Privacy Policy
Last updated: July 1, 2026
This Privacy Policy explains how Grow Labs LLC (“Grow Labs,” “we,” “us,” or “our”) handles your information when you use the Safr mobile application and related services (the “Service”). By using Safr, you agree to the practices described here. For UK and EU data-protection law, Grow Labs LLC is the data controller.
1. Where your data lives
Safr is built to keep your sensitive information with you. The cycle and health data you log, your onboarding answers, and your settings are stored locally on your device. That data is not sent to our servers as part of normal use. Specific, clearly labeled features are the exceptions: AI chat, optional photo analysis, connecting Oura, and (if you opt in) pseudonymous analytics, and each is described below.
2. Information we collect
a. Information you provide (stored on your device)
- Profile: your name (if you enter one), birth year, and cycle details such as cycle length, period length, cycle history, and last period start.
- Cycle & health logs: period, intercourse, discharge, cervical-mucus, symptom, Plan B / emergency-contraception, and LH-test logs.
- Onboarding answers: such as why you use Safr and your cycle-related preferences.
- Support messages: what you send us when you contact support.
b. Data from Oura (only if you connect it)
If you choose to connect Oura, you authorize Safr, through Oura's secure OAuth sign-in, to import overnight body-temperature data from the Oura cloud API. This is used to detect the temperature shift around ovulation and inform your cycle insights. Your Oura access tokens are stored in your device's secure keystore, and the token exchange is handled through our backend. Imported temperature is held with your other on-device data. You can disconnect Oura at any time from within Safr or from your Oura account; disconnecting clears the saved Oura tokens on your device and Safr stops importing new Oura data. To fully revoke Safr's access to your Oura account, you can also remove it at your Oura account (cloud.ouraring.com). Ōura Health Oy is based in the EU.
c. Apple Health (if you enable it)
If you grant access, Safr can read temperature data you have in Apple Health to support the same cycle insights. This stays on your device alongside your other data.
d. Usage analytics (only if you turn it on)
If you enable “Share usage data,” Safr sends limited, pseudonymous product analytics to PostHog, such as: which screens you open, which features you use and how you move through the app (for example taps, navigation between screens, calendar days you open, reminder and settings toggles you change, and whether you add, edit, or delete an entry, but never the contents of what you log), notification type, whether you allowed or declined system permission prompts (such as notifications and, for US users, Apple's App Tracking Transparency prompt), onboarding step progress, the goals you select for using Safr (you can pick more than one, such as fertility awareness, pregnancy risk estimation, or cervical mucus analysis, used to understand retention and improve the app), your approximate age in years (never your date of birth or birth year), and app version and platform. A random device identifier groups events from the same install. We do not attach your name or email, and we never send your detailed cycle, intercourse, symptom, or other logs. See Section 6.
We do not send any of the following to analytics: your name or email; your other onboarding answers (such as worry frequency or your birth-control method); your cycle length or period length; your pregnancy-risk estimates; your period, intercourse, mucus, symptom, Plan B, or LH-test details; your chat or AI conversation content; or your uploaded photos.
With the same opt-in, Safr also sends a few additional product signals to PostHog: a build channel tag (for example app_store or simulator) so we can exclude our own test and internal installs from analytics; for a subscription, whether it was a free trial and the amount and currency of the purchase; and wearable and Oura interaction events (for example tapping connect or disconnect on Oura, the result of the Oura permission prompt, which wearable you chose during onboarding, and tapping contact support). These describe how you use Safr; they never include your cycle, intercourse, symptom, Plan B, LH, or risk details, and the imported Oura temperature itself is never sent to analytics. The goals you select for using Safr (you can pick more than one, such as fertility awareness, pregnancy risk estimation, or cervical mucus analysis) and your approximate age are recorded for adults. For under-18s this depends on region: in the UK and EU/EEA Safr sends "unknown" for the goal and does not attach age (UK Children's Code), while elsewhere a user aged 16 or older who opted in has them recorded. We never record this for anyone under 16.
e. Subscriptions and diagnostics
- Subscriptions: purchases are processed by the Apple App Store (on iOS) or Google Play (on Android); we receive subscription status, not your full payment-card details.
- Diagnostics: basic crash and performance information to keep the app working.
3. How we use your information
- To provide Safr's core features, interpreting temperature trends and your logged cycle history to estimate fertile and non-fertile windows and produce personalized daily insights.
- To power AI chat and optional photo analysis when you use them.
- To operate, secure, maintain, debug, and improve the Service.
- To process subscriptions and prevent fraud and abuse.
