Privacy Policy

Effective date: June 29, 2026 · Last updated: July 4, 2026

This Privacy Policy explains how Better Applications LLC, a New Jersey limited liability company doing business as GloStack (“GloStack,” “we,” “us,” or “our”), handles information in connection with the GloStack mobile application and our website (the “Service”), and the rights and choices you have.

GloStack is not a HIPAA “covered entity,” so HIPAA does not directly govern the Service. Your information is instead protected by keeping it on your device, by this Policy, and by consumer health privacy laws — including the Washington My Health My Data Act, Nevada SB 370, the California Consumer Privacy Act, and, for California residents, the Confidentiality of Medical Information Act (CMIA), which applies to reproductive and sexual health apps and which we comply with.

1. Where Your Data Lives

GloStack currently stores the information you log — your cycle data, symptoms, mood, energy, sleep, and the compounds, doses, courses, schedules, and notes you enter — locally on your device only. This information is not transmitted to us, is not collected by us, and is not stored on any server we control. We do not have access to it. Sign in with Apple is optional: if you use it, an identifier provided by Apple is stored in your device’s Keychain, and the name Apple shares on first sign-in is stored on your device to prefill your profile. Neither is transmitted to us, and no server-side account is created; you can also skip sign-in entirely and use the App as a guest. If you grant permission to Apple HealthKit, that data is read and processed on your device. If you use Apple’s iCloud Backup or back your device up to a computer, your device backup may include App data; that backup is created and stored under your Apple account (or on your computer) and governed by Apple’s terms and privacy policy — it is not transmitted to us and is not stored on any server we control. Because your information lives on your device, you are responsible for your device’s security (such as your device passcode and biometric lock), and we are not able to recover your information if you delete the App or reset your device, or your device fails. If a future version of the App introduces server-side accounts, cloud sync, or any feature that transmits your information off your device, we will update this Policy and obtain your consent where required before that change applies to you.

2. What Each Feature Stores on Your Device

In short: each feature stores what it needs on your device. None of this is sent to us.

FeatureInformation stored on your devicePurpose
Onboarding Your selected cycle experience (e.g., regular / irregular cycles / stopped or on hormone therapy) and preferences Personalizing how information is framed; nothing is inferred beyond your selection
Sign in with Apple (optional) An identifier provided by Apple (stored in your device Keychain); the name Apple shares on first sign-in Recognizing you on your device; prefilling your profile name
Cycle tracking Cycle dates, flow, characteristics, and related notes you log Displaying your history; generating phase labels and period estimates
Symptom, mood, energy & sleep log The entries you log on the unified timeline Displaying your history; powering the pattern features you open
Compound tracking (Compounds, Courses, Schedules, Titration, Stacks, Doses) The compound names, doses, units, patterns, schedules, and timing you enter Displaying and organizing your regimen records; reminders you set
Insights / patterns No new data — computed on your device from the entries above Showing observational summaries of your own data
Reminders & notifications Your notification preferences and reminders, scheduled through iOS Delivering the reminders you configure
Apple HealthKit (optional) Only the data types you authorize in iOS (e.g., cycle data, sleep); read and used on your device Reading/writing the categories you choose; see Section 9
Exports & reports No new data — generated on your device from your entries on request Producing the file you asked for
Support (if you contact us) Your message and the contact details you choose to share Helping you

The only information that reaches us is what you choose to send us directly — for example, if you email our support address. We do not receive anything you log in the App.

3. What We Do Not Collect

Because GloStack runs on your device and we operate no analytics or backend that receives your information, we do not collect the categories of data many apps do. Specifically, we do not collect: the information you log in the App; your precise GPS location (and we never use geofencing); your contacts; your photo library (any future attach-a-photo feature would be optional and on-device); the advertising identifier (IDFA); usage analytics or behavioral tracking; or anything via advertising, ad-attribution, or social-media SDKs — none are present in the App.

If GloStack is downloaded from the Apple App Store, Apple processes certain information (such as your purchase and download activity) under Apple’s own privacy policy; that processing is between you and Apple. Apple’s App Store also makes available to us only aggregate, non-identifying statistics (for example, total downloads), which do not identify you.

4. How Information Is Used

The information you log is used on your device to provide the features you use: displaying your history; generating cycle estimates, phase labels, schedules, and reminders; computing the pattern and Insight views you open; and producing exports you request. Because this processing happens on your device and we do not receive the information, we do not use it for any other purpose.

We do not use your information for targeted advertising; we do not “sell” or “share” personal information as those terms are defined by the California Consumer Privacy Act; we do not sell consumer health data under any state law; and we do not engage in profiling that produces legal or similarly significant effects. If you contact us for support, we use the information you send only to respond to you.

