This privacy policy explains how Zenkolabs LLC ("we," "us," "our") collects, uses, and protects your information when you use Tide — a cycle tracking app built to help you understand your body's patterns.
We believe your health data is deeply personal. We've built Tide with privacy in mind from day one, and this policy is written in plain language so you actually know what's happening with your data.
Tide is available at tide.zenkolabs.com.
Tide helps you track your menstrual cycle, log pad changes, view derived insights such as Body Connections, and review analytics in the Tides tab. Tide uses your logged data to estimate future cycle dates and send you helpful reminders — but Tide is not medical advice, and predictions are estimates, not guarantees.
If you sign in with Apple, we also receive your Apple-provided identifier (and your email, if you choose to share it). If you sign in with Google, we receive the identifier Google provides and your email.
Body Connections is a derived view of patterns in your logs, and Tides insights are computed analytics. Both are generated in memory when you open the app — they are not stored on our servers or in your device cache as separate records.
We use your data to:
We do not sell your data. We do not use your health data for advertising. We never will.
Because cycle and daily-log data is health-related, we treat your in-app entries as your explicit consent to process this information for the purposes above. You can withdraw this consent at any time by deleting your account.
Tide sends local notifications — including daily phase nudges, pad-change reminders, and cycle alerts — generated entirely on your device using Flutter's local notification system. We do not send remote push notifications. We do not use Firebase Cloud Messaging or any other push service. No notification content leaves your phone.
Tide does not integrate with Apple HealthKit. We do not read from HealthKit and we do not write to HealthKit. None of your Tide data is shared with HealthKit, and none of your HealthKit data flows into Tide.
Tide does not engage in cross-app tracking. We do not collect Apple's IDFA (Identifier for Advertisers), and Firebase Analytics is configured without IDFA collection. Because there is no tracking across other companies' apps or websites, Tide does not show the App Tracking Transparency (ATT) prompt.
The Tide website at tide.zenkolabs.com uses only essential cookies needed for the site to function. We do not run web analytics, advertising trackers, or third-party measurement scripts on the site.
We use a small number of trusted US-based services to run Tide. Here's exactly who they are and what they do.
Supabase (United States) — Our backend database and authentication provider. Your account profile and your synced cycle, daily-log, pad-change, and notification-preference data are stored in Supabase.
Firebase Analytics (Google, United States) — Collects pseudonymous, aggregated usage data to help us understand how people use Tide. We do not collect IDFA.
Firebase Crashlytics (Google, United States) — Collects crash reports and performance data. No personal health data is included in crash reports.
Resend (United States) — Our transactional email provider. Resend processes your email address solely to deliver account-related emails (verification, password reset, deletion confirmations).
RevenueCat (United States) — Integrated for future subscription management. No purchase or financial data is currently collected through RevenueCat. When Tide introduces optional premium features in the future, RevenueCat will manage subscription status. We will update this policy with the details before any paid features launch.
We do not share your data with any other third parties. Only Supabase receives your cycle records, daily logs, and pad-change data, and only as our backend storage provider.
Your cycle records, daily logs, and pad-change logs are health-related information. We treat all of this data with extra care:
Tide is a consumer wellness app and is not a HIPAA-covered entity. While we follow strong privacy and security practices, Tide is not subject to HIPAA regulations. If you have questions about how your health data is handled, please contact us.
All Tide data is stored and processed in the United States. Our backend database runs on Supabase in the US East (Ohio) region (us-east-2). All of our sub-processors — Supabase, Firebase, Resend, and RevenueCat — are US-based companies that process data in the United States. Tide is not distributed in the European Economic Area or the United Kingdom.
If you sign in with Apple and choose to hide your email, Apple gives Tide a private relay address instead of your real email. We treat this relay address exactly like any other email address — we use it only for the purposes described in this policy, and we never attempt to deanonymize it.
If we confirm a personal-data breach that affects your information, we will notify affected users within 72 hours of confirming the incident, describing what happened and what steps you should take.
You have rights over your data. Here's what you can do:
Access your data. You can view everything you've entered in Tide at any time within the app.
Correct your data. You can edit or update any of your entries directly in the app.
Request a copy of your data. Self-serve export is on our roadmap. In the meantime, email us at tide@zenkolabs.com and we'll send you a copy of your data within 30 days.
Delete your data. You can delete your entire account and all associated data from within the app (Me tab → Delete my account → confirm). See our Account Deletion Instructions for full details. You can also email tide@zenkolabs.com to request deletion; we process email requests within 30 days.
Withdraw consent. Where we rely on your consent to process health data, you can withdraw it at any time by deleting your account. This won't affect the lawfulness of any processing carried out before withdrawal.
If you're a California resident, you have rights under the California Consumer Privacy Act:
Right to know. You can request details about the personal information we've collected about you and how we use it.
Right to delete. You can request deletion of your personal information, subject to certain narrow exceptions.
Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights.
No sale or share for advertising. Tide has never sold personal information, and we do not "share" personal information for cross-context behavioral advertising.
To exercise your rights, email us at tide@zenkolabs.com. We will verify your identity and respond within 45 days.
Tide is not distributed in the European Economic Area or the United Kingdom, and we do not market the app to users there. We have not appointed an EU representative or a Data Protection Officer. If you believe a privacy question affects you and falls outside the rights described above, email us at tide@zenkolabs.com and we'll do our best to help.
We keep your data for as long as you have an active Tide account. If you delete your account:
See our Account Deletion Instructions for full details on what gets deleted and the timeline.
Tide is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account, please contact us at tide@zenkolabs.com and we will remove the account.
If we make meaningful changes to this policy, we'll notify you through the app or by email before the changes take effect. We won't reduce your rights under this policy without your explicit consent.
If you have any questions about this privacy policy or how your data is handled, we'd like to hear from you:
Email: tide@zenkolabs.com Website: tide.zenkolabs.com
This privacy policy was written by real humans at Zenkolabs LLC. We believe privacy policies should be readable, not just legally compliant.