5. Server-Side Data Storage and Internal Analysis

SteadySense stores and analyzes anonymized usage data on its servers (server location: European Union) to improve the femSense App. Data transmission is encrypted via HTTPS.

The following data may be stored in anonymized form on SteadySense servers and analyzed internally:

• Age / date of birth
• App tracking settings and features used (app modes, enabled symptom tracking options)
• Aggregated period data (e.g., average cycle length, cycle regularity)
• Symptom categories (e.g., pain, mood, energy, free text input in notes)
• Aggregated temperature data and sensor analysis patterns

SteadySense can trace this data back to individual users in order to provide personalized support in the event of a problem. For internal analysis purposes such as improving algorithms, quality assurance, and further development of the App, the data is anonymized.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in product improvement).

6. Transfer of Anonymized Data to Research Partners

SteadySense may transfer data (e.g., cycle data, temperature data, symptom data) in anonymized form to scientific research partners or universities for studies in the field of women’s health. The transfer takes place exclusively in fully anonymized form, without the possibility of attribution to individual users.

Upon registration in the femSense App, the individual user consents to the transfer of such data in anonymized form for research purposes by accepting this Privacy Policy.

Consent can be withdrawn at any time in writing (support@femsense.com). Withdrawal does not affect the lawfulness of processing already carried out.

Legal basis: Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR.

7. Third-Party Services: Firebase

The App uses two services from Google Firebase (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland):

7.1 Firebase Analytics (Usage Analysis)

Firebase Analytics is used to collect aggregated, pseudonymized statistics about general App usage (e.g., feature activation rates, navigation patterns, session duration).

• Firebase Analytics is configured so that no personal data is collected.
• No data is shared with Google Ads or other Google services.
• IP anonymization is enabled, and all identifiers are pseudonymized.
• Firebase Analytics uses a Firebase Installation ID created per app installation. This can be traced back to a device.
• The purpose is exclusively to improve App functionality — no profiling, no marketing.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Privacy notice: https://firebase.google.com/support/privacy

7.2 Firebase Remote Config (Regional App Configuration)

Firebase Remote Config is used to dynamically retrieve non-personal configuration parameters that ensure the App functions correctly depending on the region (e.g., country-specific shop links, GTIN, support email, links to the privacy policy, legal notice, and terms and conditions).

• Remote Config transmits only standard technical metadata (e.g., truncated IP address, device type).
• No personal data or health data is transmitted via this feature.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in regionally compliant App operation).

Privacy notice: https://firebase.google.com/support/privacy

8. Data Storage and Deletion

Local data on your device can be deleted at any time by removing individual entries or user profiles in the App, or by uninstalling the App. SteadySense cannot restore locally deleted data.

Anonymized server-side data is retained only for as long as necessary to fulfill the respective purpose (internal analysis, research). Firebase analytics and configuration data are generally stored for no longer than 90 days.

If you wish to delete your femSense account, open the “My Account” section in the femSense App menu and click “Delete Account.”

Deleted accounts cannot be restored.

9. Data Security

SteadySense applies strict security measures:

• All data transmissions between the App and server are encrypted via HTTPS/TLS.
• Locally stored data is protected by the device’s native security features (iOS/Android sandboxing and encryption).
• The SteadySense server is located in the European Union.
• All SteadySense employees are bound by confidentiality obligations.

10. Rights of Data Subjects

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR) — at any time with effect for the future

To exercise your rights, please contact: gdpr@steadysense.at

You also have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority, Wickenburggasse 8–10, 1080 Vienna | dsb@dsb.gv.at

11. Data of Minors

The App is designed for adults. Users under the age of 16 (EU) should use the App only under the supervision of their legal guardians.

12. Changes to This Privacy Policy

We may update this policy to reflect technical or legal changes. The current version is always available in the App and at www.femsense.com.

13. Kontakt

For questions regarding data protection, please contact:
SteadySense GmbH | Johann-Schreiner-Strasse 3b | 8074 Raaba-Grambach | Austria Tel: +43 316 232004 | E-Mail: gdpr@steadysense.at