DelaPrivacy Policy
Last updated: May 26, 2026
This Privacy Policy explains how Dela Health ("Dela," "we," "our," or "us") collects, uses, discloses, stores, and protects information when you use the Dela mobile application, related websites, support channels, and related services (collectively, the "Services"). References to "we" and "us" include our affiliates, contractors, and service providers acting on our instructions.
Important: Dela is a wellness and education product, not a medical device, emergency service, or substitute for professional medical advice. Please do not rely on the Services for diagnosis, treatment, contraception, fertility planning, or urgent care decisions.
Dela is not a healthcare provider, insurer, or health plan, and the Services are not intended to be used as a HIPAA-covered service unless we enter into a separate written agreement that says otherwise.
By using the Services, you acknowledge that some information you choose to provide may be sensitive health or reproductive data. If you do not agree with this Privacy Policy, please do not use the Services.
Our Privacy Commitments
- We do not sell your personal information. Not now, not ever — including reproductive, cycle, and health data.
- We do not share your data for cross-context behavioral advertising and do not embed third-party ad-tracking SDKs in the app.
- We do not use your personal data to train machine-learning models for use outside of providing the Services to you.
- We minimize what we collect. If a feature can work without a given data point, we try not to ask for it.
- We respond narrowly to law-enforcement requests. See Section 5.3 — we comply only with the minimum legally required, push back on overbroad requests, and notify you when we are legally permitted to do so.
- Encryption in transit and at rest using industry-standard mechanisms provided by our hosting infrastructure.
- You can delete your account and your data from inside the app at any time.
1. Scope of this Policy
This Policy applies to information collected through the Services and through direct communications with us about the Services. It does not apply to third-party websites, app stores, device manufacturers, healthcare providers, payment processors, or services we do not control, even if they are linked from Dela.
This Policy is intended to describe our data practices and does not create contractual rights beyond those provided under applicable law.
2. Information We Collect
2.1 Information you provide directly
We collect information you submit when you use Dela, including:
- Account details such as email address, sign-in identifiers, and profile name
- Age, date of birth, or other demographic information you choose to provide
- Cycle, period, fertility, pregnancy, symptom, mood, sleep, medication, birth control, and wellness entries
- Goals, preferences, reminder choices, and onboarding responses
- Notes, journal entries, support messages, survey responses, and feedback
- Content you post in community or social features, including comments and reactions
2.2 Sensitive data — including reproductive and sexual-health data
Some information you enter into Dela may be considered sensitive personal data, sensitive health data, or "consumer health data" under applicable law (including reproductive health, sexual wellness, pregnancy, fertility, symptoms, medications, and health-condition information). You choose whether to provide this information, but some features cannot function without it. We treat this information with the heightened safeguards described throughout this Policy, including the law-enforcement posture in Section 5.3.
2.3 Information collected automatically
When you use the Services, we may automatically collect:
- Device information such as device model, operating system, app version, language, time zone, and identifiers needed for security or notifications
- Usage data such as feature interactions, session events, diagnostics, and approximate timestamps (only when the relevant analytics or crash-reporting consents are on)
- Crash reports, performance data, and error logs to help us troubleshoot and improve the Services (only when crash reporting is on; you can disable this in Settings > Privacy)
- Notification tokens and delivery metadata when push notifications are enabled
We do not collect precise location, advertising identifiers, or third-party tracking pixels.
2.4 Information from third parties
If you sign in using Apple, Google, or another identity provider, we may receive limited account information such as your name, email address, unique account identifier, and authentication metadata made available by that provider. If you contact us through third-party channels, we may also receive the information you choose to share there.
