MYENDO · BY ECONIK LIFESTYLE INC.
Privacy Policy
Effective Date: June 1, 2026 · Version 1.1
MyEndo Application · Updated to reflect Econik Lifestyle Inc. as operating entity
Plain Language Summary
MyEndo collects health symptom data that you enter yourself. We store it securely using Supabase. We never sell your health data or use it for advertising. You can export or permanently delete all your data at any time from inside the app. Stella reads only from logs stored on your device. We use standard marketing pixels on our website and a single subscription conversion event inside the app — no health data is ever passed to advertising platforms.
1. Who We Are
MyEndo is a product developed and operated by Econik Lifestyle Inc., a company incorporated in Ontario, Canada. In this Privacy Policy, “we,” “us,” and “our” refer to Econik Lifestyle Inc. “You” refers to any individual who downloads, accesses, or uses the MyEndo application or website.
The MyEndo brand is owned by Econik Lifestyle Inc. All legal obligations, data responsibilities, and privacy commitments described in this policy are those of Econik Lifestyle Inc.
Contact for privacy requests: support@myendo.io
2. Applicable Privacy Laws
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, including Quebec's Law 25
- Ontario: Personal Health Information Protection Act (PHIPA) — applied as a best-practice standard
- United States — California: California Consumer Privacy Act (CCPA) — see Section 13
- United States — Washington: Washington My Health Act — see Section 13
3. What Data We Collect
3.1 Account Data
- Email address (authentication and account recovery only)
- Nickname of your choosing (does not need to be your real name)
- Age range (e.g., 25–34) — not your exact date of birth
- Tracking reason and selected conditions (as entered by you during onboarding)
3.2 Health and Symptom Data
This is the core data of MyEndo, entered entirely by you:
- Daily symptom logs: pain level (0–10), pain location, pain type, bleeding level, cycle day
- Symptom selections: bloating, nausea, fatigue, brain fog, mood changes, digestive symptoms, and others
- Trigger entries: period, ovulation, stress, food, sleep, exercise, travel, and others
- Intervention entries: heat, rest, medication, pelvic floor exercises, etc.
- Free-text notes added to any log entry
- Flare entries: rapid-entry records during acute symptom episodes
This data is classified as sensitive personal health information and treated with the highest level of protection we apply.
3.3 Stella AI Conversation Data
If you use Stella, your conversation messages are stored. See Section 7 and the AI Data Use Policy for full details.
3.4 Subscription and Payment Data
Subscriptions are processed exclusively through the Apple App Store (iOS) and Google Play Store (Android). We do not collect or store your credit card number, bank account details, or full payment information. We receive only:
- Subscription status (active, trial, cancelled, expired)
- Subscription tier (monthly or annual)
- A platform-assigned customer identifier from Apple or Google
All billing disputes, refund requests, and payment management are handled directly through Apple or Google under their respective terms and policies.
3.5 Tracking and Analytics Data
We use standard marketing and analytics tools to understand how users discover and engage with MyEndo. These tools are used on our marketing website (myendo.io) and, in a strictly limited capacity, inside the application for subscription conversion tracking only.
Tools we use and what they collect:
| Tool | Where Used | Data Collected | Health Data Passed? |
| Meta Pixel | Website + app (subscription event only) | Page views, button clicks, subscription conversion (hashed email, tier, value) | No — never |
| Google Analytics 4 (GA4) | Website + app (subscription event only) | Sessions, page views, subscription conversion event | No — never |
| TikTok Pixel | Website only | Page views, button clicks, visit behaviour | No — never |
| Microsoft Clarity | Website only | Session recordings, heatmaps, scroll behaviour on marketing pages | No — never |
Important: What the in-app subscription event does and does not send
Inside the MyEndo application, only one event fires to advertising platforms: when a user starts a subscription. This event passes: a hashed (anonymized) version of your email address, your subscription tier, and the subscription value. This is used solely to help us measure and optimize our advertising campaigns.
No health data — including symptom logs, pain levels, condition selections, flare records, or any other medical information — is ever included in or attached to this event.
Microsoft Clarity session recording is installed on the MyEndo marketing website only. It is not installed inside the application and cannot record any health data you enter.
4. How We Store Your Data
4.1 Local Device Storage
Your symptom logs are stored locally on your device. Stella reads from this local storage and does not transmit your log history from our cloud database during AI conversations.
4.2 Cloud Storage (Supabase)
Your account data, symptom logs, and Stella conversation history are stored in our Supabase cloud database, operated in the United States. By using MyEndo, you consent to your data being stored on US servers. Supabase enforces row-level security (RLS) so your data is isolated at the database level.
