X icon button to close sales banner

Save 25% on Clue Plus

Use code: HELLO25 at checkout

Subscribe now

Clue Privacy Policy

Last updated February 14, 2024

1. How Clue values data privacy

At Clue, we believe that technology and data present a groundbreaking opportunity to empower people to take control of their health. The Clue app gives people the ability to understand what is going on inside of their bodies and minds based on individual tracked health data, providing self-insight and self-advocacy that’s powered by data processing.

We also fully acknowledge the responsibility that comes with being the safekeepers of so much intimate data which is tracked by people using Clue. Which is why we are always striving to achieve the highest standards of privacy and security. Keeping your data safe is at the core of everything we do.

We see it as our job to be clear and transparent so that you can truly understand what we do with your data, even though the digital ecosystem of an app is complex. To provide our service as a health app, we rely on a number of other providers as summarized below to help us.

Please read the whole of this Privacy Policy to understand how we handle your data. We have done our best to make it as clear and comprehensible as possible. If you have any questions, reach out to us at <trust@helloclue.com>.

2. The types of data we process

We process three types of data in order to provide our services on the Clue app and the helloclue.com website. All of our data is securely stored on servers located in the European Union (EU).

Account data: In order to create your Clue account, we process some of your personal data such as a username, date of birth and email address.

Usage data: In order to provide our services and technically improve performance, we process how you interact with our products using different data points. Such data includes device data, which informs us about the device you use to access our app services (such as device model, name and identifiers, device settings, application identifier, crash information). On our website, we also collect information about your browser (such as browser settings, operating system, system settings). Other usage data includes the IP address provided by your browser or mobile device, which we collect in order to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes, and for regulatory compliance in different countries. We do not collect your precise location.

Health data: In order to provide our service as a health app, we process health data and other sensitive data that you choose to track in the Clue app. Such health data may include your cycle information (e.g. period length, pain, or spotting), and depending on the data you provide, it may also contain other sensitive data about your experiences (e.g. weight, body temperature, hair quality, sexual intercourse). We only process the health data you choose to share with the Clue app via tracking. You may use different methods provided by the app to track your health data in the app. This can include manually entering your data into the app, or importing your data from other integrations or devices supported by Clue (such as Apple Health or fitness trackers).

3. How and why we process your data

Data processing is essential to providing the service of Clue. Whenever you use our services, some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.

Below are the purposes for which we process your data, and the type of data that’s processed to fulfill each purpose:

3.1 To provide our core service to you

To provide our service, we process the following:

  • Health data: This is processed whenever you track your health data in the Clue app, either manually or through import integrations, in order to provide our core service as a health tracking app. This includes both your cycle information data and other sensitive data that you choose to track in the Clue app.

  • Device data, event data, usage data, IP address: This is processed when you use the Clue app or helloclue.com, to understand how you interact with our services and to technically improve performance.

  • Account data: This is processed when you set up your Clue account, to enable you to sign in to the Clue app, and additionally to communicate with you on service-related topics. Such communications may include information about your account, essential app updates, or insights and recommendations based on health data you have tracked. These communications can be sent to you via in-app messages, reminders, notifications, or emails.

Please read the following sections to understand which third party services, integrations, and partnerships we use to provide our core service.

3.1.1 Essential third party providers:

We use several third party providers to help us perform our core services.

Amazon Web Services: Clue uses Amazon Web Services EMEA SARL (“AWS”) as our hosting provider to store our data on secure servers. We only use AWS data centers in the European Union. All data stored with AWS is encrypted by Clue.

Braze: Clue uses services operated by Braze, a company based in the United States, to help us facilitate communication with you via in-app messages, push notifications and emails. Such communications may include information about your account, essential app updates, or insights and recommendations based on health data you have tracked. For this purpose Braze processes your email address, name, user identifier, certain tracked health data, and usage data. This data is always treated in a masked, obfuscated (pseudonymized) form.

Braze has ensured an adequate level of data protection by being listed under the EU-US Data Privacy Framework ,and by also entering into an agreement with Clue based on the Standard Contractual Clauses for data transfer between EU countries and non-EU countries (see Section 4). The privacy policy of these services can be found on their respective websites. Data concerning your use of the Clue app is stored on a server in the EU, operated by Braze, Inc.

