Clue Privacy Policy

(Last updated 15th July 2020)

1. Summary of this Privacy Policy (tl;dr)

At Clue, we believe that technology and data present a groundbreaking opportunity to empower people to take control of their health.

We also acknowledge that using any service embedded in the digital economy will increase your data footprint. At Clue, we fully accept the great responsibility that comes with safeguarding your sensitive data, such as information about your menstrual cycle. We are committed to achieving the highest standards of privacy and security.

We see it as our job to be so clear and transparent that you can truly understand what we do with your data, even though the digital ecosystem of an app is complex, and we interact with it when we rely on a number of other service providers as summarized below. Our CEO Ida Tin has written several blog posts on this, including an overview of what happens to your tracked data. We'd love it if you could take some time to read it, and let us know what you think.

How and why we process your personal data at Clue:

i. To provide our services, understand your needs and communicate with you, we collect certain data that allows us to contact you, analyze how you interact with our app and fix bugs. We do use third party tools to help us with this. But we are careful to only let them process usage data and minimal personal data on Clue's behalf, not data relating to your menstrual cycle or other health data. To be clear, these third party services are not permitted to use the data for any other purpose than to help us run Clue. But if you wish to restrict data processing to only the absolute minimum we need in order to provide Clue to you (for example, we could then no longer analyse your usage data along with other users' data, which helps us understand how you interact with the app so that we can improve it), then you can go to Settings and change your preferences.

ii. To deliver personalized insights as your trusted health companion, part of the service we provide is processing the health data that you choose to enter in the Clue app. Because this data is so sensitive, we do not share it even with our internal third party service providers. The one exception to this is the Cycle Review email, if you opt in to this service as part of a Clue Plus subscription (again, to be clear: in this case, the data is not shared with any other party for their use; we use a third party tool to help us assemble the personalized email. See section 8 below for more specifics).

iii. To advance scientific research on menstrual and reproductive health, we share data with carefully vetted researchers to advance female health studies. For that purpose we de-identify your personal data by removing or hashing personal identifiers so that neither the researchers nor any third parties can link it to you. You can read about our collaborations here. But if you are not comfortable with your de-identified data being shared for the purposes of menstrual and reproductive health research, you can contact us at trust@helloclue.com.

iv. To effectively reach new Clue users online, we do share a minimal amount of data about our users with advertising networks (but we never share the menstrual or other health data you track in the app). The reason is so that you do not see Clue ads if you've already downloaded or subscribe to Clue, and so that we can suggest Clue to people who are likely to be interested in it. If you are not comfortable with any data being shared for ad customization, then, you can go to Settings and change your preferences. You can read more about our approach to digital advertising in this blog post.

To be clear: we are very careful to give extra protection to your sensitive health data. We do not share any of the data you track with advertisers or other third parties for their use. This is not our business model. For our principles and promises about how we make money, please see this blog post.

Please read the whole of this Privacy Policy to understand all this in more detail. We have done our best to make it as clear and comprehensible as possible. If you have any questions, do reach out to us at trust@helloclue.com.

2. How and why we process your personal data at Clue

Data processing is at the center of everything we do at Clue, and whenever you use our services—e.g. when you use the Clue app or when you go on our website—some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.

Here are the purposes for which we process data and the type of data that is processed to fulfill each purpose:

2.1 To provide our services, understand your needs and communicate with you

When you use the Clue app or when you go on our website, Clue collects, stores, and uses some personal and non-personal data about how you interact with our services, such as Device Data, Event and usage data and IP-address, and transmits it to some third-party services who process data on Clue's behalf.

The main reason why we collect this data and use third party tools is to provide our service to you, which may include sending occasional informational and promotional messages as well as reminders to your smartphone via in-app messages and push notifications. We are thoughtful about what we communicate and how often. You always remain in full control of your communication preferences with Clue. You can change the settings in the app or on your device at any time.

The other reason why we process this data is to help us understand your needs and your use of our products, to analyze bugs and fix issues, and to bring you more useful features. In a nutshell, we process this data to provide you with the best and most reliable experience of our services.

Here are the types of data we collect:

Device data This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device. This information helps us to fix bugs, tailor our services to our users' devices and improve our services.

Event and usage data When you use the app or when you go to our website, our servers (located in Europe) process data in order to understand your usage of our services—for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as a whole, and to communicate with you about relevant and timely information and promotional content.

IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes, and for regulatory compliance in different countries. To be clear, we do not collect your precise location.

