(Effective December 22, 2020)
When you use RedCalendar, you are trusting us with sensitive personal data such as information about your menstrual cycle. We are committed to achieving the highest standards of privacy and security. The primary purpose of this Privacy Policy is to provide a clear understanding of what data we collect, how it is used and shared, and how you can control it.
When you sign up to use the App, we may collect personal data about you such as phone number and information about your health (menstrual cycle dates, various symptoms related to your menstrual cycle and health, other information about your health (including sexual activities), well-being, and related activities, including personal life and other comments.
When you access or use the App, we may automatically collect information about your mobile device (hardware model, operating system version, system settings, network and storage information), IP address, time zone, frequency of use (including last time of use) and other usage data. We use Firebase Crashlytics, Performance and Analytics to monitor the overall performance and stability of our App, implement internal version control and identify bugs.
We store your data for the period that your account is active and then for a further period in case you return to use the Services again. After this retention period ends, we will delete your data.
In certain circumstances, you have the following data protection rights:
To exercise any of your privacy rights please email us at support@calendar.red. We will process your request within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your personal data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay. Please note that we may ask you to verify your identity before responding to such requests. We may not able to provide Service without some necessary data. Subject to applicable laws, you may have a right to lodge a complaint with your local data protection authority about any of our activities (related to your privacy rights, among others) that you think are not compliant with applicable law. However, if you think that we do something incorrectly, let us know first at support@calendar.red. We care about your privacy and want to make sure that we did everything to address any of your concerns.
RedCalendar does not knowingly collect or use personal data from children under the age of 13. By registering to a RedCalendar account you are required to confirm that you are at least 13 years old, or that your parents have agreed that you can use the RedCalendar app and service.
If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country (this is between 13 and 16 years old, depending on the country you live in) or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using RedCalendar without your permission or if you have any specific question about data privacy at RedCalendar, do not hesitate to get in touch with us at support@calendar.red.
If RedCalendar gains actual knowledge that information has been collected from children under the age of thirteen in the United States contrary to the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, RedCalendar will not disclose this data and we will take the required steps to delete such information and (or) delete her account reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.
We take all reasonable and appropriate measures to protect all personal data collected from loss, theft, unauthorized access, disclosure destruction against misuse and alteration of personal information under our control. Your data is transmitted between your device and our service using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser. Our data is hosted by Google Cloud, which maintains multiple security certifications. We will notify you of security incidents as required by law. If you want to report a security incident related to the App please contact us at support@calendar.red
We believe the biggest threat to the security and privacy of your data is if someone gains access to any of your devices without your consent. The data you enter into RedCalendar is private and it should stay that way (unless you actively choose to share it with the people you’ve connected). Please protect your device (activate either PIN, TouchID (iPhone 5S-SE(2020)), or FaceID (iPhone X-12) authentication for your device). This automatically encrypts your data and prevents any person from using your device without your permission.
Because we use Firebase, Google is a data processor under GDPR and processes personal data on our behalf. Similarly, Google operates as a service provider under the CCPA handling personal information on our behalf. Firebase terms include Data Processing and Security Terms detailing these responsibilities. Certain Firebase services governed by the Google Cloud Platform (GCP) Terms of Service are already covered by associated data processing terms, the GCP Data Processing and Security Terms. A complete list of Firebase services currently governed by the GCP Terms of Service is available in the Terms of Service for Firebase Services. Crashlytics are governed by the Firebase Crashlytics and Firebase App Distribution Terms of Service, and are covered by those associated data processing terms. Google Analytics for Firebase and Google Analytics are governed by the Google Analytics for Firebase Terms of Service and the Google Analytics Terms of Service, respectively. For additional information, refer to Safeguarding your data.
Some Firebase services process your personal data to provide their service. The chart below has examples of how various Firebase services use and handle end-user personal data. In addition, many Firebase services offer the ability to request deletion of specific data or control how data is handled.
Firebase service | Personal data | How data helps provide the service |
---|---|---|
Cloud Functions for Firebase |
|
How it helps: Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions Retention: Cloud functions only saves IP addresses temporarily, to provide the service. |
Firebase Authentication |
|
How it helps: Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication. Retention: Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days |
Firebase Cloud Messaging |
|
How it helps: Firebase Cloud Messaging uses Firebase installation IDs to determine which devices to deliver messages to Retention: Firebase retains Firebase installation IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days. |
Firebase Hosting |
|
How it helps: Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data. Retention: Hosting retains IP data for a few months. |
Firebase Performance Monitoring |
|
How it helps: Performance Monitoring uses Firebase installation IDs to calculate the number of unique Firebase installations that access network resources, to ensure that access patterns are sufficiently anonymous. It also uses Firebase installation IDs with Firebase Remote Config to manage the rate of performance event reporting. Additionally, it uses IP addresses to map performance events to the countries they originate from. For more information, see Data collection. Retention: Performance Monitoring keeps installation and IP-associated events for 30 days and de-identified performance data for 90 days |
Firebase Crashlytics |
|
How it helps: Firebase Crashlytics uses crash stack traces to associate crashes with a project, send email alerts to project members and display them in the Firebase Console, and help Firebase customers debug crashes. It uses Crashlytics Installation UUIDs to measure the number of users impacted by a crash and minidump data to process NDK crashes. The minidump data is stored while the crash session is being processed and then discarded. Refer to Examples of stored device information for more detail on the types of user information gathered. Retention: Firebase Crashlytics retains crash stack traces, extracted minidump data, and associated identifiers (including Crashlytics Installation UUIDs) for 90 days. |
Google Analytics for Firebase |
How it helps: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. For more information see Data collection. Retention: Google Analytics retains aggregate reporting without automatic expiration. Retention of user-level data and all other event data, including conversions, is fixed at up to 14 months. |
We use Cloud Firestore (flexible, scalable database for mobile, web, and server development from Firebase and Google Cloud Platform), so Google generally operates as a “data processor" (GDPR) or “service provider" (CCPA). Personal data we collect is governed by U. S. law. Please be advised that U. S. law and laws of other countries may not offer the same protections as the law of your jurisdiction. Unless a service or feature offers data location selection, we may process and store your data anywhere Google or its agents maintain facilities.
We may contact you with messages (like popups or push notifications) to deliver health content, summary of personal health data that you have tracked in the app. You can always opt out of these push notifications.
Please note that we may contact you with our information about products, services, offers, promotions, rewards, and events offered by us and others via third-party platforms (like social media). Please note that you can always opt-out from such communication and usage of your personal data by contacting us at support@calendar.red.
We may update our Privacy Policy from time to time. Please check this page periodically for changes. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.
RedCalendar is used by people around the world, who access the app in a multitude of different languages. We use professional translators and proofreaders to translate all of our communications, including this Privacy Policy, as accurately as possible. However, please understand that we cannot assure 100% accuracy for all of our translations, in particular with respect to any legal content. Please note that the English version of this Privacy Policy is therefore the original version, which prevails over all other versions in case of deviation from the English original. The latest version of this Privacy Policy is always available in English on our website.
If you have any questions about this Privacy Policy, please contact us by email: support@calendar.red.