- To provide support and respond to you.
- To comply with legal obligations.
We do not sell your personal information or your health data, and we do not use your health data for advertising.
4. AI chat and photo analysis
If you use Safr's AI chat, your message and a summary of your Safr data (such as your cycle dates, logged symptoms, intercourse and Plan B entries, and your in-app risk estimate) are sent, through our backend, to OpenAI in the United States so the assistant can give you a personalized answer. If you use optional photo analysis (for example, cervical-mucus or LH-test photos), the image you choose is sent the same way. The first time you use either feature, Safr asks for your explicit agreement before anything is sent, and if you don't agree, nothing is sent. We do not use these features to advertise to you or to sell your data. If you don't use these features, this data isn't sent.
5. How we share information (our processors)
We share information only as needed to run Safr, with service providers acting on our behalf:
- Ōura Health Oy (EU), source of the wearable temperature data you authorize.
- OpenAI: powers AI chat and optional photo analysis (via our backend).
- PostHog: pseudonymous product analytics, only if you opt in (Section 6).
- Singular: advertising attribution, US-only (on iOS, only after you allow Apple's tracking prompt; on Android, on by default for users 16+ with an opt-out in Settings; Section 6).
- Meta (Meta Platforms, Inc.): advertising measurement via Meta's SDK, US-only, under the same conditions as Singular (Section 6).
- Apple App Store: subscription payments on iOS.
- Google Play (Google LLC): subscription payments on Android.
- Superwall: subscription and paywall presentation.
- Our cloud hosting / backend: to run the AI proxy, the Oura token exchange, and data-deletion requests.
We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer. Each provider is bound by contractual confidentiality and security obligations.
6. Your consent choices
- Usage analytics is off until you opt in (“Share usage data,” in onboarding or Settings) and can be turned off any time. When it is off, Safr does not send your product-analytics events. The one exception is a single anonymous signal that records only that analytics was declined or turned off (so we can measure how many people opt in): it carries no name, email, device id, account, or IP-based location, only a coarse region (your country), and it creates no profile, so it cannot be linked back to you.
- Advertising attribution is US-only and limited to users 16 and over. On iOS it is controlled solely by Apple's App Tracking Transparency prompt: it is off unless you tap Allow, and if you tap Ask App Not to Track nothing is shared. On Android, where no such system prompt exists, it is on by default for eligible US users and you can turn it off at any time in Settings ("Share data with ad partners"). Outside the United States (including the UK, EU/EEA, and Canada) Safr does not share anything with ad networks at all, on either platform. When attribution is active, Safr shares two non-health events with our measurement partner Singular (which forwards them to ad networks including TikTok and Meta) and directly with Meta (Meta Platforms, Inc.) through Meta's SDK, so we can measure our ads: a "registration" signal when you finish onboarding (before any paywall, with no purchase details), and a subscription signal carrying the product, plan, amount, and currency when you subscribe. No health, cycle, intercourse, symptom, or risk data is ever included. On iOS, Safr uses Apple's privacy-preserving SKAdNetwork and only reads your device advertising identifier (IDFA) when you allow Apple's prompt; on Android the Google advertising ID is used and you can also reset or delete it in Android's own privacy settings.
- Oura is connected only when you explicitly authorize it, and you can disconnect at any time.
- AI chat and photo analysis ask for your explicit agreement before they first send your message or photo to OpenAI. If you don't agree, nothing is sent.
7. Legal bases (UK/EU users)
- Consent: for health-data processing, connecting Oura, and optional analytics. You may withdraw it at any time. (Advertising attribution does not run for UK/EU users at all; it is US-only, governed on iOS by Apple's tracking prompt and on Android by an on-by-default setting with an in-app opt-out.)
- Contract: to provide the Service you sign up for, including subscriptions.
- Legitimate interests: to secure, maintain, and improve the Service, balanced against your rights.
- Legal obligation: where the law requires processing.
8. Data security
We protect your information with technical and organizational safeguards. Most of your data stays on your device, in Safr's private app storage, which is protected by your device's built-in app data protection, which encrypts app storage at the file level and ties it to your device passcode. Sensitive credentials such as your Oura access tokens (if you connect Oura) are kept in your device's secure keystore (the iOS Keychain). Data sent to our backend or providers is encrypted in transit (HTTPS). No system is perfectly secure, but we work to protect your data and respond promptly to incidents.
If a data breach affects your personal data and the law requires it, we will notify you and the relevant authorities without undue delay.
9. Data retention
On your device: your data stays until you delete it in the app or remove the app.
