Matta Harmonia - Privacy Policy

Last Updated: September 2025
Effective Date: June 2025
App Version: 1.0.0+3

Introduction

Matta Harmonia ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our period tracking mobile application.

Information We Collect

Health Data

Menstrual cycle information (period dates, cycle length, symptoms)
Personal health notes (mood, symptoms, medications)
Fertility tracking data (ovulation predictions, basal body temperature)
Pregnancy tracking (if applicable)

Authentication Data (App Lock Feature)

PIN codes (stored locally with military-grade encryption)
Biometric data (processed entirely by your device's secure hardware)
Authentication preferences (stored locally only)

Technical Data

Device information (device type, operating system version)
App usage analytics (anonymized, opt-in only)
Crash reports (anonymized technical data)

Advertising Data

Ad interaction data (minimal, contextual only)
No personal health data is ever used for advertising

How We Use Your Information

Primary Purposes

Period tracking and predictions - Core app functionality
Health insights - Personalized cycle analysis
Data synchronization - Secure cloud backup and sync
App security - Local authentication and data protection

Secondary Purposes

App improvement - Anonymized analytics to enhance user experience
Customer support - Responding to your inquiries
Legal compliance - Meeting regulatory requirements

Data Storage and Security

            Local Storage
            Device-only storage for authentication data
Encrypted storage using AES-256 encryption
Zero network transmission of sensitive authentication data

        

            Cloud Storage
            Firebase Firestore (Google Cloud Platform)
End-to-end encryption for sensitive health data
GDPR-compliant data centers

        

Security Measures

Military-grade encryption (AES-256, SHA-256)
App Lock protection (PIN and fingerprint authentication)
Advanced rate limiting with anomaly detection and behavioral analysis
Comprehensive security monitoring with real-time threat detection
OWASP MASVS compliance following mobile security best practices
Biometric verification service with device-level security
Progressive lockout protection with intelligent cooldown periods
Regular security audits and continuous monitoring

Data Sharing and Disclosure

We DO NOT share:

Personal health data with third parties
Authentication credentials (never transmitted)
Identifiable user information with advertisers

We MAY share:

Anonymized analytics (no personal identification)
Technical data with service providers (Firebase, Google)
Data when required by law (with proper legal process)

Your Rights and Controls

Data Access and Control

View your data - Complete data export available
Modify your data - Edit or delete information anytime
Delete your account - Complete data removal available
Data portability - Export your data in standard formats

Privacy Settings

Disable analytics - Opt-out of data collection
Manage App Lock - Enable/disable authentication features
Control data sharing - Granular privacy preferences

GDPR Rights (EU Users)

Right of access - Request copies of your data
Right to rectification - Correct inaccurate data
Right to erasure - Request data deletion
Right to data portability - Export your data
Right to object - Object to data processing

Third-Party Services

Firebase (Google)

Purpose: Data storage, authentication, analytics
Data: Encrypted health data, anonymized usage statistics
Privacy: Google's privacy policy applies to Firebase services

Google AdMob

Purpose: Displaying advertisements
Data: Contextual ad data only (no health information)
Privacy: Google's advertising privacy policy applies

Local Authentication

Purpose: App Lock security features
Data: Processed entirely by device secure hardware
Privacy: No data transmission or storage by us

Data Retention

Health Data

Retained until you delete your account or specific data
Backup retention - 30 days after account deletion
Legal requirements - May retain data as required by law

Authentication Data

Local storage only - Deleted when you disable App Lock
No cloud backup - Never transmitted or stored remotely

Analytics Data

Anonymized data - Retained for app improvement
Personal identifiers - Removed within 30 days

Children's Privacy

COPPA Compliance - We do not knowingly collect data from children under 13
Age verification - Users must be 13+ to use the app
Parental controls - Parents can request data deletion for minors

International Data Transfers

Data location - Primarily stored in US/EU data centers
Adequacy decisions - EU-US Privacy Framework compliance
Safeguards - Standard contractual clauses and encryption

Changes to This Policy

Notification - We'll notify you of material changes
In-app alerts - Updates will be shown in the app
Email notification - Important changes via email
Continued use - Using the app after changes constitutes acceptance

Contact Information

Privacy Questions

Email: privacy@mattaharmonia.com
Response time: 48 hours for privacy inquiries
Languages: English, Spanish, Portuguese

Data Requests (GDPR)

Email: gdpr@mattaharmonia.com
Processing time: Maximum 30 days
Verification: Identity verification required

Security Concerns

Email: security@mattaharmonia.com
Urgent issues: 24-hour response for critical matters
Bug reports: Responsible disclosure encouraged

Security Enhancements (September 2025 Update)

Advanced Security Features Implemented

In September 2025, we implemented comprehensive security enhancements to further protect your data:

🔒 Enhanced Authentication Security

Advanced Rate Limiting Service - Intelligent rate limiting with behavioral analysis
Security Monitoring Service - Real-time threat detection and anomaly monitoring
Biometric Verification Service - Enhanced device-level biometric security
Progressive Lockout System - Intelligent cooldown periods based on risk assessment

🛡️ OWASP MASVS Compliance

Mobile Security Standards - Full compliance with OWASP Mobile Application Security Verification Standard
Session Management - Enhanced session controls and timeout mechanisms
Code Integrity - Application integrity checks and tamper detection
Data Protection - Enhanced data protection in background and foreground states

📊 Advanced Monitoring & Analytics

Anomaly Detection - Machine learning-based threat detection
Behavioral Analysis - User behavior pattern analysis for security
Real-time Alerts - Immediate notification of security events
Comprehensive Logging - Detailed security event logging and analysis

Data Processing Summary

Data Type	Purpose	Legal Basis	Retention	Sharing
Health Data	App functionality	Consent	Until deletion	No
Authentication	App security	Legitimate interest	Local only	No
Analytics	App improvement	Consent	Anonymized	No
Ad Data	Revenue	Consent	Contextual only	AdMob only

Summary

Matta Harmonia prioritizes your privacy and data security. We use industry-leading encryption, local-only authentication, and transparent data practices. Your health data is never shared with third parties, and you maintain complete control over your information.

Key Commitments:

✅ Your data, your control
✅ Military-grade security
✅ No health data advertising
✅ Complete transparency
✅ Easy data export/deletion
✅ GDPR/CCPA compliance