3. How We Use Information
We use personal information and health-related information to:
- Provide, maintain, personalize, and improve the Services
- Create cycle predictions, reminders, wellness summaries, and in-app insights based on the information you enter
- Authenticate users, secure accounts, prevent abuse, and detect bugs or fraud
- Respond to support requests and communicate about updates, safety issues, and policy changes
- Measure usage, monitor performance, and improve product quality (only when analytics consent is on)
- Comply with legal obligations, enforce our terms, and protect the rights, safety, and security of Dela, our users, and others
We do not use your personal information for advertising, profiling for advertising purposes, or to train machine-learning models for use outside of providing the Services to you.
4. Legal Bases and Consent
Where required by law, we rely on one or more legal bases to process information, including your consent, performance of our contract with you, our legitimate interests in operating and improving the Services, and compliance with legal obligations. For sensitive data (Section 2.2), we generally rely on your explicit consent. Where we rely on consent, you may withdraw it at any time in Settings > Privacy, but doing so may limit or disable features that depend on the relevant data.
5. When We Disclose Information
5.1 What we do not do
We do not sell your personal information, do not share your data for cross-context behavioral advertising, and do not give bulk health data to data brokers, marketing companies, or advertising networks.
5.2 When we do share
- Service providers and processors: We work with vendors that help us host infrastructure, provide authentication, send notifications, measure crashes or performance, and support operations. These vendors are permitted to process data only on our instructions and subject to appropriate restrictions, including written confidentiality and data-protection terms where applicable.
- At your direction: We may disclose information when you ask us to, such as when you use community features, export data, or connect third-party services.
- Business transfers: Information may be disclosed as part of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality and legal safeguards. Any successor will be bound to honor commitments at least as protective as this Policy with respect to data collected before the transfer.
- Aggregated or de-identified information: We may use and disclose information that has been aggregated or de-identified so that it no longer reasonably identifies you, where permitted by law.
5.3 Law enforcement, legal process, and government requests
Reproductive and sexual-health data is among the most sensitive information we hold. We take a deliberately narrow approach to government and law-enforcement requests:
- We require valid legal process (such as a properly issued and lawfully served subpoena, court order, or warrant) before disclosing user information. Voluntary requests, informal inquiries, and bulk demands for user information are declined.
- We disclose only the specific information that is legally required and that is narrowly responsive to the request, and we push back on requests we believe are overbroad, vague, or improper under applicable law.
- We notify you when a legal request seeks your information, unless we are legally prohibited from doing so (for example, by a non-disclosure order). When prohibited, we will provide notice as soon as the prohibition expires where reasonably practicable.
- We may use, preserve, or disclose information without notice if we believe in good faith that doing so is necessary to prevent imminent harm to a person, to address a credible threat to safety, or to comply with a clearly applicable emergency disclosure exception.
- We do not voluntarily share user information with law enforcement to assist in the investigation or prosecution of reproductive-health decisions or outcomes that are legal where the user resides.
Infrastructure providers we use as of the Last Updated date: Supabase (account, sync, database), Firebase (push messaging, crash reporting if you opt in), Apple and Google (sign-in if you choose those options). These providers may store data in their own infrastructure under their own privacy policies; we limit what we send them to what each service requires.
6. Community and Public Features
If you use community, chat, or other social features, the information you choose to post may be visible to other users. Please avoid sharing information you do not want others to see, copy, or discuss. We are not responsible for how other users use or re-share information you voluntarily make visible in community spaces. If you need to remove content from public view, contact us at [email protected].
7. Storage, Retention, and Deletion
We store data on your device and in cloud systems used to operate the Services. We retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Policy, resolve disputes, enforce our agreements, comply with legal obligations, and protect against fraud or misuse.
- Account and health data are kept while your account remains active.
- Account deletion: You can delete your account in Settings > Account at any time. We will delete or de-identify your personal and health data within 30 days of a confirmed deletion request unless retention is required or permitted by law.
- Local copies on your device persist until the app is reset or uninstalled. App removal does not always wipe synced data from the cloud — use Settings > Account to delete cloud data.
- Backups and security logs may persist in our infrastructure for up to 90 days after deletion before they are overwritten or securely removed.