5. Consent for Health Data

The information you log — including cycle, symptom, mood, and compound information (“Health Data”) — is collected and stored only on your device, at your direction, when you choose to enter it. We do not receive it. Because it stays on your device and is not shared with us or with third parties, the App does not require a separate data-sharing consent to operate today. You remain in control: you can edit or delete any entry at any time, and you can revoke Apple HealthKit permission at any time in iOS Settings. If a future version of the App introduces any feature that transmits Health Data off your device or shares it with a third party, we will first obtain your separate, affirmative, opt-in consent through a standalone consent step, and we will never bundle unrelated uses into one consent.

6. Third-Party Services We Rely On

In short: GloStack relies on Apple to distribute and run the App. We do not use cloud-hosting, analytics, advertising, or other data-collecting vendors.

ServiceRoleWhat it involves
Apple (App Store, iOS, HealthKit, notifications) Distributes the App, runs it on your device, delivers the reminders you schedule, and — only if you permit — provides HealthKit access Your purchase/download activity is handled by Apple under Apple’s privacy policy; reminders are scheduled through iOS on your device; HealthKit data is used only per your iOS permissions and stays on your device

We do not currently use cloud hosting or databases, subscription-management vendors, analytics or crash-reporting providers, advertising or attribution SDKs, or AI processing vendors. If we ever add any such service, we will update this Policy to name it and describe what it does before that service handles your information.

If you email our support address, that correspondence is handled by our business email provider (Google Workspace) under its terms and data processing commitments. Please do not include sensitive health details in support emails — we do not need them to help you, and email is not a secure channel for health information.

Notably absent by design: no advertising networks, no ad-attribution or install-tracking SDKs, no social-media pixels, and no data brokers — in an app that handles cycle and compound data, those are how health information leaks, and we have excluded them.

7. Other Circumstances Where Information May Be Shared

Because the information you log stays on your device and we do not hold it, there is generally nothing for us to share. The limited exceptions:

(a) Legal process. If we ever hold information about you (for example, a support email you sent us), we may disclose it only if we believe in good faith that disclosure is required by law — for example, a valid subpoena, court order, or warrant — or is strictly necessary to protect someone’s life or physical safety or to establish or defend our legal rights, always subject to Section 8. We cannot produce information we do not have, including the data stored only on your device.

(b) Business transfers. In a merger, acquisition, financing, reorganization, bankruptcy, or asset sale, any information we hold may transfer to the successor, who must honor this Policy’s commitments (including no-sale, no-advertising-use, and Section 8) for previously collected information or obtain your fresh consent; we will notify you of the transfer and your choices.

(c) At your direction. When you choose to export your data or generate a report and share it, you control where it goes; we are not involved in that transfer.

8. Our Commitments on Reproductive and Other Sensitive Health Data

Because GloStack stores menstrual and reproductive health information on your device and not on our servers, we do not hold this information and cannot be compelled to produce data we do not have. In addition, we commit that: (a) we will never voluntarily provide any Health Data in our possession to law enforcement or government agencies, and require valid, binding legal process before considering any disclosure; (b) we will scrutinize every request, challenge or narrow overbroad or improper demands, and produce only the minimum legally compelled; (c) unless legally prohibited (e.g., by a gag order), we will notify you before any disclosure so you can object; (d) consistent with applicable shield laws — including California law applicable to reproductive and sexual health apps — we will not disclose information related to a person seeking or obtaining lawful reproductive health care in response to out-of-state legal process premised on another state’s interference with such care, except where compelled by binding law; and (e) we minimize by design — no precise location, no geofencing, and on-device storage so that there is no central store of your reproductive data to be breached, sold, or demanded.

9. Apple HealthKit

If you connect Apple HealthKit, HealthKit data is read and used on your device solely to provide the features you request. We never use it for advertising, marketing, or use-based data mining; we never sell it or disclose it to advertising platforms, data brokers, or information resellers; and we do not transmit it to any server we control. Because HealthKit data is processed on your device, it is shared with a third party only if you yourself choose to export and share it (for example, with your healthcare provider). Your iOS privacy settings and Apple’s terms also govern, and you can revoke HealthKit permissions in iOS Settings at any time.

10. Cookies, Analytics, and Tracking Signals

The App contains no third-party advertising SDKs, no analytics SDKs, and no social-media pixels. Our website, if and where it uses cookies, uses only strictly necessary cookies; where required we request consent, and we honor Global Privacy Control (GPC) signals as a valid opt-out of any “sale”/“sharing” (which we do not do). Because we do not track visitors across websites or over time, browser “Do Not Track” signals do not change our practices — there is no tracking to disable.