This data is necessary for Clue to deliver the services you use. The amount we collect is minimized wherever possible to respect your privacy.

Legal basis The legal basis for processing the above data is Art 6 section 1(b) of the European General Data Protection Regulation (GDPR). Clue may use this data for the purpose of improving the Clue app, the services we provide to you, and to prevent abusive use of our service. In accordance with Art 6, section 1(f) GDPR, we consider that we have a legitimate interest to offer an error-free and functional service.

We also use the information set out above to analyze the usage of our service. With the help of third party providers, we use this analysis to improve our services and the effectiveness of our advertising. Further details are described in section 7 of this Privacy Policy.

2.2 To deliver our service of personalized insights as your trusted health companion

The data you track in Clue about your health and activities is considered sensitive personal data. Clue does not store sensitive personal data without your explicit permission. It is only when you give us explicit consent by creating a Clue account that we start storing all health and sensitive data you track on our secured servers, alongside the personal data necessary to create an account. You can find a detailed explanation of what you consent to when creating an account with Clue in the next section of our Privacy Policy.

Here are the types of data we collect and store when you create an account:

Personal data used for account creation We need some of your personal data, such as a username and email address, in order to create your Clue account.

Health and sensitive data We store health data, such as your body measurements, dates of your past and current periods, and symptoms or events you choose to track in the app (e.g. sex, levels of productivity, good hair days, pain, or cravings).

Legal basis Clue uses this data for the purpose of providing our services to you. The legal basis for the processing of your health data is your consent in accordance with Art 9 GDPR, as set out in section 3 of this Privacy Policy, "Your Consent for processing health and sensitive data". Your personal data for account creation is processed on the basis of Art 6, section 1(b) GDPR.

See section 5.1 below with regard to the special data security measures we take to ensure your sensitive health data is protected.

2.3 To advance scientific research about menstrual and reproductive health

The vision of our founder, Ida Tin, is for Clue to help advance female health globally. Female health has historically been underserved as a field of research—there has been very little long-term or large scale cycle health information available for academic and clinical purposes. Clue is on a mission to fill this gap by sharing user data, carefully de-identified to protect your privacy, for the purposes of scientific and medical research about menstrual and reproductive health. De-identification means that Clue will either delete such information from data sets that could identify you as an individual, such as your username or email address, or will replace this information with a random number, so information on your identity will not be shared with any research partner.

Since its inception, Clue has successfully collaborated with academic researchers. You can read about our past and ongoing research collaborations here.

We want to make it very clear that we personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been de-identified following a strict protocol that involves the removal or hashing of any information that could be used to identify any specific user.

Finally, because we believe that research should benefit everyone, Clue strives to publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.

Legal basis The legal basis for the usage of your personal data for scientific research purposes is § 27 BDSG (the German Data Protection Act) along with your consent in accordance with Art 9 GDPR. Once again, you can withdraw your consent to the use of your data for scientific purposes at any time by emailing trust@helloclue.com. If you do this, your data won't be included in any future research partnerships.

If you are a participant in a scientific study that is run by a research facility using Clue as a tool to collect information for that study, then Clue will share your personal information with the research facility only under the terms of your consent as given to that research facility. When you use Clue as part of a scientific study, we will otherwise treat your personal data with the same care as we do all user data. The research facility will be solely responsible for the usage of your personal data, including health data, in the context of their scientific study. We consider that Clue and our partnered research facilities have joint responsibility ("joint controllership" under GDPR) in this case.

3. Your consent for processing health and sensitive data

When you create an account with Clue, your personal data—including sensitive data and data related to your health—is stored on your device and is also stored and processed on Clue servers. By creating an account with Clue you explicitly consent that:

i. Clue may store and process personal data you provide through creating an account and using the Clue app for the purpose of providing Clue services to you and of improving Clue's service features. Such Clue services may include sending you information and reminders through the Clue app, e.g. via push notification or to the email address you provided to Clue.

ii. The personal data you provide to Clue through the account creation process for the purpose of providing Clue's service includes personal data you enter into the Clue app, such as your account data (e.g. your username and email address), and your health data, which may include your cycle information (e.g. period length, pain, or spotting) and depending on the data you provide, it may also contain information about your general health (e.g. weight, body temperature, hair quality, and if/how you engage in sexual intercourse).

iii. Clue may use your cycle data to create de-identified sets of data for academic and clinical research purposes, which Clue may transfer to its collaborators to further research into female health. Clue's collaborators are individually selected through an internal vetting process. This de-identified research data does not contain any information that would allow the research partner to identify you as an individual.

