Femfital

Legal

Privacy Policy

Last updated: March 31, 2026

FemFital Private Limited ("FemFital," "Company," "we," "us," or "our") operates the FemFital mobile application (iOS and Android) and the website femfital.com (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information and sensitive personal data or information when you use our Platform.

This Privacy Policy is published in compliance with Section 43A of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Digital Personal Data Protection Act, 2023 ("DPDPA"), the General Data Protection Regulation ("GDPR") where applicable, and Apple App Store Review Guidelines Section 5.1.1.

By accessing or using the Platform, you consent to the collection, use, storage, and disclosure of your information as described in this Privacy Policy. If you do not agree, please discontinue use of our Platform immediately.

Information We Collect

Personal Information

  • Name and email address — collected during account creation via our authentication provider
  • Google or Apple sign-in profile data — name and email from your social login provider

Sensitive Personal Data or Information (SPDI)

The following constitutes Sensitive Personal Data or Information under the SPDI Rules, 2011. All health data is manually entered by you. We do not integrate with Apple HealthKit or any device health APIs. We require your explicit consent before collecting this data.

  • Menstrual cycle information — last period date, cycle length, regularity
  • Daily journal entries — mood, energy, sleep quality, symptoms
  • Fitness assessment scores — strength, cardio, mobility, recovery, functional fitness
  • Meal plan confirmations — whether you ate, swapped, or skipped a meal

Device & Technical Data

  • Push notification token — for session reminders only
  • We do not collect location data, access your camera, or microphone
  • No data is stored in iCloud or any cloud backup service

Legal Basis for Processing

We process your personal data on the following legal bases:

Consent

You have given explicit consent for processing your sensitive personal data

Contract

Processing is necessary for the performance of our services to you

Legitimate interest

To improve our Platform, prevent fraud, and ensure security

Legal obligation

To comply with applicable laws and regulations

How We Use Your Data

  • Personalize your wellness score and training recommendations
  • Show cycle-phase context to guide your training
  • Enable your assigned coach to view your readiness before sessions (only your assigned coach)
  • Send essential notifications — session reminders and cancellations only
  • Respond to your inquiries and provide customer support
  • Comply with applicable legal obligations

What We Do NOT Do

×No health data used for marketing or advertising
×No data sold to third parties
×No third-party analytics SDKs
×No behavioral tracking or analytics
×No data mining of your information
×No Apple HealthKit integration

Data Storage & Security

We implement reasonable security practices and procedures as required under the SPDI Rules, 2011, including but not limited to:

Server

PostgreSQL database with Row Level Security — you can only access your own data

On-device

Encrypted SQLite database for health journal data

Auth tokens

Stored in iOS Keychain / Android Keystore

Network

All API communication secured with TLS 1.3 encryption

Security disclaimer: We endeavor to protect the privacy of your account and personal information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Any transmission of information by you to our Platform is at your own risk. We shall not be responsible for any breach of security or the disclosure of personal data for reasons outside our reasonable control, including but not limited to hacking, social engineering, cyber terrorism, or any events by way of force majeure such as sabotage, fire, flood, explosion, acts of God, civil commotion, strikes, riots, insurrection, war, or acts of government.

Third-Party Services

We use a limited number of third-party services, each with specific and restricted access to your data. No health or wellness data is shared with any third party for marketing, advertising, or data mining purposes.

Authentication provider

Account sign-in

Name, email only

Database provider

Secure data hosting

All user data (encrypted at rest)

Notification service

Push notifications

Device token only (no health data)

Payment processor

Website payments

Payment info only (no health data)

No other third parties have access to your data. We will make best efforts to ensure that any third party to whom data is transferred affords the same level of data protection as provided under applicable Indian law.

Disclosure of Information

We may disclose your personal information in the following circumstances:

  • When required by law, regulation, legal process, or governmental request
  • To enforce our Terms of Service or protect our rights, property, or safety
  • To protect the rights, property, or personal safety of our users or the public
  • In connection with a merger, acquisition, reorganization, or sale of assets, subject to the acquiring entity honoring this Privacy Policy
  • With your explicit consent

Your Rights

Under the DPDPA 2023, SPDI Rules 2011, and GDPR (where applicable), you have the following rights:

AccessView all your data within the app (Profile section). You may also request a copy by contacting us.
ExportDownload all your data as JSON (Profile → Delete My Data → Export)
CorrectionRequest correction of inaccurate or incomplete personal data
DeletePermanently delete all your data (Profile → Delete My Data → Delete Everything)
Withdraw consentWithdraw consent at any time. Deleting your account removes all data. Withdrawal does not affect prior lawful processing.
NotificationsOpt out of push notifications via device settings or per notification type in the app
GrievanceLodge a complaint with our Grievance Officer or the relevant data protection authority

Data Retention

  • Data retained while your account is active and as necessary to provide you our services
  • On account deletion: all server data permanently removed within 30 days
  • Local encrypted data on your device deleted immediately upon account deletion
  • No backups retained after deletion
  • We may retain anonymized, aggregated data that cannot identify you for analytical purposes
  • Certain data may be retained longer if required by law or for legitimate business purposes such as resolving disputes or enforcing agreements

Children’s Privacy

Our Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are under 18, you must have parental or guardian consent to use the Platform. If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will take steps to delete such information from our servers immediately.

Limitation of Liability

To the fullest extent permitted by applicable law, FemFital Private Limited, its directors, employees, and agents shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising out of or in connection with any breach of security or unauthorized disclosure of your personal information, including but not limited to:

  • Loss of data, profits, revenue, or business
  • Unauthorized access to or alteration of your data
  • Any conduct of third parties on the Platform

Our aggregate liability in connection with this Privacy Policy shall not exceed the total fees paid by you to us in the twelve (12) months preceding the event giving rise to the claim.

Legal Compliance

This Privacy Policy is designed to comply with:

IT Act, 2000

India — Section 43A

SPDI Rules, 2011

India — IT Act Rules

DPDPA 2023

India — Digital Personal Data Protection

GDPR

European Union

App Store Guidelines

Apple — Section 5.1.1

Consumer Protection Act

India — 2019

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you via email or in-app notification. Your continued use of the Platform after such changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

Grievance Officer & Contact

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, the details of our Grievance Officer are:

Grievance Officer

FemFital Private Limited

Email: support@femfital.com

Grievances will be addressed within 15 days of receipt in accordance with applicable law.

Email

support@femfital.com

WhatsApp

+91-9916323331