Mella ("we", "us", "our") values your privacy. This policy covers the Mella website at mella.health and the Mella iOS app. By using Mella, you agree to the practices described here.
Information We Collect
- Account data. When you sign up, we receive your email address from the sign-in method you choose: Sign in with Apple, Sign in with Google, or (on the website) by submitting your email during the assessment. We may also receive a unique identifier provided by Apple or Google and your name if you share it. If you use Apple's private email relay, we only see the relay address.
- Assessment and wellness inputs. Your responses to the perimenopause assessment, including demographic information, symptoms, cycle dates you enter, and any sleep or mood check-ins. This is used to generate your personalized perimenopause insights.
- Contact information. Email address and, on the website only, a phone number if you choose to provide one for assessment follow-up.
- Subscription and purchase data. If you purchase a subscription, Apple (in the app) or Stripe (on the web) processes the payment and provides us with a transaction identifier, product identifier, and subscription status. We do not receive your card details or your Apple ID.
- Usage and diagnostic data. Pages visited, features used, device type, operating system, app version, and crash or performance data, used to improve the product.
- Communications. Messages you send us via email or support channels.
Mella does not read data from Apple HealthKit. If a future version of Mella enables HealthKit integration, this policy will be updated and you will be asked for explicit permission in the app.
How We Use Your Information
- Generate your personalized perimenopause assessment and ongoing insights
- Provide and maintain your account and subscription
- Improve the product and diagnose technical issues
- Communicate with you about your account, subscription, or support requests
- Contact you via text message about assessment results, if you provided a phone number on the website
- Detect and prevent fraud or abuse
- Comply with legal obligations
Service Providers
We work with vetted service providers in the following categories. Each processes data under its own privacy terms, and we share only what is necessary for them to provide their specific function.
- Authentication (Sign in with Apple, Sign in with Google)
- Payment processing (for App Store and web payments)
- Cloud hosting, database, and account infrastructure
- Analytics and crash reporting
- Customer communication (email and SMS)
We can share the specific providers on request. Contact us at hello@mella.health.
Data Retention
We retain your data only as long as needed to provide the service and to comply with legal obligations. When you delete your account, we remove your account data, assessment inputs, and subscription records we store, and we revoke your Sign in with Apple token on our side. Copies in backups are purged on our standard backup rotation.
Your Rights
- Access and correction. Request a copy of your data or correct it by contacting us.
- Deletion. Delete your account in the app under Profile → Delete Account, or email us. Deletion removes your data and revokes Sign in with Apple on our side.
- Withdraw consent. Stop using the app and delete your account.
- No sale of personal information. We do not sell your personal information.
- Regional rights. If you are in the EEA, UK, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA. Contact us to exercise them.
Washington Residents
If you live in Washington State, the My Health My Data Act gives you specific rights over health-related information you provide. You can:
- Request a list of categories of consumer health data we collect and who we share it with
- Withdraw any consent you have given
- Request deletion of your consumer health data, which we will process in the app through the Delete Account flow or by email
- Appeal any denial of a request by emailing hello@mella.health
We do not sell consumer health data and we do not share it with third parties outside the service-provider relationships described above.
Children
Mella is intended for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data, contact us and we will delete it.
Security
We follow industry best practices to protect your data, including encryption in transit, trusted authentication providers, and access controls on our systems. We update our security posture as technology and threats evolve.
Changes to This Policy
We will update this page when our practices change and update the "Last updated" date. Material changes will be communicated by email or in-app notice.