consent for health data), you may withdraw that consent at any time via Settings or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to lodge a complaint (Article 77)

You have the right to lodge a complaint with the Estonian Data Protection Authority (Andmekaitse Inspektsioon), which is our lead supervisory authority:

You may also have the right to lodge a complaint with the data protection authority in your country of residence or place of work if different from Estonia.

Exercising your rights

To exercise any of the above rights, please contact us at privacy@puzzlepiece.app. We may need to verify your identity before processing your request. We will not charge a fee for your first request in any 12-month period; additional requests may incur a reasonable administrative fee.

12. Children's Privacy

PuzzlePiece.app is not directed at children. The minimum age to use the Service is 13 years, in accordance with Section 8(1) of the Estonian Personal Data Protection Act.

We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will delete that data promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@puzzlepiece.app.

Users between the ages of 13 and 15 are subject to additional parental consent requirements under Estonian law. If you are in this age group, please ensure you have obtained parental or guardian consent before creating an account.

13. Cookies and Tracking

We use a minimal set of cookies that are necessary to operate the Service. We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. Because we only use strictly necessary and functional cookies, we do not display a cookie consent banner.

Strictly necessary cookies cannot be disabled without breaking authentication. Functional cookies may be deleted via your browser settings at any time, though this will reset your language preference on next visit. We do not use fingerprinting or any other tracking technique beyond the cookies listed above.

14. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption in transit using TLS 1.2 or higher for all data transmitted between your device and our servers
• Encryption at rest for all data stored in our Supabase (PostgreSQL) database
• Row-level security (RLS) policies on all database tables, ensuring users can only access their own data
• Passwordless authentication via magic links (no passwords stored)
• PKCE flow for OAuth integrations
• Google OAuth tokens encrypted at rest in our database
• Access controls limiting employee access to production data to a need-to-know basis
• Regular dependency and security patching

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Andmekaitse Inspektsioon within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

To report a security vulnerability, please email privacy@puzzlepiece.app with the subject line “Security Disclosure”.

15. EU AI Act Compliance

PuzzlePiece.app uses AI systems governed by Regulation (EU) 2024/1689 (the EU AI Act). Our role under the AI Act is that of a deployer: we integrate third-party AI language models provided by Anthropic and OpenAI into our Service and are responsible for the manner in which those systems are used in our product.

We have assessed the AI systems we deploy and have concluded that they constitute Limited Risk systems within the meaning of the AI Act. None of the AI systems deployed in this Service qualify as high-risk AI systems under Annex III to the AI Act. This classification reflects the following: our AI systems do not make or materially influence decisions affecting your access to essential services, employment, credit, insurance, or legal rights; they do not perform biometric identification; and all outputs are advisory and subject to your own judgement and review.

Where you interact with an AI system directly (such as through the CHAT feature), you will be informed that you are communicating with an AI system at the commencement of your interaction. AI-generated content in the Service (including monthly reports and insight summaries) is labelled as such.

All AI API requests are processed through Vercel AI Gateway with zero-day (0-day) data retention. Prompt data and responses are not stored by the gateway after the request completes. AI providers (Anthropic, OpenAI) operate under commercial API terms that prohibit use of API data for model training.

For questions about our AI Act compliance, contact privacy@puzzlepiece.app.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify you by email (to the address associated with your account) at least 14 days before material changes take effect
• Display a prominent notice within the app for significant changes
• Where required by law, seek your renewed consent before processing your data under the updated terms

Your continued use of the Service after the effective date of an updated policy constitutes your acceptance of the changes, to the extent permitted by law. If you do not agree with material changes, you may delete your account before the effective date.

We maintain a version history of this policy. To request a previous version, contact us at privacy@puzzlepiece.app.

17. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

We aim to acknowledge all privacy enquiries within 3 business days and to resolve them within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Andmekaitse Inspektsioon (Estonian Data Protection Authority) at aki.ee, Tatari 39, 10134 Tallinn, Estonia.