It is not possible to opt-out of Braze as it is an essential tool that we require in order to provide our services to you. However, you can opt out of certain types of messaging from Braze, as explained in Section 3.6.

Datadog: Clue uses services provided by Datadog Inc. (Datadog), a company based in the United States, to carry out service and infrastructure monitoring and alerting. Datadog helps us monitor the application performance in real time and resolve issues impacting our users quickly. Datadog stores the data on EU servers.

It is not possible to opt-out of Datadog as it is an essential tool that we require in order to provide a functioning Clue app to you.

Firebase (Android users only): Clue uses a suite of performance analysis and monitoring tools called Firebase, which is provided by Google Inc. Firebase allows us to monitor the overall performance and stability of our app, implement internal version control, identify bugs and prioritize fixes. For this purpose Firebase collects your IP address, device identifier, as well as event and usage data related to your use of Clue. This data will be transferred to and stored on a server in the EU and operated by Google, LLC.

It is not possible to opt-out of Firebase as it is an essential tool that we require in order to provide a functioning Clue app to you.

Sparkpost: Clue uses services provided by Message Systems Inc. (“SparkPost”), a company based in the United States, to process names, email addresses and personal information that may be included in transactional emails (such as “I lost my password” or “Verify your Clue account” emails).

It is not possible to opt-out of Sparkpost as it is an essential tool that we require in order to provide a functioning Clue app to you.

3.1.2 Integrations to track your data:

In addition to manually tracking your health data in the Clue app, importing data from other sources is supported for the integrations listed below.

Apple Health (iOS): This section is only applicable to users who choose to sync their Apple Health app with the Clue app. Clue will not exchange any personal data with Apple’s Health app unless you specifically approve this. Approval can be given by you in the relevant settings of the Health app or within the Clue app via your Settings. If you have given your approval, Clue may interact with the Health app on your iOS device and read and/or write information between the Clue app and the Health app. This may include a transfer of your personal data to Apple servers located outside the European Union.

You can choose if and to what extent your personal data is exchanged between Clue and the Health app by granting or revoking the relevant permissions in your Health app settings. This can be done at any time. Please refer to the Privacy Information of Apple Health for further information.

Oura Ring: This section is only applicable to users who sign up to Clue via Oura, or who already have a Clue Plus account and have decided to connect their Clue account with their Oura Ring. Clue will not exchange any personal data with Oura. If you have connected your Oura profile with your Clue profile and given permission in your Oura App settings, Oura shares some pseudonymized tracked data with us. We use this for the purpose of providing better data visualization and enhancing your Clue app experience.

You can choose if and to what extent your personal data is exchanged between Oura and Clue, by granting or revoking the relevant permissions in your Oura settings. This can be done at any time. You can read more about this in Oura’s Privacy Policy.

3.1.3 Social logins:

When first creating your Clue account, there are several options on how to sign up. In addition to signing up with your email address, it’s possible to use services provided by Facebook, Apple, or Google.

Facebook Login: Clue uses “Facebook Login” to allow users to create and sign in to their Clue account with their Facebook credentials. If you use this service, you authorize us to collect your basic profile information from Facebook, such as your name, email address and profile picture. This information is collected by Facebook and is provided to us under the terms of Meta’s Privacy Policy. You can control the data we receive from Facebook in the privacy settings within your Facebook account.

If you sign up to Clue using Facebook, Clue will only exchange with Facebook the types of data you provided to Facebook when creating an account with them (such as name, email address). This may include a transfer of your personal data to Facebook servers located outside the European Union. It is your choice if and to what extent you use the “Facebook Login” service and what information you provide to Facebook. Absolutely no health data will be exchanged with Facebook.

Sign in with Apple: Clue uses “Sign in with Apple” to allow users to create and sign in to their Clue account with their Apple credentials.

If you sign up to Clue using Apple, Clue will exchange certain data with Apple like device data, IP-address, and information you provided to Apple when creating an account with Apple Inc. This may include a transfer of your personal data to Apple servers located outside the European Union. It is your choice if and to what extent you use the “Sign in with Apple” service and what information you provide to Apple. Absolutely no health data will be exchanged with Apple for the purpose of using the “Sign in with Apple” service.

Sign in with Google: Clue uses “Sign in with Google” to allow users to create and sign in their Clue account with their Google credentials. If you use this service, you authorize us to collect your basic information from Google, like your email address. You can manage this any time in your Google account. Please see Google's resources for more details on this.