4. Your rights

We believe that privacy—including data privacy—is a basic human right. At Clue we strive to ensure that your rights are respected.

Here are some key facts about your privacy that we would like you to know:

i. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes outlined above and detailed in this Privacy Policy.

ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at trust@helloclue.com if you have any questions about the security of our services.

iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.

iv. Clue does not engage in any automated decision-making or profiling activities.

As a user of Clue's services and website, you may exercise your user rights to:

i. Request information on your personal data processed by Clue. Upon your request, this information will be provided to you electronically. You can contact us to request your information at trust@helloclue.com.

ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organizations (data portability).

iii. Correct your personal information and health data in the app settings and in the tracking categories available in the Clue app.

iv. Withdraw your consent from ongoing data processing at any time by deleting your account (as explained in the support section of the app), changing your privacy preferences in Settings and/or unsubscribing from our newsletter or other email communications by clicking the link at bottom of the email.

v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to trust@helloclue.com. Your data will be deleted within 30 days.

vi. Lodge a complaint with the relevant supervising authority if you believe Clue is processing your personal data in violation of applicable data protection regulations.

California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personal information relating third parties to which Clue has disclosed personal information during the preceding year.

To make such a request, please contact us at: trust@helloclue.com.

5. Data Security

We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

5.1 How Clue stores your personal data

When you create an account with Clue, your personal profile data is stored separately from your cycle tracking data and your service settings. This allows us to ensure the highest possible level of privacy for your cycle information. When you create a Clue password, it is stored using one-way encryption ("hashing" plus "salting") and cannot be read by us. Note that if you use Social login (via Apple Sign-in or Facebook Connect), Clue does not receive your original password.

Important: Clue uses servers located in the European Union to process and store your personal data.

Your data is transmitted between your device and Clue's servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.

5.2 Clue's recommendations for protecting your data

We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices without your consent. The data you enter into Clue is private and it should stay that way (unless you actively choose to share it - if you are using Clue Connect, for example, regularly review whether it still makes sense for you to share that information with the people you've connected). We have outlined some ways to keep your devices secure below.

Protect your Clue account: Activate a unique PIN code or activate TouchID (iPhone 5S-8) for the Clue app. If you share your device with others, activating a unique PIN code or TouchID will ensure you are the only person who can access your Clue data on the device.

Protect your device:

i. Activate either PIN, TouchID (iPhone 5S-8), or FaceID (iPhone X-11) authentication for your device. This automatically encrypts your Clue data and prevents any person from using your device without your permission.

ii. Set up a feature that will allow you to erase all the data from your device if it's been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate "Find My iPhone" via iCloud (see instructions on Apple Support pages) and then enable "Erase your device" (see instructions on Apple Support pages).

For Android, download and set up Find My Device (formerly Android Device Manager) from the Google Play Store and, if needed, use the connected web interface to lock or wipe your phone remotely.

6. Data transfer outside the EU and to third-party service providers and applications

6.1 Data transfer outside of Europe

Any personal data collected from you may only be transferred to countries outside the European Union / the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.

6.2 Apple Health (iOS)

Clue will not exchange any personal data with Apple's Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the Clue app during initial user profile setup or via app settings and can be revoked by you at any time. If you have given your approval, Clue may interact with the Health app on your iOS device and read and/or write information between the Clue app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.

You can choose if and to what extent your personal data is exchanged between Clue and Health by granting or revoking the relevant permissions in Health app settings. Please refer to the Privacy Information of Apple Health for further information.

6.3 Facebook Connect

For users who prefer to log in this way, Clue uses Facebook Connect to allow our users to create and log in to their Clue account with their Facebook credentials. In this case, Clue will exchange certain data with Facebook, such as Device Data, your IP-address and information you provided to Facebook when creating an account with Facebook. This may include a transfer of your personal data to Facebook servers located outside the European Union. It is your choice if and to what extent you use the Facebook Sign-In service and what information you provide to Facebook. However, in no case will we exchange health data with Facebook for the purpose of using the Facebook Connect Service.

If you sign up for Clue using Facebook, you authorize us to collect your basic profile information from Facebook, such as your name, email address and profile picture. This information is collected by Facebook and is provided to us under the terms of Facebook's privacy policy. You can control the data we receive from Facebook in the privacy settings within your Facebook account.

