Contents
- Data Controller & Contact
- Data We Collect
- Legal Basis for Processing (GDPR)
- How We Use Your Data
- AI-Powered Features (Bex)
- Cookies & Tracking Technologies
- Third-Party Sub-Processors
- Health & Sensitive Data
- BedPost Connect Data
- Data Sharing & Disclosure
- International Data Transfers
- Automated Decision-Making & Profiling
- Data Retention
- Data Security
- Children's Privacy
- Your Rights — EU, EEA & UK (GDPR / UK GDPR)
- Your Rights — California (CCPA / CPRA)
- Your Rights — Other US States
- Data Breach Notification
- Changes to This Policy
- Contact & Complaints
Last updated: May 13, 2026 · Effective date: May 13, 2026 · Stetty Ventures LLC, registered in Wyoming, USA
1. Data Controller & Contact
Data Controller: Stetty Ventures LLC, registered in Wyoming, United States of America.
Privacy contact: privacy@getbedpost.com
EU/EEA Representative (Article 27 GDPR): We are in the process of designating an EU representative. Until designated, EU/EEA users may contact us directly at privacy@getbedpost.com. We respond within 30 days.
UK Representative: UK users may exercise their rights under the UK GDPR by contacting privacy@getbedpost.com.
Data Protection Officer: Given the nature and scale of our processing of special-category health data, we are evaluating the appointment of a DPO. In the interim, our privacy team handles all data protection enquiries at the address above.
2. Data We Collect
We collect only the data necessary to provide and improve our service.
Account Data
- Email address, display name, username
- OAuth identifiers when you sign in with Apple or Google (we receive only the identity token and, where shared by you, name and email; we do not receive your Apple or Google password)
- Account creation date and last login timestamp
Health & Wellness Data Special Category — GDPR Art. 9
- Menstrual cycle dates, ovulation data, fertile window predictions, flow and symptom logs
- Relationship activity logs, frequency data, mood ratings, satisfaction scores, and personal notes you choose to enter
- Goal data and diary entries you create in the Journal
Profile Data
- Age range (we verify you are 18+), relationship status, gender identity, location (city-level only — never precise GPS)
- Lifestyle interest tags you select for BedPost Connect
BedPost Connect Data
- Anonymized behavioral compatibility signals derived from your wellness data (never the raw data itself)
- Compatibility scores, match preferences, connection mode, reveal history
- Anonymous messages sent within an active connection
Subscription & Payment Data
- Subscription tier and status (premium, free, founding member)
- Payment is processed entirely by Stripe (web) or Apple / Google (mobile). We do not receive or store your card number, bank details, or full billing address.
- We receive a Stripe payment token and subscription ID for the purpose of granting access to premium features.
Device & Technical Data
- Device type, operating system version, app version
- Crash reports (contain no personal or health data — processed by Sentry)
- Session tokens and JWT authentication tokens (stored in encrypted device storage)
Usage Data (Anonymized)
- Feature interactions, screen navigation, session duration — all anonymized before transmission and never linked to your identity in our analytics systems
3. Legal Basis for Processing (GDPR)
If you are in the EU, EEA, or UK, we must have a valid legal basis for each processing activity. The table below sets out our legal bases under Article 6 GDPR (general data) and Article 9 GDPR (special-category health data).
| Processing Activity | Legal Basis |
|---|---|
| Account creation, authentication, subscription management | Contract — Art. 6(1)(b) GDPR |
| Processing health/wellness data & cycle tracking | Explicit Consent — Art. 6(1)(a) & Art. 9(2)(a) GDPR |
| AI coach (Bex) personalization using wellness data | Explicit Consent — Art. 6(1)(a) & Art. 9(2)(a) GDPR |
| BedPost Connect compatibility matching (derived signals) | Explicit Consent — Art. 6(1)(a) GDPR |
| Push notifications | Consent — Art. 6(1)(a) GDPR |
| Anonymized product analytics and bug fixing | Legitimate Interests — Art. 6(1)(f) GDPR (improving the service without identifying individuals) |
| Security, fraud prevention, and abuse detection | Legitimate Interests — Art. 6(1)(f) GDPR |
| Compliance with legal obligations (tax, court orders) | Legal Obligation — Art. 6(1)(c) GDPR |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. To withdraw consent for health data processing, delete your account or contact privacy@getbedpost.com. Note that withdrawal of consent for health data processing may limit your ability to use core app features.
