Privacy Policy

We Respect and Protect Your Privacy

Sora is a cycle wellness app. Because we handle sensitive menstrual health data, this policy is specific and honest about what we collect, why, and how it is protected.

What You Should Know

  1. Who we are

Sora is operated by Sora Health Co. ("Company", "we", "us").

Website: sorahealth.co

Email: hello@sorahealth.co

  1. What we collect

Account data

- Email address and display name — required to create an account.


Cycle and health data (you provide this voluntarily)

- Period start and end dates

- Cycle length, period length

- Symptoms, mood, and energy levels from daily check-ins

- Basal body temperature (optional, only if you enable it in Settings)

- Health conditions you disclose (e.g. PCOS, endometriosis, birth control) — used only to personalise guidance, never shared

- Notes and free-text written during check-ins


Apple Health data (optional, requires your permission)

If you connect Apple Health, Sora reads: step count, active energy, resting heart rate, HRV, and sleep data. We never write to HealthKit. You can disconnect at any time in Settings → Apple Health.


Calendar data (optional, requires your permission)

If you connect Apple Calendar, Sora reads upcoming event category metadata (not event titles or details) to provide contextual cycle guidance. Revocable at any time in Settings → Apple Calendar.


Location (city-level, optional)

If you enable the local weather feature, we store an approximate city-level location. We do not track your precise location or movement. Disable at any time in Settings.


Voice data

If you use voice check-ins or the Monthly Cycle Review, audio is transcribed via AssemblyAI. Audio is not stored after transcription. The transcribed text may be stored as part of your check-in record.


Push notification token

If you allow notifications, we store a push token to deliver weekly retrospective notes and reminders you opt into.


Subscription data

Managed via RevenueCat. We receive only your subscription status — not your payment card or billing details, which remain with Apple.

  1. Why we collect it

| Data | Purpose |


| Cycle and health data | Core app function — phase calculation, ritual recommendations, insights |

| Check-in notes and symptoms | Personalised AI responses and pattern tracking |

| Apple Health data | Enriching cycle insights with body data |

| Calendar data | Contextual timing guidance in check-ins |

| Location (city) | Optional weather context in check-ins |

| Push token | Weekly retrospective notes and reminders |

| Voice transcription | Converting spoken check-ins to structured data |

| Subscription status | Determining access to premium features |


**We do not use your health data for advertising. We do not sell your data.**

  1. Third parties we work with

| Service | Data shared | Purpose |


| Supabase (supabase.com) | All stored app data | Database and authentication |

| ElevenLabs (elevenlabs.io) | Ritual script text | Text-to-speech for guided rituals |

| AssemblyAI (assemblyai.com) | Voice audio (temporary only) | Transcription of voice check-ins |

| OpenAI (openai.com) | Check-in text and cycle context | AI insights and companion responses |

| Anthropic (anthropic.com) | Check-in text and cycle context | AI insights (via Supabase Edge Functions) |

| RevenueCat (revenuecat.com) | App user ID, subscription events | Subscription management |

| Apple | Per Apple's privacy policy | iOS platform |


We do not share personally identifiable health data with advertisers, data brokers, or analytics companies.

  1. How we protect your data

- All data is encrypted in transit (TLS) and at rest in Supabase

- Row-level security means only your account can read your records

- We use Supabase Auth with PKCE — your password is never stored in plain text

- In-app account deletion removes all your data immediately and permanently

  1. Your Rights

You have the right to:

  • Access — request a copy of all data we hold

  • Deletion — permanently delete everything via Settings → Delete Your Account, or by emailing hello@sorahealth.co

  • Correction — update your data in-app at any time

  • Portability — request your data in a readable format

  • Withdraw consent — disconnect Apple Health, Calendar, or weather at any time


**EU / UK users (GDPR):** Our lawful basis for processing sensitive health data is explicit consent, given when you enter that data. You may withdraw at any time.


**California users (CCPA):** We do not sell your personal information. You have the right to know, delete, and opt out of any future sale (there is none).

  1. Data retention

  • Data is retained while your account is active

  • Deleting your account removes all personal and health data from our systems

  • Anonymous, aggregated data that cannot identify you may be kept for product improvement

  1. Children

Sora is not for children under 13. If we become aware a user is under 13, we will delete their account.

  1. Changes

We will notify you of material changes through the app or by email before they take effect.

  1. Contact

hello@sorahealth.co

sorahealth.co