Privacy Policy
Privacy Policy
Last updated: September 6, 2025
Highjump Labs, LLC (“Highjump Labs,” “we,” “our,” or “us“) respects your privacy. This Privacy Policy explains what data we collect, how we use it, how we share it, and the choices you have when you use PrimeSync and our related websites, products, and services (collectively, the “Services”). If you do not agree with this policy, please do not use the Services.
1. Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Email address, password (hashed), optional name, phone number, social-media handle | Create and secure your account; communicate with you |
| Relationship Data (User Content) | Notes, photos, menstrual-cycle information, intimate-activity logs, other text you deliberately add | Provide the core CRM features you request |
| Device & Usage Data | IP address, device ID, operating system, app version, coarse location (derived from IP), in-app actions, crash logs (Firebase Crashlytics) | Analytics, security, debugging, crash reporting, and service improvement |
| Sensitive/Health Data | Health-related cycle information; sexual-activity notes | Provide reminders & insights at your request (you control whether to enter this data) |
| Cookies & Similar Tech (website only) | First-party cookies for basic operations and analytics (see § 6) | Understand website traffic and improve the site |
Children: We do not intentionally collect data from or about children under 13 (see § 11).
Device permissions (mobile app).
Photos/Media: Optional; only when you add an avatar or attach a photo.
Biometrics (Face ID / fingerprint): Optional; used locally on your device for app unlock. We do not receive biometric data.
Location: We do not request precise GPS location. We may infer coarse location from IP for security and analytics.
Camera/Microphone: Not requested by the app.
Partner/third-party information you enter.
PrimeSync lets you store information about other people (e.g., a partner’s cycle). Only add such information if you have that person’s express permission. You can delete it at any time (§ 7), and they may request deletion through you or by contacting us (§ 12).
2. How We Use Your Information
We use personal information to:
Provide & maintain the Services (e.g., store your notes, sync across devices, send reminders you configure).
Process in-app purchases and manage subscriptions via Apple App Store or Google Play. We do not handle your full card details. Stripe is not used in the app.
Send administrative messages (e.g., password resets, service or billing notices). We do not send marketing emails.
Send optional push notifications for reminders and service alerts you enable; you can control these in Settings.
Analyze usage and reliability with Firebase Analytics, Google Analytics (website), and Firebase Crashlytics (crash reporting) to improve performance and plan features.
Prevent fraud and secure the Services (e.g., monitor suspicious logins).
Comply with legal obligations and enforce our Terms of Service.
Health data processing boundaries.
Health-related entries you choose to store are used only to provide app features (e.g., predictions, reminders) and related safety/quality purposes. We do not use health data for advertising, and we do not send health content to Crashlytics.
3. Legal Bases (EEA/UK)
PrimeSync currently targets users in the United States. If you reside in the EEA/UK and choose to use the Services, our lawful bases under the GDPR/UK GDPR are:
| Purpose | Lawful Basis |
|---|---|
| Account registration & core features | Contract (Art. 6(1)(b)) |
| Analytics & crash reporting | Legitimate interests (service improvement) |
| Processing health-related/special-category data | Explicit consent (Art. 9(2)(a)); you may withdraw at any time in Settings |
| Optional push reminders | Consent (you may withdraw anytime) |
| Compliance with law | Legal obligation |
We rely on Standard Contractual Clauses for transfers of EEA/UK data to the United States (e.g., Google Firebase & Analytics).
4. How We Share Information
We share personal information only as necessary:
| Recipient | Role | What They Receive |
|---|---|---|
| Google Firebase (Firestore/Storage) & Google Cloud | Cloud hosting & database | User Content (encrypted at rest) and limited account/usage data to operate/sync the app. Health-related entries are stored only with these providers and are not shared with advertisers. |
| Firebase Crashlytics (Google) | Crash reporting | Crash logs and device/app metadata associated with crashes (not your health content). |
| Analytics: Firebase Analytics (app) & Google Analytics (website) | Usage analytics | Pseudonymous usage metrics and events to help improve the Services (not health content). |
| Apple App Store / Google Play | Payment processors for IAP | Purchase receipts and subscription tokens to validate and manage your subscription. |
| Service providers & advisors (e.g., auditors) | Contracted support | Limited data under confidentiality and data-protection terms. |
| Law enforcement / regulators | Legal compliance | As required by applicable law or court order. |
We do not “sell” or “share” your personal information for cross-context behavioral advertising under the California Consumer Privacy Act (CCPA/CPRA). We may publish aggregate, de-identified statistics (e.g., average number of profiles per user) that cannot reasonably identify you.