- Aggregated or de-identified data derived from your information may be retained indefinitely where permitted by law.
- Minimal records of legal or safety actions (for example, a record that an account was deleted at user request, or that a community report was processed) may be retained to comply with law, defend legal claims, or prevent repeat abuse.
8. Data Security
We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, or alteration. Specifically:
- Data is encrypted in transit (TLS) between the app and our cloud infrastructure.
- Data is encrypted at rest in our cloud database provider's storage, using their managed key infrastructure.
- Access to production data is restricted to authorized personnel under role-based access controls and is logged.
- We patch dependencies, monitor for vulnerabilities, and follow industry-standard secure-development practices.
No method of transmission, storage, or security control is completely secure. We cannot guarantee absolute security, but we will notify affected users in the event of a confirmed data breach involving their personal information, as required by applicable law.
9. International Data Transfers
Dela may operate from, store data in, or use vendors located in countries other than your own. If you are located in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with cross-border-transfer rules, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses or recognized adequacy decisions) where required by applicable law.
10. Your Choices and Rights
Depending on where you live and subject to applicable law, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and personal information
- Export a portable copy of your data
- Object to or restrict certain processing
- Withdraw consent for processing that relies on consent
- Lodge a complaint with your local data-protection authority
- Not be discriminated against for exercising any of these rights
You can manage many of these directly inside the app — profile entries, notifications, privacy toggles (analytics, crash reports, personalized recommendations), and account deletion live in Settings.
To submit a privacy request that cannot be completed in-app, contact us at [email protected]. We may ask you to verify your identity before acting on a request, and we may limit or decline requests where permitted by law, including where the request is manifestly unfounded, excessive, technically infeasible, or would adversely affect the rights of others.
11. Region-Specific Disclosures
11.1 EEA, UK, and similar jurisdictions (GDPR / UK GDPR)
If you are located in the EEA, UK, or another jurisdiction with similar laws, you may have rights to access, erasure, rectification, portability, restriction, objection, and complaint to a data protection authority. Where we process sensitive health data, we do so on the basis of your explicit consent (Article 9(2)(a) GDPR) or another lawful basis permitted by applicable law. Our representative for GDPR purposes, if required, will be appointed before launching in the relevant jurisdictions and listed here.
11.2 California (CCPA / CPRA)
If you are a California resident, you have rights to know, access, correct, delete, and obtain a portable copy of personal information we hold about you, the right to limit use and disclosure of sensitive personal information, and the right to non-discrimination. Dela does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
11.3 Washington (My Health My Data Act)
If you are a Washington resident, the categories of consumer health data we collect are described in Sections 2.1 and 2.2. We collect this data with your consent, use it only for the purposes described in Section 3, and share it only as described in Section 5. You may withdraw consent or request deletion of your consumer health data through the in-app controls or by contacting us.
11.4 Other U.S. state privacy laws
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, and other states with applicable comprehensive privacy laws may have similar rights. We respond to verifiable consumer requests as required by those laws.
12. Children's Privacy
Dela is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information in violation of applicable law, please contact us and we will take appropriate steps. If local law requires a higher minimum age (such as 16 in some EEA member states) or parental authorization, you may use the Services only in compliance with those rules.
13. Algorithmic Processing and AI
Dela uses statistical and rule-based algorithms (for example, to estimate next-period dates, fertile windows, and phase guidance) and may incorporate machine-learning models in the future. When we do:
- Predictions are estimates based on the data you provide and on general statistical patterns. They are not medical advice and should not be relied on for contraception or fertility planning (see also our Terms of Service).
- We do not use your personal information to train machine-learning models for use outside of providing the Services to you.
- You can disable analytics and personalized recommendations in Settings > Privacy.
14. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services, by email, or by other reasonable means, and where required by law we will obtain your consent before the changes take effect for previously collected data. The revised version becomes effective when posted unless otherwise stated.
15. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at [email protected].