1. Who We Are
Seravie is operated by Luminary Apps Ltd, a company registered in England and Wales.
For the purposes of UK GDPR and EU GDPR, Luminary Apps Ltd is the Data Controller for your personal data.
Registered address: Luminary Apps Ltd, [Registered Address], United Kingdom
Contact: privacy@seravie.net
2. Data We Collect
We collect the minimum data required to operate Seravie. Here is every category:
| Data Type | Examples | Collected How |
|---|---|---|
| Account data | Email address, password (hashed), name | You provide when creating an account |
| Health & symptom data | Symptom logs, severity ratings, mood, energy, sleep notes, HRT status | You enter via daily check-in |
| Profile preferences | Menopause stage, main concerns, notification time, region (UK/US) | You provide during onboarding |
| Subscription data | Plan type (Essential/Premium), subscription status, transaction ID | Via RevenueCat when you subscribe |
| Usage data | Screens visited, features used, app version, OS type | Automatically collected via Supabase logs |
| Device data | Device locale (for UK/US detection), timezone | Automatically on first launch |
| Content reads | Which premium articles you have read | Automatically when you open an article |
3. How We Use Your Data
3.1 Providing the app
Your symptom logs, health data, and profile preferences are used to:
- Display your personal dashboard, streak, and wellbeing score
- Generate your 30-day heatmap and trend insights
- Show region-appropriate clinical guidance (NICE NG23 for UK; NAMS 2022 for US)
- Sync your data across devices when you are signed in
3.2 Subscriptions and payments
Subscription processing is handled entirely by Apple App Store or Google Play. We do not receive or store your payment card details. RevenueCat manages subscription status on our behalf and passes us only: your subscription tier, expiry date, and a transaction ID.
3.3 Premium content delivery
We record which articles you have read so we can show read/unread indicators and avoid repeating content in recommendations.
3.4 Service improvement
Aggregated, anonymised usage data (e.g. "the Insights screen is visited 4× more than the Profile screen") is used to improve the app. This data cannot be traced back to you.
3.5 Customer support
If you contact us for support, we use your email address and any information you share to respond to your query. Support communications are retained for 12 months.
4. Legal Basis for Processing (UK & EU)
Under UK GDPR (and EU GDPR), we must have a lawful basis for processing personal data. Because Seravie handles health data (a special category under Article 9), we rely on:
- Explicit consent (Article 9(2)(a)) — for collecting and processing your health and symptom data. You give this consent when you create an account and begin logging symptoms. You may withdraw consent at any time by deleting your account.
- Contract performance (Article 6(1)(b)) — for account data and subscription management, which are necessary to provide the service you have paid for.
- Legitimate interests (Article 6(1)(f)) — for aggregated, anonymised analytics used to improve the app, where these interests do not override your rights.
6. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Symptom logs and health data | Until you delete your account, or 3 years of inactivity |
| Account information | Until you delete your account |
| Subscription records | 7 years (UK tax/accounting law requirement) |
| Support communications | 12 months from resolution |
| Anonymised usage analytics | Indefinitely (cannot be linked to you) |
When you delete your account through the app, all personally identifiable data is permanently deleted from our systems within 30 days. Anonymised, aggregated data may be retained.
7. Your Rights
You have meaningful control over your data. You can exercise any of the following rights at any time:
- Access — request a copy of all data we hold about you
- Rectification — correct any inaccurate data
- Erasure ("right to be forgotten") — delete your account and all associated data
- Restriction — ask us to stop processing your data while a dispute is resolved
- Portability — receive your data in a machine-readable format (CSV/JSON)
- Withdraw consent — withdraw consent for health data processing at any time (this will require closing your account)
- Object — object to processing based on legitimate interests
To exercise any right, email privacy@seravie.net or use the Delete My Account option in Profile → Settings. We will respond within 30 days.
8. UK & EU Users — GDPR
Seravie is designed to be fully compliant with UK GDPR (as retained in UK law following the UK's exit from the EU) and EU GDPR Regulation 2016/679.
Right to lodge a complaint
If you believe we have mishandled your data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would, however, appreciate the opportunity to address your concerns before you contact the ICO — please email us first at privacy@seravie.net.
9. US Users — CCPA / CPRA
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Your California rights
- Know — the categories and specific pieces of personal information we collect about you
- Delete — request deletion of your personal information
- Correct — request correction of inaccurate personal information
- Opt-out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising. No opt-out is required, but you may verify this at any time by contacting us.
- Limit use of sensitive personal information — you may request that we limit our use of your health data to what is necessary to provide the service
- Non-discrimination — we will not discriminate against you for exercising any of these rights
Categories of information collected (CCPA disclosure)
| Category | Collected? | Sold? | Shared? |
|---|---|---|---|
| Identifiers (email, user ID) | Yes | No | No |
| Health / medical information | Yes | No | No |
| Commercial information (subscription) | Yes | No | No |
| Internet / network activity | Limited | No | No |
| Geolocation data | No | N/A | N/A |
| Biometric data | No | N/A | N/A |
| Sensitive personal information | Yes (health) | No | No |
To exercise your CCPA rights, contact us at privacy@seravie.net with the subject line "CCPA Rights Request". We will verify your identity and respond within 45 days.
For other US states with applicable privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA), we extend equivalent rights on request.
10. Children
Seravie is designed for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has created an account, please contact us at privacy@seravie.net and we will delete the account and all associated data promptly.
11. Security
We take security seriously. Measures in place include:
- Encryption in transit — all data transmitted between the app and our servers uses TLS 1.2 or higher
- Encryption at rest — your data is stored encrypted in Supabase using AES-256
- Row-Level Security — our database enforces that every user can only access their own data — not other users' records
- Hashed passwords — passwords are never stored in plain text (Supabase Auth uses bcrypt)
- Access controls — only authorised Luminary Apps Ltd personnel can access production data, and only when necessary for support or maintenance
- Cyber Essentials certified — Luminary Apps Ltd holds Cyber Essentials certification
Despite our best efforts, no system is completely secure. If you discover a potential vulnerability, please report it responsibly to security@seravie.net.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send a notification via the app
- For significant changes involving new data uses, ask for your renewed consent
We encourage you to review this policy periodically. Continued use of Seravie after changes take effect constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please get in touch:
Luminary Apps Ltd — Data Privacy
Email: privacy@seravie.net
Response time: We aim to respond within 5 business days and will always respond within 30 days.
Postal address: Luminary Apps Ltd, [Registered Address], United Kingdom
For urgent security concerns, email security@seravie.net.