Question 1

What does 'zero-knowledge' actually mean here?

Accepted Answer

It means CycleLife is built so we can't read your health entries — not 'we promise not to'. Your passphrase generates an encryption key on your device, and your entries are encrypted with that key before they ever leave your browser. We store the resulting ciphertext.

Question 2

Who can read my entries?

Accepted Answer

Only you, on a device where you've entered your passphrase. Not our staff, not our cloud provider, not anyone who copies our database.

Question 3

What does CycleLife's database actually contain?

Accepted Answer

An account record (an email or just a username if you chose anonymous mode), and opaque encrypted blobs of your entries. Without your passphrase, those blobs are unreadable noise.

Question 4

What encryption do you use?

Accepted Answer

AES-256-GCM for your entries, with a key derived from your passphrase using PBKDF2-SHA-256 at a high iteration count. The key never leaves your device.

Question 5

Is my data encrypted at rest and in transit?

Accepted Answer

Yes — both. Transport uses TLS to our servers, and your sensitive entries are already encrypted before that transport even begins, so the contents stay sealed end-to-end.

Question 6

What happens if I forget my passphrase?

Accepted Answer

We can't recover it — that's the trade-off of true privacy. Your old encrypted entries become permanently unreadable, and you can start a fresh account anytime. If you want a safety net, write your recovery phrase down and keep it somewhere offline.

Question 7

Can I change my passphrase?

Accepted Answer

Yes. When you change it, your entries are re-encrypted on your device with the new key. The server only ever sees the new ciphertext.

Question 8

Do I need to give a real name or email?

Accepted Answer

No. Anonymous mode lets you sign up with just a username and a passphrase. There is no required identity field.

Question 9

Can I delete everything? How fast?

Accepted Answer

One tap from Settings → Privacy deletes your account and entries. We honor it within 24 hours, including backups.

Question 10

If you can't read my data, how does Eva (the AI) work?

Accepted Answer

Eva runs against entries that are decrypted locally in your browser. Any prompt sent to the AI gateway goes without your account identifiers, and nothing you write is used to train the underlying models.

Question 11

Do you share data with employers offering CycleLife as an EAP?

Accepted Answer

Never individual data. Employers see only aggregate, anonymized counts (for example, 'X employees activated the menopause hub this month'). They cannot see who, or any health entry.

Question 12

Is my data shared with third parties or advertisers?

Accepted Answer

No. We don't sell data, we don't run ad networks on you, and we don't ship your entries to analytics tools. The business model is paid subscriptions and employer plans, not surveillance.

Question 13

How do you comply with GDPR and HIPAA?

Accepted Answer

We are GDPR-aligned: lawful basis, data minimization, export and erasure on request. HIPAA applies to US healthcare providers rather than direct-to-consumer apps, but our architecture meets or exceeds its technical safeguards.

Question 14

What about law enforcement requests?

Accepted Answer

We can only hand over what we hold, which is account metadata and ciphertext. Without your passphrase, the contents of your entries cannot be produced — by us or by anyone with our database.

Your data is yours. Full stop.

You hold the key

Encrypted before it leaves

We store ciphertext

Anonymous mode

Privacy by design

What we collect

What we don't collect

Your rights

If you forget your passphrase

More questions?