← Back to Home

Privacy Policy

Last updated: January 2025

Introduction

At HerFreedom101 (“we”, “us”, or “our”), your privacy is fundamental to everything we do. We are a UK-based wellness platform and we take our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 seriously.

This Privacy Policy explains what data we collect, why we collect it, how we protect it, and the rights you have over it. Please read it carefully. If you have any questions, contact us at privacy@herfreedom101.com.

1. What Data We Collect

Account Data

When you create an account, we collect:

  • Name and email address
  • Profile information (bio, interests, profile photo)
  • Timezone preferences

Health & Wellness Data

Because HerFreedom101 is a wellness platform, we collect what may be considered special category health data under UK GDPR. This includes:

  • Mood & emotional data — how you feel each day, desired emotions, energy levels
  • Sleep quality — your self-reported sleep scores
  • Menstrual cycle data — if you opt in to period tracking (last period date, average cycle length)
  • Wellbeing notes — what feels off (e.g. stress, fatigue, anxiety) as you share in daily check-ins
  • Evening reflections — mood, body feelings, gratitude, things you're letting go of

Your health data is encrypted at rest using AES-256-GCM. We process this data on the legal basis of your explicit consent, which you can withdraw at any time by deleting your account.

Usage & Activity Data

To personalise your experience, we also collect:

  • Wellness ritual completions and reflections
  • Learning path and lesson progress
  • Journal entries and activity logs
  • Community posts, comments, and interactions
  • Gamification data (petals, energy, streaks, levels)
  • Little wins you record throughout the day

Payment Information

If you subscribe to Freedom+ or Freedom VIP, payments are processed securely through Stripe. We do not store your card details on our servers — Stripe handles all payment data under their own PCI-DSS compliance.

2. How We Use Your Data

We use your information to:

  • Personalise your oracle cards, ritual recommendations, and daily guidance
  • Power the Chi AI chat feature (see section 3 for details)
  • Track your progress and celebrate your achievements
  • Enable community features and connections
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password reset, newsletters you opt in to)
  • Improve our platform and develop new features
  • Provide customer support

3. Third-Party Services

We do not sell your data. The following third-party services may process your data as part of delivering our platform:

🤖

Anthropic (AI Chat — Chi)

Chi, our AI companion, is powered by Anthropic's Claude API. When you use Chi Chat, your messages and limited personalisation context (your first name and today's check-in data such as mood and focus area) are sent to Anthropic's servers to generate responses.

Under Anthropic's standard API terms, your conversation data is not used to train their AI models. Chi Chat requires your explicit consent before first use.

Learn more: anthropic.com/privacy

💳

Stripe (Payments)

Stripe processes all subscription payments. Your name, email, and billing address are shared with Stripe to complete transactions. Stripe is PCI-DSS Level 1 certified.

Learn more: stripe.com/privacy

📧

Resend (Email)

We use Resend to send transactional emails (account verification, password reset) and newsletters you opt in to. Your email address and name are shared with Resend for this purpose.

Learn more: resend.com/privacy

4. Data Retention & Deletion

We retain your data for as long as your account is active. If you delete your account, all your personal data is permanently deleted from our systems, including:

  • Your profile and account information
  • All check-ins, evening flows, and health data
  • Journal entries, rituals, and activity logs
  • Community posts and messages
  • Chi Chat sessions

Deletion is cascading — removing your account removes everything associated with it. Some anonymised, aggregated data (e.g. platform usage statistics with no personally identifiable information) may be retained for service improvement.

5. Data Security

We implement multiple layers of security to protect your data:

  • All data in transit is encrypted using HTTPS/TLS
  • Sensitive health data (mood, cycle data) is encrypted at rest using AES-256-GCM
  • Passwords are hashed using bcrypt with a strong salt
  • Accounts are protected against brute-force with lockout after repeated failed logins
  • Our database is hosted on secure cloud infrastructure
  • We regularly review and update our security practices

6. Your Rights (UK GDPR)

As a UK resident, you have the following rights over your personal data:

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can update or correct inaccurate information directly in your account settings.

Right to Erasure (“Right to Be Forgotten”)

You can delete your account at any time. All associated data is permanently and immediately deleted.

Right to Data Portability

You can export all your data (check-ins, rituals, journal entries, wins) in JSON or CSV format from your journal page at any time.

Right to Withdraw Consent

Where we process your data based on consent (e.g. health data, Chi Chat), you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your data lawfully.

To exercise any of these rights, contact us at privacy@herfreedom101.com. We will respond within 30 days.

7. Cookies

We use the following types of cookies:

  • Essential cookies: Required to keep you signed in and for the platform to function. Cannot be disabled.
  • Preference cookies: Remember your settings (e.g. sound preferences, currency selection). You can opt out of these.
  • Analytics cookies: Help us understand how the platform is used so we can improve it. Only set if you accept all cookies.

You can manage your cookie preferences using the cookie consent banner shown on first visit, or by contacting us.

8. Children's Privacy

HerFreedom101 is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@herfreedom101.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of HerFreedom101 after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related queries, data subject requests, or concerns, please contact our privacy team:

HerFreedom101 — Privacy Team

Email: privacy@herfreedom101.com

We aim to respond to all privacy requests within 30 days.