← Back home

Privacy Policy

Last updated: June 4, 2026

The short version

  • Texts you paste into Decoder or Text Back are never stored. They're sent to the AI gateway to generate a reply, then dropped.
  • Oh Sh*t Button and Apology Engine save your context and the AI's response so you can review your crisis history and improve over time. You can delete individual entries anytime.
  • Your cycle data, logs, and wins are stored encrypted on secure servers (Supabase) and visible only to you (and your partner if you explicitly link accounts via Partner Sync).
  • We don't sell your data. We don't share it with advertisers. Ever.
  • You can delete your account and all associated data anytime.

What we collect

  • Account basics: email, display name, her name, city, subscription status
  • Cycle tracking: period dates, phase calculations, daily logs, mood/symptom check-ins
  • Your inputs: wins you log, crisis contexts from Oh Sh*t Button, apology playbooks you save
  • Usage analytics: anonymous event tracking (e.g., "user opened Decoder") via Lovable's analytics service. No personally identifiable information.
  • Partner link status: if you've connected with a partner and what data she's chosen to share with you

What we don't store

The contents of texts or context you paste into Decoder or Text Back. These are processed in real-time by our AI gateway and immediately discarded.

Voice notes or audio (we don't have voice features yet).

Payment card details (handled entirely by Stripe).

What we do store (so you can learn from it):

  • Oh Sh*t Button crisis logs: the situation you described and the AI's guidance, so you can review patterns.
  • Apology Engine playbooks: the context and the 5-part plan, so you can refine your approach over time.

You can delete any saved response or crisis log individually from your dashboard.

Partner sync

If you link with a partner, only the fields she explicitly toggles to share become visible to you. She can revoke access at any time.

Third-party services we use

  • Stripe: Payment processing (they never see your cycle data, only billing info)
  • Supabase: Encrypted database hosting (bound by a Data Processing Agreement; they can't read your data)
  • Lovable AI Gateway: Routes AI requests to OpenAI/Google with zero-retention policies
  • Lovable Analytics: Anonymous usage tracking (event names only, no PII)

None of these providers receive your cycle data, AI inputs, or relationship content. We do not use Google Analytics, Facebook Pixel, or any advertising networks.

Your rights

Export, correct, or delete your data anytime by emailing privacy@menztraining.com.

Menstrual health data protection

Your partner's cycle data (period dates, phase tracking, mood logs, symptoms) is classified as sensitive health information under state and federal law. We store this data encrypted on secure servers (Supabase with row-level security) and will never sell, share, or use it for advertising, insurance underwriting, or any purpose beyond what's described in this policy. In the event of a data breach affecting cycle or health data, both partners will be notified via email within 72 hours.

AI provider safeguards

AI features (Decoder, Text Back, Oh Sh*t Button, Apology Engine) send your inputs through Lovable's AI Gateway to OpenAI and Google models. Decoder and Text Back inputs are processed in real-time and never stored by us or the AI providers. Oh Sh*t and Apology Engine inputs are saved to your account so you can review your history and track growth. These are never used to train third-party AI models. We review AI provider agreements annually and will notify you of material changes.

California & EU user rights

If you're in California or the European Union, you have additional rights:

  • Right to know exactly what data we've collected about you
  • Right to access a full copy in a portable format
  • Right to delete your account and all associated data
  • Right to opt out of any sale of your data (which we don't do)

To exercise these rights, email privacy@menztraining.com with "Data Request" in the subject line. We'll respond within 30 days.

What happens in a breach

If our servers are compromised and your account data is accessed by an unauthorized party, we will notify you via email within 72 hours. The notification will include what data was affected, what we're doing about it, and steps you can take to protect yourself. Supabase (our hosting provider) maintains SOC 2 Type II compliance and regular third-party security audits.

Questions about your data? Email privacy@menztraining.com

Data hosting: Supabase (SOC 2 Type II compliant) • AI providers: OpenAI, Google (zero-retention APIs) • Analytics: Lovable (anonymous usage only)

Privacy·Terms·© 2026 MenzTraining