6.4 Apple Sign-In

Clue also allows the use of Apple Sign-In. If you choose to use this Apple service to sign in to Clue, Clue will exchange certain data with Apple, such as Device Data, your IP-address and information you provided to Apple when creating an account with Apple Inc. This may include a transfer of your personal data to Apple servers located outside the European Union. It is your choice if and to what extent you use the Apple Sign-In service and what information you provide to Apple. Absolutely no health data will be exchanged with Apple for the purpose of using the Apple Sign-In Service.

7. Cookies and app data analysis

Our website uses cookies, which are small text files that are intended to make the site better for you to use. In general, cookies are used to retain preferences, store information for things like shopping carts, and provide tracking data to third-party applications like Google Analytics or identify your device for special advertising purposes such as retargeting.

The Clue app and our website also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved experience.

Information on your usage of our website or of the Clue app may be collected and processed by Clue, or a third party engaged by Clue using a unique identification number assigned to you. Information about your usage will be deleted when this information is no longer required for the purpose collected, and will always be de-identified before sharing with third parties besides those mentioned under Section 7.2 to 7.9.

7.1 Your consent for Clue tracking and analysis

By using our app and our website you consent (in the case of the website, through opt-in in the cookie banner) that Clue may use cookies and third-party services, and collect your usage data under a unique identifier, for the purposes of tracking, analysis, and improvement of our website and app, as well as advertising purposes such as retargeting.

You may withdraw your consent to non-essential tracking and analysis at any time. When visiting our website, you can decline the use of non-essential cookies in the pop-up notification. From within the Clue app, you can go to More Menu > Settings > Data Privacy and adjust your preferences. For the purpose of tracking the performance of our services and to improve Clue, we use the following third party services:

7.2 Google Analytics

Our website uses Google Analytics, a web analysis service operated by Google Inc. ("Google"). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google.

The following Cookies are used by Google Analytics:

Cookie Name Value (example) Purpose Expiration
_ga 2.1326744211.152311160746-5 This cookie is written to the browser upon the first visit. It is included in each page view request and used to distinguish unique users on the website. 2 years
_gid 2.1687193234.152311160746-1 This cookie is used to group the user behavior for each user. 24 hours
_gat_gtag_UA_property-id 1 This cookie is used to throttle the rate at which requests are sent to Google Analytics so as to increase the efficiency of network calls. 1 minute

Google analyzes this information to offer reports to Clue on website usage and online usage of associated services. Under the terms of Google's analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google must not allow your IP address to be linked to any other personal data. By opting in via the cookie banner on Clue's website, you consent to data being used and processed by Google as described above. You can withdraw consent for this use of your data at any time. Please note that this withdrawal only applies to future activities.

7.2 Google Adsense

Our website uses Google AdSense, an advertising service operated by Google Inc. ("Google"). By using Google AdSense we can show adverts on our website matching our website's content and/or your interest. Google AdSense uses cookies stored on your computer, and web beacons, small images, to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve the provided advertising. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google.

The following Cookies are used by Google Adsense:

Cookie Name Value (example) Purpose Expiration
NID, SID 204=ReF91wQ3dOiUIpPlU7WHpzMVr-ipyXKy3L3n2mnyYnY5UsIN9DbCjJGpPuyihj1nkUJcfmWofH25aQenKN11ctD2E0q6tezP1rKMNQPegZpEDAkjtrfGqnjHhNcNC6tmK4v These cookies are used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions. Varies from 6 months to 2 years
IDE AHWqTUnPL4OeAxcMrwDnQRsEbMtg9Avt1RzGLh_trEPvnEFARZcFAEnFHLn-FLPc Google DoubleClick uses this cookie to report the user's actions after viewing or clicking one of the ads to measure the efficacy of the ads. 1 year
DSID AAO-7r4w-GyuCqUPUDBXD5G8kywJRrN3IHVC6mpvky2MqkYcjGW1mwnXRMWeynG3A0wtUgCvJ1bb31M8knCRe2tjBSN9-LLXiUTnlsgUuKkwDsfb1RVGzDI Google DoubleClick uses this cookie to report the user's actions after viewing or clicking one of the ads to measure the efficacy of the ads. 1 month
APISID, HSID, SAPISID, SSID AJi4QfHHuFChoSwsVayffyBZ2NxcfTQBbV0CXVmS01zaz1CSjXB8yJZabTkXHgtw0iAW2sON These are security cookies used by Google to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties. 2 years
1P_JAR 2020-07-02-14 Google advertising cookie used for user tracking and ad targeting purposes. 1 month

Google analyzes this information to offer adverts on Clue's website. Under the terms of Google's analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google must not allow your IP address to be linked to any other personal data. By opting in via the cookie banner on Clue's website, you consent to data being used and processed by Google as described above. You can withdraw consent for this use of your data at any time. Please note that this withdrawal only applies to future activities.

