MomoCalendar Privacy Policy
# MomoCalendar Privacy Policy
- **Service name**: MomoCalendar (모모캘린더)
- **Effective date**: May 15, 2026
- **Last updated**: May 15, 2026
This policy describes how SiU Ahn (the "Developer") handles personal information processed by the mobile application **MomoCalendar** (the "App"). The App handles sensitive health information including menstrual cycle, fertile window, and intimate activity logs. The Developer never uses this data for advertising targeting, external marketing, or any other secondary purpose.
## 1. Personal Information Collected and Transmitted by the App
### 1a. Account Identification (when signing in with a social provider)
The App creates an account through one of the following providers. Only the minimum information received from the provider is stored on the backend server (`https://momocalendar.reactiveworks.dev`).
| Provider | Items collected |
|---|---|
| Google Sign-In (`google_sign_in`, `firebase_auth`) | Email, display name |
| Apple Sign-In (`sign_in_with_apple`) | Email (relay or real), display name (on first sign-in only) |
| Email signup (manual) | Email, password (stored as a bcrypt hash — the plaintext is never stored), nickname (optional) |
The server issues its own JWT (access + refresh tokens) for session management. Tokens are stored only in the device's secure storage (`flutter_secure_storage`).
### 1b. Sensitive Health Information (see Section 2)
Menstrual cycle, fertile window, intimate activity, and contraceptive intake records are described in detail in **Section 2 — Handling of Sensitive Health Information**.
### 1c. Local Storage on the Device
The following libraries store data only on the device, never transmitted to any server:
- `shared_preferences` — App settings (theme, language, lock toggle, notification toggle, etc.)
- `flutter_secure_storage` — JWT tokens (OS-protected keychain)
All local data is removed when the App is uninstalled.
### 1d. Advertising Identifier and Diagnostic Data (AdMob)
The App displays banner ads through Google AdMob (`google_mobile_ads`). The AdMob SDK may transmit the following to Google:
- Advertising identifier (Android Advertising ID / iOS IDFA — IDFA only with ATT consent on iOS)
- IP address
- General device information (model, OS version, language, screen size, etc.)
- General usage data on ad impressions and clicks
On iOS, the **App Tracking Transparency (ATT)** dialog appears on first launch. If tracking is declined, non-personalized ads are served without IDFA.
AdMob has no access to any health data entered in the App (menstrual cycle, intimate activity, contraceptive records, etc.).
### 1e. In-App Update, Review, Share, and URL Launcher (no data collected)
- `in_app_update` — Checks for new versions on Android (Google Play internal channel, no personal data collected by the App)
- `in_app_review` — Displays the rating prompt (the rating itself is handled by the user's store account)
- `share_plus` — Invokes the OS share sheet (the share target is selected on the device)
- `url_launcher` — Opens external links (privacy policy, terms, etc.)
## 2. Handling of Sensitive Health Information
The following items, entered by the user for the App's core functionality, are stored on the backend server (`https://momocalendar.reactiveworks.dev`) over **encrypted HTTPS**. The backend may run in a region outside Korea (VPS). Stored data is accessible only to the authenticated owner.
### 2a. Cycle Settings (`/v1/cycle-settings`)
- Average cycle length (days)
- Average period length (days)
- Fertile window display toggle
- Notification toggle and time
- App lock (biometric) toggle
### 2b. Daily Records (`/v1/daily-records`)
| Field | Example values |
|---|---|
| Date | YYYY-MM-DD |
| Period flow | none / light / normal / heavy |
| Pain score | 0–10 |
| Symptoms | Multiple user-selected tags (e.g., headache, cramps) |
| Mood | good / calm / sensitive / sad / anxious |
| Contraceptive intake | none / oral / emergency |
| Intimate activity | none / protected / unprotected |
| Memo | Free-form user text |
### 2c. Purpose of Use
This information is used solely for:
1. Predicting your next period, fertile window, and ovulation
2. Showing your historical records in the calendar and statistics screens
3. Sending notifications (e.g., upcoming period reminder)
### 2d. Strictly Excluded Uses
- Advertising targeting (no health data is ever shared with AdMob or any ad SDK)
- External marketing or profiling
- Sale or transfer to any third party
- Identity-linked aggregation in statistics
### 2e. Sensitive Data Safeguards
- All communication is encrypted with TLS (HTTPS)
- Backend authentication requires a JWT Bearer token — no one else can access your data
- Tokens are stored only in the device's secure storage (`flutter_secure_storage`)
- Health data is never exposed to the AdMob SDK
## 3. Permissions
- `POST_NOTIFICATIONS` — Local push notifications (period reminder, medication reminder)
- `SCHEDULE_EXACT_ALARM` / `USE_EXACT_ALARM` — Reliable notification scheduling at the exact time
- `RECEIVE_BOOT_COMPLETED` — Reschedule notifications after device reboot
- `WAKE_LOCK`, `VIBRATE` — Vibrate and wake the screen when a notification arrives
- Biometric authentication (`local_auth`) — When the App lock is enabled, the OS-level fingerprint/face authentication API is invoked. Only the success/failure result is returned; the App never sees the biometric data itself.