Supabase Privacy Policy: supabase.com/privacy
4.3 Security Measures
- All data in transit encrypted with TLS/SSL
- Data at rest encrypted with AES-256
- Row-level security enforced at database level
- Authentication tokens expire and rotate regularly
- Access to production databases restricted to authorized personnel only
5. How We Use Your Data
| Purpose | Data Used | Legal Basis |
| Providing the MyEndo application | Account data, health logs, subscription status | Contractual necessity / consent |
| Powering Stella AI conversations | Device-stored logs (local), conversation messages | Explicit consent |
| Generating Doctor Summaries | Your symptom logs (local, on demand only) | Consent / your explicit action |
| Generating pattern insights | Your symptom logs | Consent |
| Managing your subscription | Subscription status, Apple/Google customer ID | Contractual necessity |
| Sending account emails | Email address | Contractual necessity |
| Marketing attribution and ad optimization | Hashed email + subscription event only (no health data) | Legitimate interest / consent |
| Website analytics and UX improvement | Aggregated website behaviour via GA4, Clarity | Legitimate interest |
| Security monitoring | Session tokens, error logs | Legitimate interest |
| Legal compliance | As required by law | Legal obligation |
Important distinction: behavioural data vs health data
We use marketing tools (Meta Pixel, GA4, TikTok Pixel) to track whether our advertising is working — for example, whether someone who saw our ad went on to download the app and subscribe. This uses behavioural and conversion data only.
Your health data — the symptoms, pain levels, conditions, and medical history you log in MyEndo — is never used for advertising, never passed to advertising platforms, and is never used to build a marketing profile about you.
6. Third-Party Service Providers
| Provider | Purpose | Data Shared | Location |
| Supabase | Database, authentication, cloud storage | Account data, health logs, chat history | United States |
| Google (Gemini API) | AI companion (Stella) | Stella messages + device log context | United States |
| Apple App Store | iOS app distribution and subscriptions | Subscription events (no health data) | United States |
| Google Play Store | Android app distribution and subscriptions | Subscription events (no health data) | United States |
| Meta (Facebook) | Marketing attribution — website + subscription event | Hashed email, subscription conversion (no health data) | United States |
| Google Analytics 4 | Website and app analytics — subscription event | Hashed email, subscription conversion, page behaviour (no health data) | United States |
| TikTok | Marketing attribution — website only | Page views, click behaviour (no health data) | United States |
| Microsoft Clarity | Website UX analytics — website only | Session recordings, heatmaps of marketing pages only (no health data) | United States |
We do not share your health data with any data brokers. No advertising platform receives any symptom, condition, or medical information about you.
7. Stella AI and Google Gemini
Stella is powered by the Google Gemini API, integrated directly into the MyEndo application. When you message Stella, your message and locally stored log context are sent to Google’s Gemini API. Stella does NOT access your Supabase cloud database during conversations.
What Google receives: your typed message, conversation history, a formatted symptom log context from your device, and Stella’s system instructions.
What Google does NOT receive: your email address, full Supabase account record, or any payment information.
Google retains prompts sent via the Gemini API for up to 55 days for abuse monitoring purposes. Google does not use API data to train its public AI models. Full details: ai.google.dev/gemini-api/terms
See our AI Data Use Policy for complete details on how Stella works.
8. Data Retention
- Active account: data retained while your account is active
- Deleted account: personal data permanently deleted within 30 days of account deletion
- Local device data: removed immediately when you delete the app
- Stella conversations: deleted when you delete your account or use in-app deletion
- Google Gemini: prompts retained by Google for up to 55 days per their abuse monitoring policy
- Backups: anonymized snapshots may persist up to 90 days for disaster recovery
9. Your Rights and Controls
9.1 Right to Access
Request a copy of your data by emailing support@myendo.io. We will respond within 30 days.
9.2 Right to Export
Export your full symptom log history via Profile → Data & Privacy → Export My Data. No request required.
9.3 Right to Delete
Permanently delete all your data via Profile → Data & Privacy → Delete My Data. This action is irreversible. Data removed within 30 days.
9.4 Right to Correct
Update your profile and health context directly in the app. For other corrections, contact support@myendo.io.
9.5 Right to Opt Out of Marketing Tracking
You may opt out of the subscription conversion event being sent to advertising platforms by contacting support@myendo.io. Note this does not affect your ability to use any feature of the application.
9.6 Right to Complain
File a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
10. Children's Privacy
11. International Data Transfers
Our cloud infrastructure (Supabase), AI services (Google Gemini API), and marketing analytics platforms are operated in the United States. By creating an account, you consent to your data being processed in the United States, which may have different privacy laws than your jurisdiction.
12. US State Residents — Additional Rights
California (CCPA)
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to opt out of sale (note: we do not sell your data)
- Right to non-discrimination for exercising privacy rights
Washington (My Health Act)
- We do not sell consumer health data
- We do not use geofencing around health facilities to collect health data
- No health data is shared with advertising platforms — only subscription conversion data (hashed email, tier, value) is shared for marketing attribution
13. Data Breach Notification
In the event of a breach creating real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA. Report security issues to support@myendo.io.
14. Changes to This Policy
We will update the Effective Date and notify you by email and in-app notification for material changes. For changes to how we handle sensitive health data, we will request renewed consent where required by law.
15. Contact Us
Privacy Officer — Econik Lifestyle Inc. (operating as MyEndo)
Ontario, Canada
Email: support@myendo.io
Response time: Within 30 days