7.3 Parse.ly

Clue uses a data analysis service operated by parse.ly. Parse.ly uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Data concerning your website use will be transferred to and stored on a server in the USA operated by parse.ly.

The following cookies are used by Parse.ly:

Cookie Name Value (example) Purpose Expiration
_parsely_visitor {%22id%22:%228fe4bd68-15f8-411d-913b-d2eef0803530%22%2C%22session_count%22:1%2C%22last_session_ts%22:1585144869395} This cookie is used to determine if a visitor has visited the website before, or if they are a new visitor on the website. Used to store a user-ID and differentiate website users 30 days
_parsely_session {%22sid%22:1%2C%22surl%22:%22https://helloclue.com/articles%22%2C%22sref%22:%22%22%2C%22sts%22:1585144869395%2C%22slts%22:0} This cookie is used to track the user’s behavior within the current session on the website. Used to store a user-ID and differentiate website users 30 days

By using our service, you explicitly consent to the use and processing of your data collected by parse.ly as described above. You can prevent your participation in parse.ly's analysis by declining to opt in to non-essential cookies from the banner pop-up on the website.

7.4 Braze

Clue uses a data analysis and app engagement service operated by Braze, a company based in the United States, which utilizes device identifiers that are stored on your mobile device and allow us to analyze your use of the Clue app in order to improve our app features and to communicate with you via in-app messages, push notifications and email. Data concerning your use of the Clue app is stored on a server in the EU operated by Braze, Inc.

It is not possible to opt-out of Braze as it is an essential tool that we require in order to provide our services to you.

7.5 Firebase

Clue uses a suite of performance analysis and monitoring tools called Firebase, which is provided by Google Inc. Firebase allows us to monitor the overall performance and stability of our apps, implement internal version control, identify bugs and prioritize fixes. For this purpose Firebase collects your IP address, device identifier, as well as event and usage data related to your use of Clue. This data will be transferred to and stored on a server in the EU and operated by Google, Inc.

It is not possible to opt-out of Firebase as it is an essential tool that we require in order to provide a functioning Clue app to you.

7.6 Sentry

Clue uses Sentry, a performance analysis and monitoring tool for the Clue App, which is provided by Functional Software, Inc. a company seated in the USA. Sentry allows us to monitor the overall performance and stability of our apps, identify bugs and prioritize fixes. For this purpose Sentry collects your IP address, device identifier, as well as event and usage data related to your use of Clue. This data will be transferred to and stored on a server in the USA and operated by Functional Software, Inc.

By using our service, you explicitly consent to the use and processing of your data collected by Functional Software, Inc. as described above.

It is not possible to opt-out of this as Sentry is an essential tool that we require in order to provide a functioning Clue app to you.

7.7 Amplitude

Clue uses a data analysis service operated by Amplitude. Amplitude uses device identifiers that are stored on your mobile device and allow us to diagnose issues and analyze your use of the Clue app in order to improve our app features. Data concerning your use of the Clue app will be transferred to and stored on a server in the USA operated by Amplitude.

By using our service, you explicitly consent to the use and processing of your data collected by Amplitude as described above. But you can opt out at any time. You can prevent your participation in Amplitude's analysis by adjusting your privacy preferences within the Clue app to exclude "statistics, analysis and improvement of our app". From the Clue app, tap on More Menu > Settings > Data Privacy to adjust your preferences.

7.8 Adjust

Clue uses an in-app performance and analysis service by Adjust, a Berlin-based company that helps us understand where our users are coming from, and how they are interacting with our app, so that we can optimize our ad campaigns. Adjust uses your advertising identifier (Apple IDFA on iOS and your Google Play Services ID on Android), and your IP- and MAC addresses modified in such a way that it is not possible to identify you or your mobile device individually to provide these insights to us.

By using our service, you explicitly consent to the use and processing of your data collected by Adjust as described above. But you can opt out at any time. You can prevent your participation in Adjust's analysis by adjusting your privacy preferences within the Clue app to exclude "statistics, analysis and improvement of our app". From the Clue app, tap on More Menu > Settings > Data Privacy to adjust your preferences.