The App does **not** request other sensitive permissions such as camera, microphone, contacts, location, storage, or photo library.
## 4. Retention and Deletion
- Account information and daily records: Permanently deleted via cascade when the user signs out and calls account deletion (`DELETE /v1/users/me`).
- Local data: Removed immediately when the App is uninstalled.
- AdMob data: Governed by Google's policy (https://policies.google.com/privacy).
- Data retained by social login providers: Governed by each provider's policy.
## 5. Third-Party Sharing
The App does not share personal information with any third party except for the following:
| Provider | Shared items | Purpose | Policy link |
|---|---|---|---|
| Google AdMob | Advertising ID, IP, device info | Ad serving and measurement | https://policies.google.com/privacy |
| Google (Firebase Auth / Google Sign-In) | OAuth token verification | Login authentication | https://policies.google.com/privacy |
| Apple (Sign in with Apple) | OAuth token verification | Login authentication | https://www.apple.com/legal/privacy/ |
**Sensitive health data (menstrual cycle, intimate activity, contraceptive records) is never shared with any of the above third parties.**
## 6. Your Rights
- **View, edit, and delete data**: Done directly inside the App via the calendar/statistics screens and the daily record bottom sheet.
- **Account deletion (permanent)**: From Settings > Account, deleting your account calls `DELETE /v1/users/me`, which cascade-deletes all of your server data. (Compliant with Apple App Store Guideline 5.1.1(v).)
- **Reset advertising identifier**:
- Android: Settings > Google > Ads > Reset advertising ID
- iOS: Settings > Privacy & Security > Tracking > toggle MomoCalendar off
- **Uninstall the App**: All local data is removed (account deletion on the server requires the separate action above).
Contact: **siwooeo@gmail.com**
## 7. Children's Privacy
The App is not directed at children under the age of 14 (per Korean law) and does not knowingly collect personal information from children. For COPPA compliance, the App is also not directed at children under the age of 13. If a guardian discovers that a child's information has been entered, please contact the email above and it will be deleted promptly. AdMob is operated for general audiences.
## 8. Data Protection Officer
- **Name**: SiU Ahn (안시우)
- **Email**: siwooeo@gmail.com
## 9. Changes to This Policy
This policy may be revised in response to legal or service changes. When revised, the "Last updated" date above is refreshed, and material changes are announced via in-app notice or store release notes.
- **Service name**: MomoCalendar (모모캘린더)
- **Effective date**: May 15, 2026
- **Last updated**: May 15, 2026
This policy describes how SiU Ahn (the "Developer") handles personal information processed by the mobile application **MomoCalendar** (the "App"). The App handles sensitive health information including menstrual cycle, fertile window, and intimate activity logs. The Developer never uses this data for advertising targeting, external marketing, or any other secondary purpose.
## 1. Personal Information Collected and Transmitted by the App
### 1a. Account Identification (when signing in with a social provider)
The App creates an account through one of the following providers. Only the minimum information received from the provider is stored on the backend server (`https://momocalendar.reactiveworks.dev`).
| Provider | Items collected |
|---|---|
| Google Sign-In (`google_sign_in`, `firebase_auth`) | Email, display name |
| Apple Sign-In (`sign_in_with_apple`) | Email (relay or real), display name (on first sign-in only) |
| Email signup (manual) | Email, password (stored as a bcrypt hash — the plaintext is never stored), nickname (optional) |
The server issues its own JWT (access + refresh tokens) for session management. Tokens are stored only in the device's secure storage (`flutter_secure_storage`).
### 1b. Sensitive Health Information (see Section 2)
Menstrual cycle, fertile window, intimate activity, and contraceptive intake records are described in detail in **Section 2 — Handling of Sensitive Health Information**.
### 1c. Local Storage on the Device
The following libraries store data only on the device, never transmitted to any server:
- `shared_preferences` — App settings (theme, language, lock toggle, notification toggle, etc.)
- `flutter_secure_storage` — JWT tokens (OS-protected keychain)
All local data is removed when the App is uninstalled.
### 1d. Advertising Identifier and Diagnostic Data (AdMob)
The App displays banner ads through Google AdMob (`google_mobile_ads`). The AdMob SDK may transmit the following to Google:
- Advertising identifier (Android Advertising ID / iOS IDFA — IDFA only with ATT consent on iOS)
- IP address
- General device information (model, OS version, language, screen size, etc.)
- General usage data on ad impressions and clicks
On iOS, the **App Tracking Transparency (ATT)** dialog appears on first launch. If tracking is declined, non-personalized ads are served without IDFA.
AdMob has no access to any health data entered in the App (menstrual cycle, intimate activity, contraceptive records, etc.).
