Lua Care

Privacy Policy

Last updated: June 14, 2026

1. Introduction

At Lua Care, your privacy is our priority. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our application.

By using Lua Care, you agree to the practices described in this policy. We recommend reading it carefully.

2. Information we collect

We collect the following information that you voluntarily provide to us:

Profile data:

  • Name or nickname (it may be anonymous).
  • Year of birth.
  • Hormonal stage (menstrual cycle, perimenopause, menopause).
  • Contraceptive method (if applicable).

Health data:

  • Physical and emotional symptoms you log.
  • Dates and menstrual cycle data.
  • Sleep information (hours and quality).
  • Weight and height (if you choose to provide them, they are optional).
  • Information about PCOS/SOP (if you choose to provide it).
  • Food and physical activity logs.

Pregnancy pause mode:

  • The Lua Care application is NOT functional for pregnancy follow-up. We do not collect information relevant to that state. When you activate pregnancy mode, the app stops calculating cycle phases and performing usual hormonal tracking functions. Although you can continue logging food, sleep or other data, these are not processed for gestational follow-up. We recommend consulting a doctor or gynecologist and using a specific application designed for pregnancy tracking.

Wearable device data (Apple Health, WHOOP and similar):

  • With your authorization, we may read sleep metrics (hours, efficiency, disturbances, debt), skin or wrist temperature, SpO2, average and maximum heart rate, training load (strain), recovery scores, and summaries of physical activity or workouts. This data is used exclusively to enrich your hormonal patterns, correlations, and hormonal stage calculations. It is not shared with third parties except the infrastructure providers already mentioned.

Optional intimate health module:

  • You may optionally enable the intimate health module to log libido level, sexual activity, and comfort during intercourse. This information is entirely optional, stored privately under your privacy controls, and used only to detect patterns related to genitourinary syndrome of menopause (GSM) and your hormonal well-being. You can disable the module at any time; previous data is retained only if you choose to keep it.

Technical data:

  • Anonymous session identifier.
  • Date and time of App use.
  • Consents granted and their dates.

3. How we use your information

We use your data exclusively to:

  • Provide symptom and cycle tracking functionality.
  • Generate personalized insights through artificial intelligence.
  • Show you predictions and trends based on your history.
  • Improve the accuracy of the App tools.
  • Maintain and improve the operation of the service.

We never sell, rent, or share your personal information with third parties for advertising, marketing, or AI model training purposes. Your data is only processed to deliver the app's functionality, generate personalized insights, and improve the accuracy of our hormonal tracking tools. Any processing with external providers (Supabase, Anthropic) occurs under strict confidentiality and data protection contracts.

4. Artificial intelligence processing

Lua Care uses artificial intelligence models to generate personalized insights. When you use AI features (insights, chat, food analysis), the following data is sent for processing with artificial intelligence (we may use different AI models, such as those from Anthropic, OpenAI or other providers, depending on availability, technological evolution and service needs):

Data that is sent:

  • Symptom logs, sleep data, food logs, hormonal phase, and detected life stage. We never send your name, email, direct identifiers, free-text notes, or location data.

Processing conditions:

  • The data is processed under data protection agreements with the corresponding AI provider.
  • The data is not used to train third-party AI models.
  • Processing takes place on secure servers with encryption in transit.
  • When you share your profile with a doctor, the medical copilot also processes the structured summary with artificial intelligence in a read-only manner. To contextualize the profile, that processing may include your name, so it is pseudonymized, not anonymous.

AI-generated insights are based on peer-reviewed medical and scientific literature. You can consult our sources in the Sources and methodology section.

5. Storage and security

Your data is protected through:

  • Encryption in transit (TLS/SSL) and at rest.
  • Secure authentication with PKCE (Proof Key for Code Exchange).
  • Row Level Security policies in the database, ensuring that only you can access your own data.
  • Servers hosted on cloud infrastructure with security certifications (AWS/Supabase).
  • Rate limiting to prevent abuse.
  • Security headers (CSP, HSTS, X-Frame-Options) to protect the application.

6. Data sharing

We only share data in the following limited circumstances:

  • Service providers: we use Supabase (storage and authentication) and Anthropic (insight generation), under confidentiality and data protection agreements.
  • Legal obligation: if required by law, court order, or valid legal process.
  • Protection: to protect the rights, property, or safety of Lua Care, our users, or others.

Sharing your hormonal profile with healthcare professionals:

  • Consent when sharing. Lua Care lets you generate a link to share a structured summary of your hormonal profile (stage, observed evidence, patterns, and history summary) with the healthcare professional you choose. Each time you generate a link, you give your express, specific consent for that act of sharing; we log the date of that consent.
  • You control the link. It is your responsibility to generate the link and decide whom you give it to. Lua Care does not control and is not responsible for the use, storage, or disclosure the healthcare professional makes of the information once shared. The professional acts as an independent data controller, not as Lua Care's processor.
  • Read-only. The professional's access is read-only; they cannot modify your original data in Lua Care.
  • AI-assisted summary. To build the summary and assist its reading, an AI copilot queries your historical data on a read-only basis. To contextualize the profile, this copilot may process data that includes your name; therefore this flow is pseudonymized, not anonymous. Processing is performed with AI providers under data-protection agreements (we may use different models depending on availability and technological evolution) and is not used to train their models.
  • Educational nature. The summary is guidance-oriented and educational, generated automatically from data you logged (self-reported, not validated clinical measurements), and may contain inaccuracies. It does not constitute a diagnosis and must not be the sole basis for a clinical decision; assessment is the healthcare professional's responsibility.
  • Data accuracy. You are responsible for the accuracy of the information you log; the summary reflects that data.
  • Revocation. You can revoke access at any time from the app. Revocation prevents future access but cannot retrieve or delete information the professional has already seen, downloaded, or retained.
  • Limited scope. Shared data is limited to the structured summary; it does not include free-text notes or the detail of individual logs outside that summary.

7. Data retention

We retain your data while your account remains active. If you request deletion of your account, we will delete your personal data within a maximum period of 30 days, unless the law requires us to retain it for a longer period.

Guest (anonymous) user data is retained while the session remains active on the device.

8. Your rights

As a Lua Care user, you have the right to:

  • Access: request a copy of the personal data we have about you.
  • Rectification: correct inaccurate or incomplete data.
  • Deletion: request deletion of your account and all your data.
  • Portability: request your data in a structured and commonly used format.
  • Withdrawal: withdraw your consent at any time.

To exercise any of these rights, contact us at soporte@lua.care. We will respond to your request within a maximum period of 15 business days.

9. Adults only

Lua Care is an application exclusively for people over 18 years old. Use by minors is not permitted. We do not intentionally collect data from people under 18 years old.

If we discover that we have collected data from a person under 18 years old, we will delete it immediately.

10. Cookies and similar technologies

Lua Care uses browser local storage (localStorage) exclusively to keep your session active and store your preferences. We do not use tracking cookies or advertising tracking technologies.

11. International transfers

Your data may be processed on servers located outside your country of residence. In those cases, we ensure that appropriate protection measures are in place under applicable law.

12. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of significant changes through the App. The "last updated" date at the beginning of this document indicates when the most recent revision took place.

13. Legal framework

This policy follows the principles of Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and adheres to international data protection best practices, including the principles of the GDPR (General Data Protection Regulation) of the European Union and the CCPA (California Consumer Privacy Act).

14. Contact

If you have questions, comments, or requests related to this Privacy Policy or the handling of your personal data, contact us at:

soporte@lua.care