Legal

Privacy Policy

Written in plain English, not legal boilerplate. Here is exactly what we collect, what we don't, and why the architecture means your data really does stay yours.

Last updated: April 2026 MonKilo Ventures LLC

Section 1

What we collect

Almost nothing — and only what you explicitly hand to us.

In the app: Aurel stores cycle logs, symptom entries, notes, and any other data you enter directly into the app. This data lives entirely on your device and never leaves it by default. We do not receive it. We cannot see it. It belongs to you.

On the waitlist website (getaurel.app): If you join the waitlist, we collect your email address. That's it. No name, no phone number, nothing else. It goes into a secure list and is used for exactly one purpose: notifying you when Aurel launches.

Crash and diagnostic data (if enabled in iOS settings): iOS may share anonymised diagnostic reports with developers if you have opted into that system-level setting. This is controlled by Apple — not by us — and contains no health data from the app.

Section 2

What we don't collect

We want to be specific, because specificity is what privacy claims require.

  • No analytics SDKs. We don't embed Mixpanel, Amplitude, Firebase Analytics, or anything similar. We don't know which screens you visit or how long you use the app.
  • No advertising SDKs. There are no ad networks in Aurel. We don't share any data with advertisers because we don't have advertisers.
  • No third-party trackers. No SDKs that profile users, track behaviour across apps, or build advertising audiences.
  • No account required for core use. You can track your cycle indefinitely without ever creating an account or providing an email to us.
  • No selling or sharing of personal data. We do not sell your data. We do not share it with partners, data brokers, or any third party for commercial purposes. Full stop.

Section 3

How your data is stored

Aurel is built local-first. Your cycle logs, symptoms, notes, and all health data are stored using Apple's Core Data framework — directly on your iPhone. Nothing is sent to our servers as part of normal app use.

This isn't a policy choice layered on top of a traditional server architecture. It's a structural decision: the app is designed so that data collection is impossible by default, not merely disabled. We couldn't receive your health data even if we wanted to.

What this means in practice: If you delete the app, your data is gone from your phone. There's no server copy to request deletion from, because there was never a server copy. The data lifecycle is entirely within your control and on your device.

You can also delete all data with a single tap in-app at any time, and export your full history as a file whenever you like.

Section 4

Cloud sync

Aurel offers an optional cloud backup and sync feature ($1.99/year). It is entirely opt-in — the app works fully without it — and it is designed with the same privacy principles as the rest of the product.

  • End-to-end encrypted. Your data is encrypted on your device before it leaves, using a key derived from your credentials. The encrypted data is then transmitted and stored in the cloud.
  • We cannot read it. MonKilo Ventures LLC does not hold the encryption key. We store encrypted blobs; the plaintext is only ever readable on your own devices.
  • Your devices only. Cloud sync is designed to work across devices you own and control. It is not a sharing or social feature.
  • Cancel anytime, keep your local data. If you cancel cloud sync, your data remains on your device untouched. You never lose access to what you've tracked.

If you enable cloud sync, you will need to create an account (email and password). This account is used only to authenticate your backup — we do not use it to send marketing emails or build a profile of you.

Section 5

Waitlist emails

Before Aurel launches, we run a waitlist at getaurel.app. If you sign up, here is exactly what happens with your email address:

  • It is stored securely in our mailing list system.
  • You will receive one email when Aurel is available — notifying you of launch and any early-access pricing.
  • We do not sell or share your email address with anyone.
  • We do not enroll you in newsletters, marketing sequences, or any ongoing communications without explicit consent.
  • You can ask us to remove you at any time by emailing privacy@getaurel.app.

Section 6

Your rights

Because almost all data stays on your device, you already have direct control over most of it. You can view, export, and delete your data from within the app at any time, without contacting us.

For data we do hold — primarily waitlist email addresses — the following rights apply:

CCPA California residents

You have the right to know what personal information we hold about you, request deletion of that information, and opt out of the sale of personal information. We do not sell personal information, so the opt-out right is satisfied by default. To exercise any right, contact privacy@getaurel.app.

GDPR EU / UK residents

You have the right of access (to know what we hold), erasure (to have it deleted), and portability (to receive your data in a machine-readable format). You also have the right to withdraw consent at any time. Contact privacy@getaurel.app to exercise these rights.

We will respond to any rights request within 30 days.

Section 7

Law enforcement

We take this section seriously, and we want to be explicit about what happens — and doesn't happen — if law enforcement requests your data.

If you use Aurel without cloud sync: Your cycle data lives only on your device. MonKilo Ventures LLC has no copy of it — not encrypted, not anonymised, not in any form. If a government agency served us with a subpoena or court order demanding your health data, we would have nothing to provide. This is not a legal strategy; it's an architectural reality.

If you use cloud sync: Your data is stored in encrypted form on our servers, but we do not hold the decryption key. Even if compelled by a court order, we cannot produce readable health data — only encrypted blobs that are meaningless without the key we don't possess.

This matters particularly in the post-Dobbs legal environment in the United States, where reproductive health data has become a target for state-level law enforcement. We built the architecture this way deliberately, so that we genuinely cannot be used as a vector to surveil our users.

If we ever receive a legal demand that could affect users, we will review it carefully with legal counsel and push back where we lawfully can. We will notify affected users to the extent permitted by law.

Section 8

Contact us

If you have questions about this policy, want to exercise a data right, or just want to understand how something works — please reach out. We'll reply directly, not with a form letter.

Privacy questions

MonKilo Ventures LLC — maker of Aurel

privacy@getaurel.app

This policy may be updated from time to time. Significant changes will be communicated via the app and, if you're on the waitlist, by email. The "last updated" date at the top of this page reflects the most recent revision.