If you sign up to Clue using Google, Clue will exchange with Google the types of data you provided to Google when creating an account with them (such as name, email address). This may include a transfer of your personal data to Google servers located outside the European Union. It is your choice if and to what extent you use the “Sign in with Google” service and what information you provide to Google. Absolutely no health data will be exchanged with Google.

3.1.4. Partnerships

To allow users from other platforms to sign up to Clue and subscribe to Clue Plus, Clue has partnerships with those listed below.

Gympass: This section is only applicable to users who sign up for Clue Plus via Gympass. Clue has partnered with Gympass, a health and wellbeing platform located in the United States, that enables its members to access many health and wellbeing services. Clue Plus is part of their service offering.

If you choose to sign up for Clue Plus using your Gympass subscription, Gympass sends Clue your Gympass ID as confirmation that you are a Gympass subscriber. Upon receiving this information, Clue will then activate your Clue Plus subscription. Clue shares with Gympass whether you have been active in the Clue app. This is done by sending an event called ‘Create Record’ to Gympass. At no point does Gympass ever receive any of your tracked health data.

Legal basis: Our legal basis for processing the above mentioned data is Art. 6 b) General Data Protection Regulation (GDPR), which means that we use it to perform the contract that you have entered into with Clue, via Gympass. We also process your Clue account data and usage data on the legal basis of Art 6 Sec.1 lit b) GDPR to provide our services to you. The processing of health data to provide our service to you is based on the following consent according to Art 9 Sec.2 lit a) GDPR:

I agree to Clue processing the health data I choose to share with the app, so they can provide their service.

All personal data collected for providing our service is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.1.5. Payment provider

If you decide to subscribe to Clue Plus via helloclue.com, your subscription will be handled by our payment provider, Paddle, who will facilitate the payment. In this case, Paddle will become the controller of your payment data. Clue will remain the controller for all the data related to the usage of the Clue app. Paddle will never have access to any of your tracked data or other app related usage data. You can read more about how Paddle handles your payment data in their Privacy Policy.

3.2 To provide customer service

To help a Clue user who has contacted our Support Team with questions regarding our services, we may communicate with this person via email to provide customer service. Providing this service is part of our paid Clue Plus subscription.

If you use this service, Clue will have to access and process your personal data, including your health data depending on the nature of your query. We do this so we can adequately provide you support with your request.Third party providers:

To provide customer support and communicate with you, Clue uses services from Slack Technologies Ltd (“Slack”), based in Ireland, and Zendesk, Inc. (“Zendesk”), based in the United States. We also use Growthdot, a company based in Ukraine, to anonymise customer support communications at the end of the retention period.

Whenever data is transferred to providers outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4).

Legal basis:The legal basis for processing your account data and usage data for customer service is Art 6 Sec. 1 lit b) GDPR, and Art 9 Sec.2 lit a) GDPR for your health data.

When you contact the Clue Support Team, you explicitly provide your consent for the processing of your personal data, including your health data, so that your query can be answered.

All personal data collected for our customer service is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.3 To help advance scientific research

To help advance menstrual and reproductive health studies, we share relevant de-identified health data you’ve tracked in the Clue app with carefully selected research partners to be used in their scientific studies.

When you track in Clue, your data becomes something powerful. It can help answer questions to better understand menstrual and reproductive health. Women and people with cycles are still widely underrepresented in health research. We believe that the data tracked in Clue can change this. By teaming up with our trusted research partners we can advance research, break harmful taboos and lay the groundwork for better healthcare.

We only share data that is directly relevant to the research question and follow strict protocols to ensure your data always remains anonymous to the researchers. We use a de-identification technique which means all personal identifiers like your name and email address are erased. Your dataset is then assigned a random ID, making sure you can’t be identified by the researchers.

If you are a participant in a scientific study that is run by a research facility using Clue as a tool to collect information for that study, then Clue will share your personal information with the research facility only under the terms of your consent as given to that research facility. When you use Clue as part of a scientific study, we will otherwise treat your personal data with the same care as we do all user data. The research facility will be solely responsible for the usage of your personal data, including health data, in the context of their scientific study. We consider that Clue and our partnered research facilities have joint responsibility ("joint controllership" under GDPR) in this case.

Research partners: We team up with carefully selected research partners both in and outside of the European Union. You can read more about the type of research partnerships we have here.

