Can law enforcement compel Soulwise to hand over my cycle data?

We cannot hand over what we do not have. Cycle entries are encrypted on-device with a key only your device holds. We do not store decryption material on any server. A subpoena to Soulwise would return encrypted ciphertext we cannot read.

What about advertising trackers?

Zero. The Soulwise app ships with no third-party ad-tech, no Meta SDK, no Google tag, no growth-attribution pixels in the cycle flow. Our anti-claim lint enforces it.

What if I delete the app?

The local key is erased. Any cloud sync (Premium opt-in) is also encrypted under the same key; without the key the sync blob is unreadable.

Soulwise

Period Privacy

The post-Roe landscape changed the floor on period-tracker privacy. Several mainstream apps in 2022–2023 were caught sharing cycle data with ad networks; one settled with the FTC for $1M+ over Meta and Google sharing. Soulwise was designed after those events; the privacy posture is the moat, not a marketing line.

What Soulwise stores, where

Data	Where it lives	Encrypted?	Shared?
Cycle entries (chips, notes)	Device keychain	Yes (device key)	No
Letters (past/future)	Device keychain	Yes (device key)	No
Phase estimates	Device, recomputed daily	N/A — derived	No
Account email	Server	Server-side AES	Auth only
Premium subscription	App-store managed	Per platform	App-store only

The cycle data — the part that matters — never leaves your device unencrypted.

What is not in the app

Meta SDK
Google Analytics tag (in the cycle flow)
Facebook pixel
TikTok pixel
AppsFlyer / Adjust / similar growth-attribution SDKs (in the cycle flow)
Any third-party SDK that reads, decrypts, or derives signal from your cycle entries

Marketing/install attribution lives in a separate auth/onboarding scope that never touches cycle data. The anti-claim lint covers content; the SDK isolation covers data.

Jurisdiction-aware defaults

Soulwise auto-detects your locale and sets the safer default for your jurisdiction. See jurisdiction-aware-privacy for the full mapping. Examples:

US trigger-law states (Texas, Idaho, Oklahoma, Tennessee, Missouri, Arizona): cloud sync is off by default. Any sync requires explicit opt-in and a second password layer.
EU (Germany, France, Spain, Italy, etc.): GDPR-aligned data subject rights surfaced in the privacy screen.
UK: ICO-aligned defaults; equivalent rights.
Other: strictest default.

One-tap rights

Export: full archive in JSON, encrypted with a passphrase you choose. Decrypts on any device.
Erase: local key and cloud blob deleted. Confirmation modal, not a permanent on-screen button.

What changes at premium

Premium adds optional encrypted cloud sync (same key derivation, end-to-end). The default remains local. Premium does not add any ad-tech.

Where to learn more

The /soulwise/privacy page has the in-app walkthrough.
The non-medical-cycle-tracking glossary entry covers the regulatory posture.
Jurisdiction-aware privacy explains why defaults differ by region.

Apply This Knowledge

Put astrology into practice with AI-powered natal chart analysis.

Get My Free Natal Chart