4. How We Use Your Data
- Provide the core service: cycle predictions, Connection Score, journal, and insights
- Personalize AI coaching through Bex using your anonymized wellness patterns
- Generate anonymized behavioral compatibility signals for BedPost Connect
- Manage your subscription and verify premium access
- Send push notifications and emails you have opted into
- Detect and prevent fraud, abuse, and terms of service violations
- Improve the product using aggregated, anonymized analytics
- Comply with applicable law and respond to lawful requests
5. AI-Powered Features (Bex)
BedPost includes an AI coaching assistant called Bex. When you use Bex:
- Your conversation messages are sent to our backend and processed to generate responses. Messages may be processed using large language model (LLM) infrastructure.
- Anonymized wellness pattern data (not raw logs) may be used to contextualize Bex's coaching — you control the depth of personalization in Settings.
- Bex conversations are not used to train external AI models and are not shared with third parties except as disclosed in Section 7.
- Bex is a wellness assistant, not a medical professional. Its responses are informational only.
If you are in the EU/EEA and we rely on automated processing that produces significant effects on you, you have the right to request human review — see Section 12.
7. Third-Party Sub-Processors
We engage the following sub-processors to deliver the service. Each operates under a Data Processing Agreement where required by applicable law.
| Sub-Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe Payments Inc. | Web subscription billing & payment processing | Email, billing country, payment-method token, subscription status. No health data. | USA / EU |
| RevenueCat | Mobile in-app purchase management (iOS & Android) | Anonymous app user ID, subscription status. No health data. | USA |
| Apple / Google | App distribution, in-app purchases, Sign In with Apple/Google | Per their own policies. We receive identity tokens only. | USA |
| Sentry | Crash reporting & error monitoring | Device type, OS version, app version, stack traces. No personal or health data. | USA |
| Mixpanel | Anonymized product analytics | Anonymized usage events only. IP anonymization enabled. No personal or health data. | USA |
| Neon, Inc. | Managed PostgreSQL database (via Replit-managed Postgres) | All persisted application data. Encrypted at rest (AES-256) and in transit (TLS 1.2+). | USA |
| Replit, Inc. | Application hosting & deployment infrastructure | All data the application processes (encrypted at rest and in transit). | USA |
Sub-processor privacy policies: Stripe · RevenueCat · Sentry · Mixpanel · Google · Neon · Replit
8. Health & Sensitive Data
Your cycle data, wellness logs, and personal notes constitute special-category personal data under GDPR Article 9 and sensitive personal information under the CCPA/CPRA. We treat this data with the highest level of protection.
- Encryption: Encrypted at rest (AES-256) and in transit (TLS 1.2+)
- Access control: No employee can access individual health records without a specific, logged business justification and authorization
- Advertising exclusion: Health and wellness data is never used for advertising targeting, regardless of your ATT consent status
- No sale: We never sell, lease, or barter your health data
- User control: You can export or delete all health data at any time from within the app
- Storage location: Primary data stored on servers in the United States — see Section 11 for transfer safeguards
9. BedPost Connect Data
BedPost Connect matches you anonymously with compatible users based on derived behavioral signals — not your raw wellness logs.
- Only derived signals are shared with the matching algorithm: timing patterns, consistency index, satisfaction weighting direction
- Raw activity logs, personal notes, cycle dates, and scores are never exposed to other users or to the matching engine in identifiable form
- Your identity remains anonymous until both users mutually agree to reveal
- Either user may re-anonymize at any time; upon re-anonymization their identity is immediately private again
- Connect messages are encrypted in transit and stored only for the duration of the active connection, then deleted 90 days after the connection ends
- Lifestyle interest tags you add are used only for compatibility matching and are not shared with advertisers
11. International Data Transfers
Stetty Ventures LLC is based in the United States. If you use the app from the EU, EEA, UK, or other jurisdictions with data transfer restrictions, your data will be transferred to and processed in the United States.
EU/EEA users: Transfers to the United States are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, or where a sub-processor participates in an adequacy framework recognized by the EU. We conduct transfer impact assessments for key sub-processors.
UK users: Transfers from the UK are made under the UK International Data Transfer Agreement (IDTA) or UK addendum to EU SCCs.
Swiss users: Transfers are made pursuant to the Swiss Federal Act on Data Protection (revFADP) and applicable SCCs.
To request a copy of the applicable transfer mechanisms, contact privacy@getbedpost.com.
12. Automated Decision-Making & Profiling
BedPost uses automated processing to deliver its core features. We are transparent about where automated decisions affect you.
Connection Score
Your Connection Score is calculated algorithmically from your wellness and activity data. This score is for your personal insight only — it is never shared with other users, employers, or insurers, and does not affect your access to the service.
BedPost Connect Matching
Connect uses an algorithm to derive anonymized compatibility signals and rank potential matches. This constitutes automated profiling under GDPR Article 22. The matching algorithm produces a compatibility signal used to suggest connections — it does not make legally significant or similarly significant decisions about you.