Whenever data is transferred to partners outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4).

Legal basis: The processing of your health data for scientific research is based on the following consent according to Art 9 Sec.2 lit a) GDPR, if you have toggled this on in your privacy settings:

I agree to the health data I track in the app being de-identified and shared with carefully selected research partners in and outside of the European Union to advance menstrual and reproductive health studies.

You can toggle this off at any time. All personal data collected for scientific research is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.4 To improve Clue features with health analytics

To help us build more valuable features in Clue, we process health data you’ve tracked in the app to better understand which features are most useful to you. By processing data such as period dates and cycle experiences, we can better understand how our community uses the app and further tailor the experience to fit their needs.

By analyzing how our community uses the app, we can understand which features are most valuable. We use these insights to drive feature development, so we can make sure to deliver what’s most important. This could include things like improving the accuracy of predictions, building new algorithms to offer you more health insights, or creating content about topics we see our community wants to read about more.

The processing of health data for analytics purposes is managed internally by Clue. We store your data on servers in the EU and it’s always de-identified, removing personal identifiers like your name and email address. These procedures ensure your privacy.

Third party providers: We do not use any third party providers for this purpose.

Legal basis: The processing of your health data for health analytics is based on the following consent according to Art 9 Sec.2 lit a) GDPR, if you have toggled this on in your privacy settings:

I agree to the health data I track in the app being processed for analytics purposes so Clue can improve my predictions, develop new algorithms and create more valuable features with personalized insights.

You can toggle this off at any time. All personal data collected for the health data analytics is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.5 To technically improve the Clue app

To help us improve the Clue app experience, we process and analyze certain data so we can improve the app and make features easier to use. This includes usage data like your device ID and IP address.

By improving the app and its technical platform, we can deliver a better experience for you and the wider Clue community. It allows us to tailor the app to different types of devices, and most importantly, strive to make the app experience the best it can be.

Third party providers: We do not use any third party providers for this purpose.

Legal basis: We process your usage data on the legal basis of Art 6 Sec.1 lit f) GDPR to technically improve the Clue app based on Clue’s legitimate interest as a company to continuously improve the app and deliver an improved service to you. We do not believe there is anything you could have against this. However you can always opt out of this data processing at any time in your Clue app’s privacy settings by toggling off:

As outlined in Clue’s Privacy Policy and based on Clue’s legitimate interest as a company to continuously improve the app, certain usage and technical data is processed. I have the right to opt out of this at any time.

All personal data collected to technically improve the Clue app is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.6 To allow recommendations from Clue

To make personalized recommendations, we process certain usage data to understand how you interact with the Clue app, as well as the health data you’ve tracked to deliver you more personalized insights. This includes data such as your period dates and cycle experiences. We also collect your account data so we can then send you these recommendations via in-app messages, emails, and push notifications (if you’ve enabled permissions on your device). By personalizing your experience, we can provide information that’s more tailored to you and your needs. This might look like sending you updates about new Clue features based on what you’ve tracked, or suggesting interesting products from partnerships we support that may be relevant to you. For example, if you’re trying to conceive, we might recommend services that can support you on your conception journey. We strive to be mindful about what we communicate and how often, as providing you with the most comfortable experience possible is our main priority.

Third party providers: We use certain third party software providers to help us send these updates, such as Braze (see Section 3.1.1). These providers are not permitted to use the data for any other purpose other than to help Clue personalize your experience.

Whenever data is transferred outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4).

Be assured that the sensitive health data you track in the Clue app is never shared with or sold to advertisers, or any partners whose services we may recommend in Clue.

Legal basis: The processing of your account data and usage data for recommendations from Clue is based on the following consent according to Art 6 Sec.1 lit a) GDPR, and the processing of health data for recommendation from Clue is based on the following consent according to Art 9 Sec.2 lit a) GDPR, if you have toggled this on in your privacy settings:

I agree to my account data, usage data and health data I track in the Clue app being processed so Clue can send me personal recommendations for relevant products based on my tracked experiences. Certain third-party providers, including some located outside of the European Union, are used to help with this.

You can toggle this off at any time. All personal data collected for providing personal recommendations is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.7 To help Clue optimize their advertising efforts

To help us analyze how Clue’s advertising performs, we process certain types of usage data (for example when you install the Clue app or subscribe to Clue Plus) including your device ID and IP address. This helps us identify whether you’ve already downloaded Clue or have a Clue Plus subscription, and find out which Clue ads you interacted with (if any).