### 1e. In-App Update, Review, Share, and URL Launcher (no data collected)
- `in_app_update` — Checks for new versions on Android (Google Play internal channel, no personal data collected by the App)
- `in_app_review` — Displays the rating prompt (the rating itself is handled by the user's store account)
- `share_plus` — Invokes the OS share sheet (the share target is selected on the device)
- `url_launcher` — Opens external links (privacy policy, terms, etc.)
## 2. Handling of Sensitive Health Information
The following items, entered by the user for the App's core functionality, are stored on the backend server (`https://momocalendar.reactiveworks.dev`) over **encrypted HTTPS**. The backend may run in a region outside Korea (VPS). Stored data is accessible only to the authenticated owner.
### 2a. Cycle Settings (`/v1/cycle-settings`)
- Average cycle length (days)
- Average period length (days)
- Fertile window display toggle
- Notification toggle and time
- App lock (biometric) toggle
### 2b. Daily Records (`/v1/daily-records`)
| Field | Example values |
|---|---|
| Date | YYYY-MM-DD |
| Period flow | none / light / normal / heavy |
| Pain score | 0–10 |
| Symptoms | Multiple user-selected tags (e.g., headache, cramps) |
| Mood | good / calm / sensitive / sad / anxious |
| Contraceptive intake | none / oral / emergency |
| Intimate activity | none / protected / unprotected |
| Memo | Free-form user text |
### 2c. Purpose of Use
This information is used solely for:
1. Predicting your next period, fertile window, and ovulation
2. Showing your historical records in the calendar and statistics screens
3. Sending notifications (e.g., upcoming period reminder)
### 2d. Strictly Excluded Uses
- Advertising targeting (no health data is ever shared with AdMob or any ad SDK)
- External marketing or profiling
- Sale or transfer to any third party
- Identity-linked aggregation in statistics
### 2e. Sensitive Data Safeguards
- All communication is encrypted with TLS (HTTPS)
- Backend authentication requires a JWT Bearer token — no one else can access your data
- Tokens are stored only in the device's secure storage (`flutter_secure_storage`)
- Health data is never exposed to the AdMob SDK
## 3. Permissions
- `POST_NOTIFICATIONS` — Local push notifications (period reminder, medication reminder)
- `SCHEDULE_EXACT_ALARM` / `USE_EXACT_ALARM` — Reliable notification scheduling at the exact time
- `RECEIVE_BOOT_COMPLETED` — Reschedule notifications after device reboot
- `WAKE_LOCK`, `VIBRATE` — Vibrate and wake the screen when a notification arrives
- Biometric authentication (`local_auth`) — When the App lock is enabled, the OS-level fingerprint/face authentication API is invoked. Only the success/failure result is returned; the App never sees the biometric data itself.
The App does **not** request other sensitive permissions such as camera, microphone, contacts, location, storage, or photo library.
## 4. Retention and Deletion
- Account information and daily records: Permanently deleted via cascade when the user signs out and calls account deletion (`DELETE /v1/users/me`).
- Local data: Removed immediately when the App is uninstalled.
- AdMob data: Governed by Google's policy (https://policies.google.com/privacy).
- Data retained by social login providers: Governed by each provider's policy.
## 5. Third-Party Sharing
The App does not share personal information with any third party except for the following:
| Provider | Shared items | Purpose | Policy link |
|---|---|---|---|
| Google AdMob | Advertising ID, IP, device info | Ad serving and measurement | https://policies.google.com/privacy |
| Google (Firebase Auth / Google Sign-In) | OAuth token verification | Login authentication | https://policies.google.com/privacy |
| Apple (Sign in with Apple) | OAuth token verification | Login authentication | https://www.apple.com/legal/privacy/ |
**Sensitive health data (menstrual cycle, intimate activity, contraceptive records) is never shared with any of the above third parties.**
## 6. Your Rights
- **View, edit, and delete data**: Done directly inside the App via the calendar/statistics screens and the daily record bottom sheet.
- **Account deletion (permanent)**: From Settings > Account, deleting your account calls `DELETE /v1/users/me`, which cascade-deletes all of your server data. (Compliant with Apple App Store Guideline 5.1.1(v).)
- **Reset advertising identifier**:
- Android: Settings > Google > Ads > Reset advertising ID
- iOS: Settings > Privacy & Security > Tracking > toggle MomoCalendar off
- **Uninstall the App**: All local data is removed (account deletion on the server requires the separate action above).
Contact: **siwooeo@gmail.com**
## 7. Children's Privacy
The App is not directed at children under the age of 14 (per Korean law) and does not knowingly collect personal information from children. For COPPA compliance, the App is also not directed at children under the age of 13. If a guardian discovers that a child's information has been entered, please contact the email above and it will be deleted promptly. AdMob is operated for general audiences.
## 8. Data Protection Officer
- **Name**: SiU Ahn (안시우)
- **Email**: siwooeo@gmail.com
## 9. Changes to This Policy
This policy may be revised in response to legal or service changes. When revised, the "Last updated" date above is refreshed, and material changes are announced via in-app notice or store release notes.