Cycle & Fertility Predictions
Cycle phase predictions and fertile window calculations are generated algorithmically. These are informational estimates — they are not medical advice and should not be used as the sole basis for any health decision.
Your Rights Regarding Automated Processing
If you are in the EU/EEA or UK, you have the right to request human review of any automated processing that produces significant effects on you. Contact privacy@getbedpost.com to make such a request.
13. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | For the account lifetime; deleted within 30 days of a verified deletion request |
| Health & wellness logs | For the account lifetime; permanently deleted within 30 days of account deletion |
| Connect anonymous messages | Hard-deleted 365 days after the message was sent (nightly sweep) |
| Waitlist signups (pre-launch) | Hard-deleted after 180 days of inactivity (nightly sweep) |
| Webhook event log (Stripe / RevenueCat) | Hard-deleted after 90 days (nightly sweep) |
| Subscription & billing records | Retained for 7 years as required by applicable tax and financial law |
| Crash logs | 30 days then automatically deleted |
| Anonymized analytics data | Up to 24 months; irreversibly anonymized before storage |
| Inactive accounts | Account is deleted after 24 months of inactivity. We send an advance notice 30 days before deletion so you can keep your account by simply opening the app. |
After deletion, data may persist in encrypted backups for up to 90 additional days before being permanently overwritten. Backup data is inaccessible during this period.
Erasure cascade across our processors
When you request account deletion (Settings → Privacy & Security → Delete Account), we run a coordinated cascade against every processor that holds data under your identity, tracked in an internal audit log:
- Bedpost.fun (activities, partners, scores, AI coaching history, cycle data) — deleted via authenticated DELETE.
- Local database (preferences, consent ledger, encrypted DOB, sessions, waitlist row, Connect profile and messages, Stripe mirror) — hard-deleted in a single transaction.
- Stripe — every customer matching your email is canceled and the customer record is deleted (per Stripe's
customers.del, which removes PII). - RevenueCat (mobile subscriptions) — subscriber record deleted via DELETE /v1/subscribers/{email}.
- Klaviyo (marketing emails) — profile queued for GDPR deletion via Klaviyo's data-privacy-deletion-jobs endpoint.
- Mixpanel (anonymous analytics) — user profile $deleted via the /engage endpoint.
Each provider call is retried with a 6-hour back-off up to 5 attempts. Once every provider has confirmed (or returned "no data held"), you receive a confirmation email itemizing what happened with each. If a provider remains unreachable after the final attempt, our team is alerted and completes the deletion manually within 7 days. Sentry crash reports are not listed because they only ever held anonymous identifiers.
14. Data Security
- All data in transit is protected by TLS 1.2 or higher
- Health and account data is encrypted at rest using AES-256
- Authentication tokens are stored in encrypted device storage (iOS Keychain / Android Keystore / secure browser storage)
- Access to personal data systems is restricted to authorized personnel on a need-to-know basis and is access-logged
- We conduct regular security reviews and penetration testing
- Employees with access to personal data receive privacy and security training
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@getbedpost.com.
15. Children's Privacy
BedPost is intended exclusively for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover we have received data from a minor, we will delete it promptly.
If you believe a minor has created an account, please contact privacy@getbedpost.com immediately.
BedPost is not directed at children and is not subject to the Children's Online Privacy Protection Act (COPPA) as we take active steps to prevent access by minors.
16. Your Rights — EU, EEA & UK (GDPR / UK GDPR)
If you are located in the EU, EEA, or UK, you have the following rights under the GDPR and UK GDPR. These rights apply to all personal data we process about you.
- Right of Access (Art. 15) — Request a copy of all personal data we hold about you, including information on processing purposes, categories, recipients, and retention periods.
- Right to Rectification (Art. 16) — Request correction of inaccurate or incomplete personal data.
- Right to Erasure / "Right to be Forgotten" (Art. 17) — Request deletion of your personal data where there is no compelling reason for us to continue processing.
- Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format (JSON or CSV) and have it transmitted to another controller where technically feasible.
- Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
- Right to Restrict Processing (Art. 18) — Request that we limit how we use your data in certain circumstances (e.g., while accuracy is disputed).
- Rights in relation to automated decision-making (Art. 22) — Request human review of automated processing decisions that significantly affect you.
- Right to Withdraw Consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. Every grant and withdrawal is recorded in our Consent Ledger (see below) so you (and we) have a tamper-evident audit trail of when each permission was given or revoked.
- Right to Lodge a Complaint — Lodge a complaint with your local supervisory authority. EU users may contact the supervisory authority in their Member State. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any right, email privacy@getbedpost.com. We will respond within 30 days (extendable to 90 days for complex requests, with notice). We do not charge a fee for legitimate requests. We may ask you to verify your identity before processing sensitive requests.
