01Who is responsible for your data
The party responsible for your personal data (the “data controller”) is the operator of Dalal.
- Contact: support@dalall.net
If you have any question about this policy or how your data is handled, contact us at the address above.
02What data we collect
We only collect data that is needed to run the app and provide its features.
2.1 · Account data
- Email address — used to create your account, sign you in, and send account-related messages such as password resets and email confirmation.
- Authentication data — a securely hashed password (we never store your password in plain text) and session tokens that keep you signed in.
2.2 · Health and cycle data (sensitive)
Data you choose to enter to track your cycle, including:
- Period start and end dates and cycle history.
- Logged symptoms (for example flow, mood, pain, and other markers you record).
- Fertility signals you record (for example basal body temperature, cervical-mucus observations, and similar entries).
- Your app mode and preferences (for example whether you are trying to conceive, avoiding pregnancy, or tracking generally) and predicted dates derived from your entries.
This information is health data and is treated as a special/sensitive category of personal data.
2.3 · Settings and preferences
- App locale/language, measurement units, reminder settings, and other in-app preferences.
2.4 · Data we do NOT collect
- We do not collect your name, phone number, precise location, contacts, photos, or advertising identifiers.
- We do not use third-party advertising or analytics/tracking SDKs, and we do not sell your personal data.
03How we use your data
We use your data only to:
- Create and secure your account and authenticate you.
- Store your cycle, symptom, and fertility entries and sync them across your devices.
- Generate cycle and fertility predictions and show them to you in the app.
- Send local reminders (for example upcoming-period, daily-logging, and cycle-care reminders) that you have enabled. These reminders are scheduled and shown on your device; their content is not transmitted to us.
- Send account/service emails (confirmation, password reset).
- Maintain, secure, debug, and improve the reliability of the service.
We do not use your health data for advertising or profiling, and we do not make automated decisions that produce legal or similarly significant effects about you.
04Legal basis for processing
4.1 · Saudi Arabia (PDPL)
For users in the Kingdom of Saudi Arabia, we process personal data in accordance with the Personal Data Protection Law (PDPL) and its Implementing Regulations, overseen by the Saudi Data & AI Authority (SDAIA). Our legal bases are:
- Your consent — for collecting and processing your health/cycle data, which is sensitive data under the PDPL. You may withdraw consent at any time (see §8).
- Performance of the agreement — to provide the app's core features once you create an account.
- Legitimate interests — to keep the service secure and reliable, where permitted under the PDPL and balanced against your rights.
4.2 · EEA / UK users (GDPR)
Where the GDPR (or UK GDPR) applies, we process your data on these bases:
- Contract — to provide the app's core features once you create an account.
- Explicit consent — for the processing of your health/cycle data, which is a special category of data. You may withdraw consent at any time by deleting the relevant data or your account (see §8). Withdrawal does not affect processing carried out before withdrawal.
- Legitimate interests — to keep the service secure and working reliably, balanced against your rights.
05How your data is stored and protected
- Hosting. Account and cycle data are stored in our managed cloud database provider, Supabase (which hosts data on established cloud infrastructure). A copy of your data is also cached locally on your device so the app works offline.
- Encryption in transit. All communication between the app and our servers is encrypted using TLS/HTTPS.
- Encryption at rest. Data stored by our cloud provider is encrypted at rest by the provider.
- Access controls. Row-Level Security is enforced at the database so that each account can only read and write its own rows. Your data is not accessible to other users.
- Passwords are stored only as salted hashes managed by our authentication provider.
Important: Dalal uses standard transport and at-rest encryption plus strict per-user access controls. It does not use end-to-end encryption, which means data is stored in a form that our cloud infrastructure can process. We limit access to what is necessary to operate the service, and we would rather state this plainly than promise more than we deliver.
06Who we share data with
We do not sell or rent your personal data. We share data only with:
- Infrastructure sub-processors that operate the service on our behalf, principally:
- Supabase — database hosting, authentication, and email delivery for account messages.
- Legal/authority disclosures — only where required by applicable law, regulation, or valid legal process.
These providers process data under their own security and privacy commitments and only to provide services to us.
07International transfers
Your data may be processed on servers located outside your country of residence (the app's cloud project region is set by us; for example a Supabase region such as Oceania/Sydney or Northeast Asia/Tokyo). Where data is transferred internationally, we rely on appropriate safeguards permitted by applicable law.
For users in the Kingdom of Saudi Arabia, any transfer of personal data outside the Kingdom is carried out in accordance with the PDPL and the SDAIA regulations governing cross-border transfers, including the required safeguards for transfers to jurisdictions with an adequate level of protection or under appropriate contractual protections.
08Your rights and choices
You can:
- Access and edit your cycle, symptom, and fertility entries directly in the app at any time.
- Delete your account and data. Dalal includes in-app account deletion. Deleting your account removes your account and associated cycle/health records from our systems and wipes the local copy on your device. Deletion is permanent and cannot be undone.
- Withdraw consent for health-data processing by deleting the relevant entries or your account.
- Control reminders and other preferences in the app's settings.
Depending on your jurisdiction, you may also have the right to request a copy of your data, correct it, restrict or object to processing, request portability, and lodge a complaint with the competent authority — in the Kingdom of Saudi Arabia, the Saudi Data & AI Authority (SDAIA); under the GDPR/UK GDPR, your local data-protection authority. To exercise rights that cannot be completed in-app, contact us at the email in §1.
09Data retention
- We retain your account and health data for as long as your account exists so the app can show your history and predictions.
- When you delete your account, we delete your personal data from our active systems. Residual copies in encrypted backups are removed on the provider's normal backup-rotation cycle.
10Children's privacy
Dalal is not directed to children under 13 (or the minimum age required by your jurisdiction), and we do not knowingly collect data from them. If you believe a child has provided us personal data, contact us and we will delete it.
11Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app. Continued use of Dalal after an update means you accept the revised policy.
12Contact
Questions or requests about your privacy or this policy:
Email: support@dalall.net