Overview
The short version: Almost all of your data stays on your device, encrypted, under your control. We do not sell data, serve ads, or build user profiles. The only data that ever leaves your device is anonymised cycle context used to generate AI insights — and even that is never stored after the request completes.
This Privacy Policy explains how Yori handles your information. Yori is an independent app. Our contact email is yoriapp@pm.me and our website is yoriapp.co.uk.
Data stored on your device
The following data is stored locally on your device only, encrypted with AES-256-GCM using a key derived from your PIN:
- Profile information — names, relationship types, and profile settings you enter
- Cycle data — period dates, cycle length estimates, phase predictions
- Notes — anything you write in the notes section, including mood and symptom logs
- Health conditions — any condition you set for a profile
- AI insight cache — generated insights stored locally for up to 14 days
- App preferences — accessibility settings, PIN hash, notification preferences
This data is never transmitted to our servers or any third party. It cannot be recovered if you forget your PIN or uninstall the app. We recommend using the export function to keep a backup.
AI-powered insights (Premium)
When you request a personalised daily insight, a prompt is constructed on your device and sent to a secure proxy server. This prompt contains:
- First name only — no surnames or identifying information
- Current cycle phase and day count
- Health condition (if set)
- Relationship type and life stage
- Up to 10 recent notes — text content only, no dates
- Mood trend summary
This prompt is passed to Anthropic's Claude API to generate a response. Neither our proxy server nor Anthropic's servers store the prompt or response after the request completes. No identifying information is retained by any server.
Anthropic's privacy policy is available at anthropic.com/privacy.
If you do not use the AI insights feature, nothing is ever transmitted from your device.
Analytics
Yori collects privacy-first, aggregate analytics to understand how the app is being used. These analytics:
- Are aggregate counts only — we know "10 users opened the Learn tab", not who, when, or what they saw
- Contain no user IDs, device IDs, or personal information
- Contain no cycle data, health data, or note content
- Are batched on-device and flushed as aggregate counts
- Use only a random, non-persistent session identifier that resets each session
Analytics are sent to our Cloudflare Worker endpoint. We do not use Google Analytics, Firebase, or any third-party analytics platform.
Push notifications
If you grant notification permission, Yori schedules local notifications on your device. These are generated entirely on-device based on your cycle data — no notification content is sent to or from a server. Notifications are purely local and can be disabled in your device settings at any time.
Data we do not collect
Yori does not collect, store, or transmit:
- Your name, email address, or any account information
- Device identifiers, advertising IDs, or IP addresses linked to individuals
- Location data
- Browsing history or cross-app data
- Biometric data
- Payment information (purchases are handled entirely by Google Play)
Purchases and billing
In-app purchases are processed entirely by Google Play. We do not receive or store your payment details. Our proxy server receives only a transaction confirmation — no financial data.
Children
Yori is intended for users aged 18 and over. We do not knowingly collect any information from anyone under 18.
Note on family profiles: Yori includes guidance for supporting daughters aged 11 and over. This guidance is directed at the adult using the app, not the child. No data about minors is ever transmitted from the device.
Data retention and deletion
All data is stored locally on your device. You can delete all data at any time using Settings → Danger Zone → Erase all data and reset. Uninstalling the app will also remove all locally stored data.
Analytics data that has already been flushed cannot be retrieved or deleted because it contains no identifying information — there is no way to connect it to you.
Security
- AES-256-GCM encryption for all locally stored app data
- PBKDF2 key derivation with 100,000 iterations from your PIN
- PIN lockout with escalating delays after failed attempts
- Session lock — app locks after 5 minutes of inactivity
- Brute force protection — lockout after repeated failed PIN attempts
- IP rate limiting on the AI proxy — 15 requests per IP per hour
Your rights (UK GDPR)
Because Yori stores data only on your device and collects no identifying information server-side, most UK GDPR rights are exercised directly through the app:
- Right to access — use Settings → What Yori has logged
- Right to export — use Settings → Export my data
- Right to erasure — use Settings → Erase all data and reset
- Right to portability — exported data is in standard JSON format
For any privacy concerns relating to transmitted data, contact us at yoriapp@pm.me. Because analytics contain no identifying information, we cannot retrieve or delete records linked to a specific individual.
Changes to this policy
If we make material changes to this policy, we will update the date above and show an in-app notice on the next launch. We will not reduce your privacy protections without clear notice.
Contact
If you have questions about this privacy policy or how Yori handles your data, please get in touch.
Email us at:
yoriapp@pm.me