17. Consent Ledger
BedPost maintains an append-only consent ledger — a tamper-evident audit log that records every privacy choice you make in the app and on the web. Each row is a single event; we never overwrite an existing row when you change a setting, we add a new row on top of it.
For each event we store the consent type (e.g. analytics, location, marketing email, age 18+ attestation), whether you granted or revoked it, the source of the change (signup form, in-app settings, or cookie banner), the timestamp, a one-way hash of the IP address, and a truncated user-agent string. The IP itself is never stored — only its hash, which lets us prove the same source across events without retaining the address.
Reads always return the latest event per type, so toggling Analytics off in Privacy Settings causes our analytics SDK (Mixpanel) and crash reporter (Sentry) to stop transmitting at runtime within seconds — gated by the consent flag in the client. Analytics defaults to revoked for every new account; we do not pre-tick consent boxes.
You can request a CSV export of your full consent history at any time by emailing privacy@getbedpost.com, and your account's current state is visible in Settings → Privacy & Security.
18. Age Verification & Encrypted Date of Birth
BedPost is an 18+ product. At signup we ask for your full date of birth and apply a region-aware age check before creating the account:
- Under 13 — registration is blocked everywhere (COPPA, US).
- Under 16 — registration is blocked in the EU, EEA, and UK (GDPR Art. 8 / UK GDPR digital-services minimum).
- Under 18 — registration is blocked everywhere as part of our Terms of Service.
The date you provide is encrypted at rest with AES-256-GCM (the same versioned-key scheme we use for proxy credentials — see our security overview) and stored separately from your profile so administrators cannot read it casually. We retain it solely to verify your age, satisfy law-enforcement requests where legally compelled, and demonstrate compliance with the regional minimums above. We never display it back to you in cleartext outside of a verified data-export request.
17. Your Rights — California (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights.
Categories of Personal Information Collected (Last 12 Months)
- Identifiers: email address, username, device identifiers
- Sensitive Personal Information: health and wellness data; sexual behavior and activity data (used only to provide the service — not to infer characteristics for advertising)
- Commercial information: subscription and transaction records (via Stripe / Apple / Google)
- Internet or electronic network activity: anonymized usage data
Your CCPA / CPRA Rights
- Right to Know — Request disclosure of the specific personal information we have collected about you and how it is used and shared.
- Right to Delete — Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. This right is therefore already in effect.
- Right to Limit Use of Sensitive Personal Information — We use your sensitive personal information only to provide the services you request. We do not use it for profiling or advertising.
- Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA rights.
To exercise these rights, email privacy@getbedpost.com or use the in-app Data & Privacy settings. Authorized agents may submit requests with written authorization. We will respond within 45 days (extendable to 90 days with notice).
18. Your Rights — Other US States
Residents of the following states have privacy rights similar to California's under their respective laws. In all cases, contact privacy@getbedpost.com to exercise any right.
| State | Law | Key Rights |
|---|---|---|
| Virginia | VCDPA | Access, correction, deletion, portability, opt-out of sale/profiling |
| Colorado | CPA | Access, correction, deletion, portability, opt-out of sale/profiling |
| Connecticut | CTDPA | Access, correction, deletion, portability, opt-out of sale/profiling |
| Texas | TDPSA | Access, correction, deletion, portability, opt-out of sale/profiling |
| Oregon | OCPA | Access, correction, deletion, portability, opt-out of sale/profiling |
| Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota | Various | Access, correction, deletion, opt-out of sale — contact us to exercise |
We honor privacy rights requests from all US states regardless of whether a specific state law currently applies to us. We do not sell or share personal information, so opt-out-of-sale rights are already in effect for all users.
19. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority (EU/UK) within 72 hours of becoming aware of the breach, where feasible
- Notify affected users without undue delay when the breach is likely to result in a high risk to your rights and freedoms
- For US residents, comply with applicable state breach notification laws (timing varies by state, generally 30–60 days)
- Notify you via email to the address on your account and/or via in-app notification
Our breach response team conducts regular drills and maintains an incident response plan. To report a potential security incident, email security@getbedpost.com.
20. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via in-app notification and/or email at least 30 days before changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
For non-material changes (e.g., clarifications, correcting typos), we will update the date and post the revised policy without prior notice. Continued use of BedPost after the effective date of material changes constitutes acceptance of the updated policy.
21. Contact & Complaints
Registered in Wyoming, USA
Supervisory Authority Complaints
If you are in the EU/EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with the data protection supervisory authority in your Member State. A full list of EU supervisory authorities is available at edpb.europa.eu.
UK users may complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint
We encourage you to contact us first so we can address your concern directly.