By doing this, we can optimize our advertising efforts. For example, if you’ve already downloaded the Clue app, we won’t show you an ad to download Clue. It also helps us understand on which platforms people find out about us, and learn what kind of Clue advertising performs best. With better advertising, we can help raise awareness about the Clue app and empower more people to take charge of their health.

Third party providers: We use certain third party services to help us with our advertising efforts. These include Apple Search Ads and Google Ads, both based in the United States, and Adjust and Taboola (described in more detail below).

  • Adjust: Clue uses an in-app performance and analysis service by Adjust, a company based in Germany. They help us understand where our users are coming from, which age group they are from, and how they are interacting with our app, so that we can optimize our ad campaigns. Adjust uses your advertising identifier (Apple IDFA on iOS, Google Play Services ID on Android), and your IP addresses to provide us these insights. Through Adjust, we share standard app events like installation of the Clue app or subscription to Clue Plus services with certain advertisement networks like Reddit. We do this to avoid showing you Clue ads if you’ve already downloaded or are subscribed to Clue Plus. Adjust does not have access to any of the personal health data you track in the app. You can read more about how Adjust handles data in their Privacy Policy

  • Taboola: Clue uses an advertising service by Taboola, a company based in Germany. They allow us to find new users through their ad platform and optimize our advertising efforts by better understanding where our users come from. With their service, we can identify if users visited specific Clue website landing pages via Clue advertisements hosted by Taboola. This is done by adding a Taboola pixel to our Clue landing pages, and Taboola placing cookies on our website (see Section 7.2). The pixel is a small file that saves information about the visiting user’s device, operating system, and IP address. This is done only if the person agreed to our website’s analytical cookies. The data is pseudonymized in this process. You can read more about how Taboola handles data in their Privacy Policy.Whenever data is transferred outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4). Be assured that the sensitive health data you track in the Clue app is never shared with or sold to advertisers. We do share a minimal amount of technical data with advertising networks, as described above, so that you won’t see a Clue ad if you’ve already downloaded the app or subscribed to Clue Plus.

Legal basis: The processing of your usage data to promote Clue is based on the following consent according to Art 6 Sec.1 lit a) GDPR, if you have toggled this on in your privacy settings:

I agree to my usage and device data being processed so Clue can optimize their advertising efforts to more effectively tell more people about Clue. Certain third party providers, including some located outside of the European Union, are used to help with this.

You can toggle this off at any time. All personal data collected to help to promote Clue is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.8 To optimize advertising with activity tracking (iOS users only)

To help us optimize our advertising and to spread the word about Clue, we enable activity tracking on iOS devices when permissions are turned on. Activity tracking means that limited technical data (like your device ID) and usage data (for example installing Clue or subscribing to Clue Plus) is shared with advertisers so you don’t see Clue ads that aren’t relevant to you. You can turn off activity tracking any time in your iOS Settings.Activity tracking is strictly limited to technical and usage data. Your health data is never shared with advertisers and always protected.

Legal basis: The processing of your usage data for activity tracking is based on the following consent according to Art 6 Sec.1 lit a) GDPR, if you selected “Allow” when presented the following prompt from Apple:

Allow “Clue” to track your activity across other companies’ apps and websites?

All personal data collected for activity tracking is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.9 To improve helloclue.com with website analytics

To improve our website, we process usage data such as your IP address and device data. This helps us track the performance of our website, understand how you use our website, and offer you an improved experience. For this purpose we use cookies and third party tracking services. Cookies are small text files that are intended to make the site better for you to use.

In general, cookies are used to retain preferences, store information for things like shopping carts, provide tracking data to third-party applications like Google Analytics, or identify your device for special advertising purposes such as retargeting. You can learn more about the specific cookies and tracking services used on helloclue.com in Section 7.

Legal basis: The processing of your usage data for website analytics is based on the following consent according to Art 6 Sec.1 lit a) GDPR:

By using our website you consent through an opt-in in the cookie banner that Clue may use cookies and third-party services, and collect your usage data under a unique identifier for the purposes of tracking, analysis, and improvement of our website, as well as advertising purposes such as showing you relevant Clue content.