5. Data Retention & Deletion
| Data Type | Retention Period |
|---|---|
| User Content (including health entries) & Account Data | Deleted from live systems promptly after you confirm account deletion or withdraw consent for health data. Encrypted backups are purged within 90 days. |
| Purchase Records | 7 years (tax & accounting). |
| Analytics & Logs (including Crashlytics) | Up to 12 months, then aggregated or deleted. |
If retention periods change, we will update this policy.
6. Cookies & Tracking Technologies (Website)
Our marketing site uses first-party cookies for:
Strictly necessary operations (e.g., load balancing); and
Analytics via Google Analytics (anonymized IP, no behavioral ads).
We currently do not set marketing/remarketing cookies. If that changes, we will update the banner and this policy.
7. Your Choices & Controls
Access & Export: A self-service JSON/CSV export tool is coming soon. Until then, email us to request a copy.
Correction: Edit your data at any time in-app.
Deletion: Use the in-app Delete Account button; we erase data per § 5.
Withdraw consent for health data: Turn off cycle tracking in Settings and delete health entries; we’ll stop processing and remove health data from live systems.
Emails: We send administrative emails (e.g., password resets). We do not send marketing emails.
Push notifications: Optional and opt-in; control reminders and notification settings in the app or your device OS.
Do Not Track: PrimeSync does not respond to DNT browser signals, but you can disable analytics cookies via the cookie banner.
California (CCPA/CPRA): Residents may exercise rights of access, deletion, correction, and limiting use of sensitive information by contacting us (see § 12).
Data about other people: Only add someone’s information (including cycle data) with their permission. If they ask you—or us—to delete it, we will honor that request.
Subscriptions & Billing. Purchases and subscription management occur only through the Apple App Store and Google Play. You can manage or cancel your subscription via your Apple/Google account settings. We do not process card payments directly.
8. Security
We employ administrative, technical, and physical safeguards, including:
Encryption in transit (TLS 1.2+) and at rest (e.g., AES-256 on Firebase);
Role-based staff access with audit logs; access to health data is limited and only as necessary for support or legal compliance;
Regular security reviews and vulnerability monitoring;
Optional biometric unlock stored locally on your device.
No system is 100% secure, but we strive to protect your information.
9. International Transfers
Your data is stored on Google Cloud servers located in the United States. If you reside outside the US, be aware that U.S. laws may differ from those in your jurisdiction. Where required, we use approved transfer mechanisms (e.g., Standard Contractual Clauses).
10. Changes to This Privacy Policy
We may update this policy. Material changes will be announced in-app or by email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.
11. Children’s Privacy
PrimeSync is not directed to children under 13 and we do not knowingly collect data from them. If we learn we have, we will delete it promptly. Parents who believe their child has provided data can contact us (see § 12).
12. Contact Us
Questions, concerns, or requests? Email hello@primesync.app (or hello@highjumplabs.com) or write to:
Highjump Labs, LLC
4601 E. Douglas Ave., Suite 150
Wichita, KS 67218 USA
If you reside in the EEA/UK, you may also lodge complaints with your local data-protection authority.
13. Health Information & No Medical Advice
PrimeSync is not a medical device and does not provide medical advice, diagnosis, or treatment. Any insights or suggestions related to cycle phases are educational and for well-being support only. They may be inaccurate or incomplete and should not be relied upon for medical decisions. Always consult a qualified health professional with questions about health or medical conditions. Do not use PrimeSync in emergencies—call your local emergency number instead.
PrimeSync is designed for consumer use, not for healthcare providers or uses regulated by healthcare privacy laws. Do not use PrimeSync to store Protected Health Information (PHI) on behalf of a healthcare provider or insurer.