Analytics, if you opt in: we retain product-analytics data (held by PostHog) for up to 2 years, after which it is deleted. On our current plan, event data is kept for about a year and any session data for 30 days, which are shorter. If you delete your data in the app or ask us to, we remove your analytics records sooner.
Deletion requests: when you delete your data in the app we erase it from your device, opt out and reset your analytics identifier, detach advertising attribution, and request erasure of the server-side analytics record tied to your device identifier. Server-side deletion is actioned within one month; copies in routine backups are overwritten within 90 days. We keep limited records only where the law requires it.
10. Your rights and how to use them
Depending on where you live, you may have the right to access, export, correct, delete, restrict, or object to processing of your data, and to withdraw consent. Safr gives you direct controls:
- Export (Art. 15 / 20): Settings → “Your data” → Export my data gives you a structured JSON copy of what Safr stores on your device.
- Delete (Art. 17): Settings → Delete all my data wipes your on-device data, opts out and resets analytics, detaches advertising attribution, and requests erasure of server-side analytics records tied to your device identifier.
- Withdraw consent: disconnect Oura, or turn off analytics / advertising attribution, in Settings; to withdraw consent for health-data processing, delete your data (Settings → Delete all my data), since Safr needs that data to function.
You can also email [email protected] to exercise any right. UK and EU users may also complain to their local data-protection authority (in the UK, the ICO).
To protect your data, we may need to verify your identity before acting on a request, usually by confirming it comes from your registered email. We respond within one month. If we need more time or cannot act on a request, we will explain why.
11. Children's privacy
Safr follows the children's-privacy and minimum-age rules in the markets where it operates. We apply a region-aware minimum age, checked at onboarding: 16 in the US (above COPPA's 13), 18 in the UK, and the applicable digital-consent age (13 to 16) elsewhere in the EU/EEA. Advertising attribution is available only to US users 16 and over (on iOS only after allowing Apple's App Tracking Transparency prompt; on Android on by default with an opt-out in Settings); it is turned off everywhere else. We do not knowingly collect data from children below the applicable age; if you believe a child has provided us data, contact us and we will delete it. When the age gate turns someone away, Safr records only an anonymous count of that block: no name, email, device id, account, or IP-based location, just a broad age band and the country from your device's language setting. It cannot be linked back to a person or used to build a profile. It only lets us see where under-age signups come from so we can reduce them.
12. International data transfers
Grow Labs LLC operates from the United States, and some providers (for example, analytics and AI processing) may process data in the United States, while Oura is based in the EU. Where we transfer personal data out of the UK or EEA, we rely on appropriate safeguards such as the UK IDTA or EU Standard Contractual Clauses.
13. United States
Grow Labs LLC is based in the United States, at 8 The Green, Suite A, Dover, DE 19901. If you live in the US, the following applies in addition to the rest of this policy. We have two detailed US notices: our US State Privacy Law Notice (covering California, Virginia, Colorado, Connecticut, and other state privacy laws) and our Consumer Health Data Privacy Notice (covering the Washington My Health My Data Act and Nevada SB370).
Your health and cycle data is never sold and never shared with advertising networks. We do not sell your personal information, and we do not sell your consumer health data. We will not share or sell your consumer health data without your separate, valid authorization.
One thing to be clear about. If you are a US adult and you tap Allow on Apple's App Tracking Transparency prompt, Safr shares limited, non-health commercial data, such as that you finished onboarding, or that you started a subscription (with the product, plan, amount, and currency), with our measurement partner Singular (which forwards it to ad networks including TikTok and Meta) and directly with Meta (Meta Platforms, Inc.) through Meta's SDK, so we can measure our ads. Under some state laws this kind of cross-context advertising measurement may count as a "sale" or a "share." We do this only in the United States; outside the US we share nothing with ad networks. It never happens unless you allow Apple's prompt, it never applies to anyone under 16, and you can turn it off any time in Settings or in iOS Settings under Privacy & Security, then Tracking. See the "Do Not Sell or Share My Personal Information" section in our US State Privacy Law Notice.
Your choices and rights. Depending on your state, you may have the right to know what we collect, to access or delete your data, to correct it, to opt out of any sale or sharing for targeted advertising, and to limit the use of sensitive information. You can export or delete your data in the app (Settings, then Your data) or email [email protected]. We will not discriminate against you for exercising these rights. The two notices linked above explain each right and how to use it.
14. Changes to this policy
We may update this Privacy Policy from time to time. When changes are material, we will update the “Last updated” date and, where appropriate, notify you in the app.
15. Contact us
Grow Labs LLC
Email: [email protected]