The usage of non-essential cookies on our website is based on a consent according to § 25 of the German Telecommunication and Telemedia Data Protection Act (TTDSG). When visiting our website, you can decline the use of non-essential cookies in the pop-up notification. If you consent to the non-essential cookies, you may withdraw your consent again at any time in your browser’s cookie settings.

All personal data collected for website analytics is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.10 To deliver Clue newsletters

To provide newsletter and email services, we process certain contact data of those people who have opted in so we can send such communications.

If you’ve registered for a newsletter service of Clue, without being a Clue app user with an account, we will process your information provided in the registration on helloclue.com. This may include your name and email address, which is needed to send you the newsletters you’ve subscribed to.

If you’re a Clue app user with an account, Clue will process the email address you provided with your account registration to send you the newsletters you’ve subscribed to, as well as occasional emails with promotional content. The content of these communications will be for similar Clue services to what you use, or may include promotion for third party products which may be relevant to you from partnerships we support.

If you’ve requested Cycle Review emails as part of your Clue Plus subscription, then that email will also contain a summary of personal health data that you have tracked in the app.

Third parties: Clue may share information such as your email address to third-party providers for the sole purpose of carrying out our newsletter services. Our current provider for this service is Braze. For more information about Braze, see Section 3.1.1. Whenever data is transferred outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4).

Legal basis: The legal basis for sending you our newsletter is based on your consent according to Art 6 Sec.1 lit a) GDPR. The legal basis for promotional emails is based on Art 6 Sec.1 lit a) and lit f) GDPR. The legal basis for Cycle Review emails is based on your consent according to Art 9 Sec.2 lit a) GDPR.

You can unsubscribe from our newsletters, promotional emails, and Cycle Review emails at any time by clicking the unsubscribe link at the bottom of the emails.

All personal data collected for providing our newsletter services is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.11 To gain insights from surveys and interviews

To receive feedback from the Clue community, Clue may use surveys and run interviews to gain insights on certain health topics, the performance of the app, or the value of features. Any information given by you via such surveys is processed by Clue for the purposes as set forth in this Privacy Policy.

Third party providers: Clue uses easyfeedback GmbH “Easyfeedback", a survey tool provider based in Germany, to run surveys and process results. They may process data from surveys you choose to participate in for science research, user experience research, or customer satisfaction research. In case personal data is processed for a survey, you will be asked for an explicit consent. Your Clue app data is never shared with Easyfeedback.

Clue also uses UserTesting, a provider located in the United States, for conducting user experience studies. If you’re invited to sign up to a study pool via a Clue survey, you’ll be taken to the UserTesting website and be asked to provide your name and email to enter the pool. The selection of participants is carried out by UserTesting, therefore, we cannot guarantee that you will be invited to participate in a further study or interview.

Legal basis: The legal basis for the processing of your personal data in a survey is your consent according to Art 6 Sec.1 lit a) GDPR. In case health data is involved, the legal basis is Art 9 Sec.2 lit a) GDPR.

All personal data collected for the provisioning of our surveys and interviews is deleted by us immediately as soon as it is no longer required for the purpose for which it was collected.

4. Data transfer outside the European Union

Any personal data collected from you may only be transferred to countries outside the European Economic Area (EEA) if we observe applicable privacy regulations and ensure that your privacy rights remain protected.

To ensure an adequate level of data protection in accordance with Art 46 GDPR, we have entered into Standard Contractual Clauses with all non-EEA third parties whose data processing tools we use (data processors) if there is no adequacy decision by the EU Commission for their particular country. For U.S. based data processing, we also use third-party providers that are certified under the EU-US Data Privacy Framework as a guarantee under Art 46 GDPR.

You can read more about the Standard Contractual Clauses here. The Standard Contractual Clauses help us to implement an adequate level of data protection between Clue and our processors, who must agree to follow strict data protection rules. However, they do not bind the governmental bodies of the non-EEA country in which our processor operates. In some cases, governments may have powers of surveillance that run contrary to EU law data protection principles.

We choose our processors very carefully. We do not work with processors based in countries where we are concerned about the rule of law with respect to privacy. We follow the guidance of the European Data Protection Board on additional contractual and technical measures to ensure a sufficient level of privacy in different situations.

5. Your data protection rights

We believe that privacy—including data privacy—is a basic human right. At Clue we strive to ensure that your rights are respected.

