We built Ferne so that most of what other cycle tracking apps have to explain in their privacy policies simply doesn't apply to us. That's not a coincidence. It's the point.
Last updated: February 2026 | Applies to: ferne.health and the Ferne app | Questions: support@ferne.health
If you have read a privacy policy for another cycle tracking app recently, you will have seen a lot of sections about servers, data centres, third-party sharing, retention schedules for health data, and how they handle government requests for your intimate health records. Those sections are long because those apps have a lot to account for.
Ferne works differently. Your cycle data — every date, symptom, mood and note you log — is stored on your device using your phone's local storage. It is never transmitted to us. We have no server receiving it, no database holding it, no team member who can access it. This isn't a policy we've written. It's how the app is engineered.
The consequence is that a lot of the things privacy policies normally have to cover simply don't arise for us. We don't have to tell you how we secure your health data on our servers, because we don't store it there. We don't have to explain our data sharing arrangements for health data, because there are none. We don't need a retention schedule for your cycle history, because we never receive it.
What follows covers everything we do hold, how we handle it, and the rights you have over it — universally, regardless of where in the world you are located.
Our universal standard: The rights and protections in this policy apply to all Ferne users regardless of where they live. Rather than applying the minimum required by any single jurisdiction, we apply the most protective standard available across the frameworks we operate under.
Ferne is a cycle tracking application developed and operated from Australia. Our website is ferne.health. References to "Ferne", "we", "us" or "our" in this policy refer to the Ferne team. If you have any questions about this policy, contact us at support@ferne.health.
What we do hold:
Waitlist email address. If you joined our waitlist, we hold your email address for the sole purpose of letting you know when the app is ready. That's it. We don't use it for marketing, we don't share it, and you can ask us to delete it any time.
Payment confirmation. If you subscribe to Ferne Premium, payments are handled by Stripe. We receive confirmation that a subscription is active. We never see your card details, billing address, or any other payment information. Those stay with Stripe.
Basic website analytics. Our website may collect anonymised, aggregated data about page visits — broad location, pages viewed, time spent. No personal identifiers. No profiles. Used only to understand how the website is performing.
Support correspondence. If you email us, we keep that correspondence to respond to you. We don't use support emails for any other purpose.
We use the limited information we hold for four purposes only: to notify waitlist members at launch, to manage active subscriptions, to respond to support requests, and to understand broad website usage through anonymised analytics. We do not use your information for advertising, profiling, or any commercial purpose beyond operating the service.
We do not sell your personal information. We do not share your health data with anyone, because we don't hold any. The only third-party services involved in running Ferne are:
Neither service has access to your cycle or health data. If we ever add a third-party service, we will update this section before doing so.
Your app data never leaves your device, so there is nothing for us to secure on our end. The risk of a server breach exposing your health data does not exist, because there is no server holding it.
Encrypted sync (Premium feature). If you choose to sync across devices, your data is encrypted on your phone before it moves anywhere. The encryption key is derived from your credentials and never transmitted to us. What we hold is an unreadable encrypted file. We cannot decrypt it even if asked to.
Operational data (waitlist emails, subscription status) is stored with reputable providers using industry-standard security. All data in transit uses HTTPS.
Your health data: no retention period applies on our side, because we never receive it. It lives on your device for as long as you choose.
Waitlist email addresses: held until you ask us to remove them, or until six months after launch, whichever is sooner.
Support correspondence: retained for up to two years.
Payment records: retained by Stripe in line with their policies and applicable financial regulations.
We do not use advertising cookies, third-party tracking cookies, or any cookie-based profiling on ferne.health. We may use a minimal functional cookie to keep the website working correctly. The Ferne app contains no advertising SDKs, no third-party analytics tools that transmit personal data, and no tracking identifiers.
If we receive a subpoena or legal demand for your health data, we will have nothing to hand over. This is not a commitment we have to strain to keep. Your cycle data exists on your device. It has never passed through our systems. No court order can compel us to produce data we don't possess.
For the limited personal data we do hold — waitlist emails and subscription status — we will notify affected users of any legal demand to the extent the law permits, and will actively challenge requests we consider overbroad or unlawful. We believe your right to private health records matters, and we will act accordingly.
The following rights apply to all Ferne users, regardless of where they are located. We don't apply these only where legally required. We apply them because they are reasonable.
To exercise any of these rights, email support@ferne.health. We will respond within 30 days.
Ferne is built to the most protective standard across the frameworks we operate under. Wherever you are, the rights in Section 10 apply to you. Below is how our practices map to specific regional frameworks.
EU and UK (GDPR / UK GDPR). Our legal basis for processing your waitlist email is consent, given when you submitted the form. You have the right to lodge a complaint with your local data protection authority.
California (CCPA / CPRA). We do not sell personal information. We do not share personal information for cross-context behavioural advertising. California residents have the right to know, delete, correct, and opt out, and will not face discrimination for exercising those rights.
Other US states. We apply the rights in Section 10 to all users in all US states regardless of whether a specific state law requires it.
Canada (PIPEDA). Our practices are consistent with the Personal Information Protection and Electronic Documents Act. You have the right to access your personal information and challenge its accuracy.
Australia. We operate under the Privacy Act 1988 and the Australian Privacy Principles. See Section 15 for how to make a formal complaint with the OAIC.
International data transfers. Where data passes through Formspree or Stripe, those services may process data outside Australia. Both maintain appropriate transfer mechanisms including standard contractual clauses where required.
Ferne is intended for users aged 17 and over. We do not knowingly collect personal information from anyone under 17. If you believe a minor has provided us with their information, contact support@ferne.health and we will delete it promptly. We recognise that cycle tracking is relevant to younger teenagers and are thinking carefully about how to handle this in future versions of the app.
Because we hold no health data and very limited personal data, the scope of any potential breach affecting our systems is narrow compared to apps that store health information on their servers. In the event of a qualifying breach, we will notify affected individuals and relevant authorities in line with applicable law — within 72 hours under GDPR, and under the Australian notifiable data breaches scheme where serious harm is likely.
We will notify waitlist members by email of any material changes and update the date at the top of this page. For significant changes, we will give at least 30 days notice. We will not make changes that undermine the core principle: your health data is stored on your device and never transmitted to us.
If you have a concern, please contact us first at support@ferne.health. We will respond within 30 days. If you are not satisfied, you can escalate to the relevant authority:
Questions, requests, or concerns can be sent to support@ferne.health. We are a small team and we read everything. We aim to respond within 5 business days, and within 30 days for formal rights requests.