7.9 EU-US Privacy Shield Framework

The above mentioned companies are either EU-based or are based in the United States of America and compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met or have ensured an adequate level of data protection by entering into an agreement with Clue, based on the Standard Contractual Clauses for data transfer between EU countries and non-EU countries. The privacy policy of these services can be found on their respective websites.

Read more about the EU-US Privacy Shield Framework here and about the Standard Contractual Clauses here.

8. Communications, Surveys and newsletter activities

Clue uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications, in-app messages and emails to deliver health content and occasional promotional materials that may be of interest to you.

If you have requested Cycle Review emails as part of a subscription to Clue Plus, then that email will also contain a summary of personal health data that you have tracked in the app. You can unsubscribe from Cycle Review emails at any time.

You consent to push notifications when you activate Clue's push notifications on your device settings. You can withdraw your consent at any time. You can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message, and you can disable notifications sent by Clue in your device settings.

Clue may communicate with you via email if you have contacted Clue for questions or support requests in connection with our services or the Clue app. For certain support requests, Clue will have to access and process your personal data, including your health data for the purpose of answering your request. You explicitly provide your consent for the processing of your personal data, including your health data for answering your support request.

Clue may also use surveys to receive your feedback, e.g. on the performance of the app or on certain health topics. Such information given by you via such surveys is processed by Clue for the purposes as set forth in this Privacy Policy.

In order to provide these services, Clue may share information such as your email address to third-party providers for the sole purpose of carrying out such newsletter services, surveys or notifications. These providers are Braze Inc. ("Braze"), seated in New York, USA, which may process your email address, name, a user identifier and usage data to send you information and occasional commercial content via in-app message, push notifications and email; Message Systems Inc. ("SparkPost") seated in San Francisco, USA, which processes names and email addresses as well as the personal information that may be included in transactional emails (e.g "I lost my password" or "verify your Clue account"); Typeform S.L. ("Typeform"), seated in Barcelona, Spain, which may process information from survey forms filled out by you; and WIDGIX LLC dba SurveyGizmo ("SurveyGizmo"), which may process information from science research surveys you participated in. For customer support and communication with you, Clue uses services provided by Slack Technologies Ltd ("Slack"), seated in Dublin, Ireland and Zendesk, Inc. ("Zendesk") seated in San Francisco, USA. We use Growthdot, seated in Ukraine, to anonymise customer support communications at the end of the retention period and services provided by Parlamind GmbH and DP-Dock GmbH (unitQ) both seated in Germany and Culinar Oy (Ultimate.ai) seated in Finland, to monitor and improve the quality of our customer support.

The privacy policies of these services can be found on their respective websites. U.S. based companies are compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met or guarantee a sufficient level of data protection by agreeing to EU Standard contractual clauses with Clue

9. Young users

Clue does not knowingly collect or use personal data from children under the age of 13. By registering to a Clue account you are required to confirm that you are at least 13 years old, or that your parents have agreed that you can use the Clue app.

If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country (this is between 13 and 16 years old, depending on the country you live in) or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using Clue without your permission or if you have any specific question about data privacy at Clue, do not hesitate to get in touch with us at trust@helloclue.com.

If Clue gains actual knowledge that information has been collected from children under the age of thirteen in the United States contrary to the Children's Online Privacy Protection Act of 1998 and the regulation thereunder, Clue will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.

10. Changes to this Privacy Policy

Clue reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of Clue's services, or advances in technology. Please check this page periodically for changes. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.

11. Responsibility for Data Processing

Clue is made in Berlin, Germany, and the way we handle data meets the high standards set by German and European legal requirements. Clue is made by BioWink GmbH, Adalbertstraße 7-8, 10999 Berlin. Further contact information can be found here. Clue has an appointed data protection officer. Please do not hesitate to reach out to trust@helloclue.com if you have any questions.

12. Prevailing Language

Clue is used by people with cycles around the world, who access the app in a multitude of different languages. We use professional translators and proofreaders to translate all of our communications, including this Privacy Policy, as accurately as possible into those languages. However, please understand that we cannot assure 100% accuracy for all of our translations, in particular with respect to any legal content. Please note that the English version of this Privacy Policy is therefore the original version, which prevails over all other versions in case of deviation from the English original. The most up-to-date version of this Privacy Policy is always available in English on our website.

Further Reading