Here are some key facts about your privacy that we would like you to know:

i. Our products and services have been designed to collect only the data necessary to provide our services. We only collect and process your data for the purposes outlined above and detailed in this Privacy Policy.

ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at <trust@helloclue.com> if you have any questions about the security of our services.

iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.

iv. Clue does not engage in any automated decision-making or profiling activities.

As a user of the Clue app and website, you may exercise your rights under the EU General Data Protection Regulation (GDPR) to:

i. Request information on your personal data processed by Clue. Upon your request, this information will be provided to you electronically. You can contact us to request your information at <trust@helloclue.com>.

ii. Gain access to your information by requesting a copy of your data in a format that is readable by other companies or organizations (data portability). iii. Correct your personal information and health data in the app settings and in the tracking categories available in the Clue app.

iv. Withdraw your consent from ongoing data processing at any time by deleting your account (for details see the Support section of the Clue app, under “Account Questions”), changing your privacy preferences in Settings, and/or unsubscribing from our newsletter or other email communications by clicking the link at bottom of the email.

v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to <trust@helloclue.com>. Your data will be deleted within 1 month.vi. Lodge a complaint with the relevant supervising authority if you believe Clue is processing your personal data in violation of applicable data protection regulations.

6. Data security procedures

Protecting your data privacy is at the core of what we do. We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. We follow industry standards when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

6.1 How Clue secures your personal data

When you create an account with Clue, your personal profile data is stored separately from your health data and your service settings. Doing this means your health data has an even higher level of protection. Clue uses servers located in the European Union to process and store your personal data.

When you create your Clue password, it’s stored using one-way encryption with both “hashing” and “salting” techniques. This means your password is combined with a random string of characters and then scrambled up so it's unreadable. Not even Clue staff have access to your password. Doing this ensures extra protection for your password. Note that if you use social login to create your account (see Section 3.1.3), Clue does not receive your original password.

When your data is sent between your device and our Clue servers, we use hypertext transfer protocol secure (HTTPS). This is a type of encrypted data transmission, which scrambles the information being sent so it’s unreadable. Doing this increases the security of your data transfer. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.

When you subscribe to Clue Plus, all your payment information is securely processed by the Apple App Store or Google Play Store. Clue does not store your payment information at any time.

6.2 Clue’s recommendations for protecting your data

Usually, the biggest threat to the security and privacy of your data is that someone—probably someone you know—gains access to any of your devices without your consent. The data you enter into Clue is private and it should stay that way. If you actively choose to share your data, for example if you are using Clue Connect, make sure to regularly review whether it still makes sense for you to share that information with your connections. Here are some tips on how to keep your devices secure:

Protect your Clue account: Make sure to create a unique long password for your Clue account. We recommend using a password manager for this purpose.

Protect your device:

i. Activate either passcode, TouchID, or FaceID authentication for your device. This automatically secures your Clue data and prevents any person from using your device without your permission.

ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen.

For iOS, activating this feature is a two-step process. First, activate “Find My iPhone” (instructions here) and then enable “Erase your device” (instructions here). For Android, set up Find My Device and, if needed, use the connected web interface to lock or wipe your phone remotely.

7. Cookies on helloclue.com

For the purpose of tracking the performances of our services and to improve Clue, we use cookies on our helloclue.com website. For more information on this purpose and its legal basis, please see Section 3.9.

Cookies are small text files that are intended to make the website better for you to use. In general, cookies are used to retain preferences, store information for things like shopping carts, provide tracking data to third-party applications like Google

Analytics, or identify your device for special advertising purposes such as retargeting. We use third-party analytics and tracking services to help us measure the performance of our website. Such third parties are listed below.

7.1 Google Analytics - Website

Our website uses Google Analytics, a web analysis service operated by Google LLC. (“Google”). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google. You can find out more about Google Analytics here.

The following Cookies are used by Google Analytics:

Cookie NameValue (example)PurposeExpiration
_ga2.1326744211.152311160746-5This cookie is written to the browser upon the first visit. It is included in each page view request and used to distinguish unique users on the website.2 years
_gid2.1687193234.152311160746-1This cookie is used to group the user behavior for each user.24 hours
_gat_gtag_UA_property-id1This cookie is used to throttle the rate at which requests are sent to Google Analytics so as to increase the efficiency of network calls.1 minute

Google analyzes this information to offer reports to Clue on website usage and online usage of associated services. Under the terms of Google's analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google must not allow your IP address to be linked to any other personal data. By opting in via the cookie banner on Clue's website, you consent to data being used and processed by Google as described above. You can withdraw consent for this use of your data at any time. Please note that this withdrawal only applies to future activities.