11. Data Retention and Deletion

Because the information you log is stored only on your device, you control retention and deletion directly. You can delete any individual entry in the App at any time, and deleting the App from your device removes the information stored there. We do not retain copies on servers, because we never receive your information in the first place. If you have contacted our support address, we retain that correspondence only as long as needed to address your request and to keep reasonable records, and you may ask us to delete it.

12. Security

Your information is stored on your device and protected by your device’s own security, including your passcode and biometric lock (such as Face ID or Touch ID), which we encourage you to enable. Where your information is handled by Apple frameworks or services (such as HealthKit, or iCloud Backup if you have it enabled), Apple’s platform security applies. We design the App to keep your information on your device and to avoid transmitting it, which removes the central-server risks (breach, sale, or compelled disclosure of a database) that affect many other apps. No system is perfectly secure, and you are responsible for securing the device on which your information is stored. If we adopt any service that handles your information in the future, we will apply safeguards appropriate to its sensitivity and update this Policy.

13. Your Rights and Choices

Regardless of where you live, you can: access your data (it is all on your device, viewable in the App); correct it by editing entries; delete it (any entry, or all of it by deleting the App); and export it from the App. Because we hold no central store of your information and do not sell, share, or use it for advertising, many statutory rights (such as the right to opt out of sale or sharing) are satisfied by default — there is nothing to opt out of.

Exercising rights: for most rights, you act directly in the App. If you have a privacy question or a request about any information we may hold (such as support correspondence), email support@glostack.app. We will respond within the timeframe required by applicable law (generally 45 days, extendable once with notice), accept authorized agents with proof of authorization, and never discriminate against you for exercising your rights. If we decline a request, we will explain why, and you may appeal by emailing support@glostack.app with the subject “Privacy Appeal”; if you remain dissatisfied, you may contact your state Attorney General.

13.1 California

You have CCPA/CPRA rights to know, access, correct, delete, port, opt out of sale/sharing, and limit the use of sensitive personal information, without discrimination. The categories of information involved are described in Sections 2–3; it is stored on your device, used to provide the features you use, and not disclosed to third parties except as described in Sections 6–7. We do not sell or share personal information and have not in the preceding 12 months, and we have no actual knowledge of selling or sharing the personal information of consumers under 16. Because GloStack handles reproductive and sexual health information, the California Confidentiality of Medical Information Act (CMIA) applies to us as if we were a provider of health care for its purposes: we preserve the confidentiality of your medical information, do not disclose it without authorization except as the CMIA permits, and apply Section 8 to law-enforcement and out-of-state requests. Shine the Light (Civ. Code § 1798.83): we do not disclose personal information to third parties for their direct marketing.

13.2 Washington and Nevada (Consumer Health Data)

Our Consumer Health Data Privacy Policy under the Washington My Health My Data Act and Nevada SB 370 is published at its own link: https://glostack.app/consumer-health. You additionally have the rights to: confirm whether we collect, share, or sell consumer health data and access it; withdraw consent; and have it deleted. As described throughout this Policy, your consumer health data is stored on your device, we do not share or sell it, and we do not use geofencing around health-care facilities.

13.3 Colorado, Connecticut, Virginia, Texas, Oregon, and other states

You have the rights to access, correct, delete, and port personal data; to opt out of targeted advertising, sale, and significant profiling (we do none); and to appeal as above. Connecticut residents: the CTDPA’s consumer health data provisions apply to your Health Data, and our Consumer Health Data Privacy Policy describes our practices.

14. Breach Notification

If a security incident results in unauthorized acquisition or disclosure of unsecured identifiable health information that we hold, we will notify you without unreasonable delay and within the timelines required by law — including under the FTC Health Breach Notification Rule (no later than 60 days after discovery, with notice to the FTC and, where 500+ residents of a state are affected, to media) and applicable state laws — telling you what happened, what information was involved, and what we are doing. Because your information is stored on your device rather than on our servers, the risk of a server-side breach of your logged data does not arise from our systems.

15. Children

The Service is for adults 18 and older. We do not knowingly collect information from anyone under 18; report any concern to support@glostack.app.

16. Where We Operate

GloStack is operated from the United States. The App is not available in the European Union or European Economic Area. Wherever you use the App, the information you log is stored on your own device.

17. Changes to This Policy

We will post updates with a new “Last Updated” date and give prominent notice of material changes, for example within the App or on our website. Where applicable law requires it — including for any new or materially different collection, use, or sharing of Health Data — we will obtain your fresh, affirmative consent before the change applies to you. Continued use after non-material changes take effect constitutes acceptance.

18. Contact

Better Applications LLC
Operator of GloStack
Email: support@glostack.app

Terms of Service: https://glostack.app/terms/

Privacy Policy: https://glostack.app/privacy/