7.2 Taboola

As mentioned in Section 3.7, Clue uses an advertising service by Taboola, a company based in Germany. Taboola allows us to find new users through their ad platform and optimize our advertising efforts by better understanding where our users come from. With their service, we can identify if users visited specific Clue website landing pages via Clue advertisements hosted by Taboola. This is done by adding a Taboola pixel to our Clue landing pages, and Taboola placing cookies on our website (only if the person agreed to our website’s analytical cookies).

Taboola uses the following cookies:

Strictly necessary cookies:

Cookie NamePurposeExpiry
taboola_session_idCreates a temporary session ID to avoid the display of duplicate recommendations on the page.session
SitecountrycodeMaintains a record of the user’s country code for site speed performance.
siteStateMaintains a record of the user’s US state for legal compliance purposes.

Functionality cookies:

Cookie NamePurposeExpiry
taboola_fp_td_user_idIndicates that the user clicked on an item that was recommended by Taboola’s Services. This is used for reporting and analytics purposes1 year
t_gidAssigns a unique, partitioned User ID that Taboola uses for attribution and reporting purposes, and to tailor recommendations to this specific user based on interactions with one advertiser or publisher.1 year
t_pt_gidAssigns a unique User ID that Taboola uses for attribution and reporting purposes, and to tailor recommendations to this specific user.1 year
trc_cookie_storageAssigns a unique User ID that is used for attribution and reporting purposes.1 year
_tb_t_ppgUsed on websites of Taboola’s publisher Customers that utilize the Taboola Newsroom services. It maintains a session reference about the user’s visit to this particular website.30 minutes

Performance analytics cookies:

Cookie NamePurposeExpiry
GA_Count_Countries__cPurpose: Counts the number of different countries a certain user was browsing from
GA_Last_Device_Category__cSaves the user’s device type (Mobile/Desktop).
tb_click_paramUsed on websites of our publisher Customers that utilize the Taboola Newsroom services. It measures performance of the publisher’s homepage articles that are clicked..50 seconds
taboola global:last-externalUsed for attribution purposes to see what link or page led a user to the current page.Local Storage (deleted when the user deletes it)
global:last-external-referrerUsed for attribution purposes to see what link or page led a user to the current page.Local Storage (deleted when the user deletes it)

You can read more about Taboola’s Cookie Policy here.

8. Young users of Clue

Clue does not knowingly collect or use personal data from children under the age of 16. When creating a Clue account, you are required to confirm that you are at least 16 years old or that your parents have agreed that you can use the Clue app.

If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country (e.g if you are at least 16 years old in Germany), or if you have the consent of your parent or legal guardian.

If you are a parent and learn that your child is using Clue without your permission, or if you have a specific question about data privacy at Clue, do not hesitate to get in touch with us at <trust@helloclue.com>.

If you are located in the United States, you cannot use the Clue app if you are under 13 years old. If Clue gains actual knowledge that information has been collected from children under the age of 13 in the United States contrary to the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, Clue will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.

9. Changes to this Privacy Policy

Clue reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of Clue’s services, or advances in technology.

Please check this page periodically for changes and refer to the “last updated” date at the top of the page to know if it has been revised since your last visit. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.

10. Responsibility for Clue’s data processing

Clue is made in Berlin, Germany, and the way we handle data meets the high standards set by German and European Union legal requirements. Clue is made by BioWink GmbH, Adalbertstraße 7-8, 10999 Berlin. Further contact information can be found here. Clue has an appointed data protection officer. Please do not hesitate to reach out to <trust@helloclue.com> if you have any questions.

11. Prevailing language of this Privacy Policy

Clue is used by women and people with cycles around the world. This wider Clue community accesses the Clue app in a multitude of different languages. We use professional translators and proofreaders to translate all of our communications, including this Privacy Policy, as accurately as possible into those languages.

However, please understand that we cannot assure 100% accuracy for all of our translations, in particular with respect to any legal content. Please note that the English version of this Privacy Policy is therefore the original version, which prevails over all other versions in case of deviation from the English original. The most up-to-date version of this Privacy Policy is always available in English on our website.

Further Reading