Privacy Policy

Last updated: June 24, 2026

Solena is a product developed by 20-80 Editorial Unipessoal Lda. We are committed to protecting your privacy — especially given the sensitive nature of personal health data. This policy explains exactly what we collect, how we use it, and your rights over it.

We will never sell, rent, or share your personal data or health information with advertisers or third parties. Your data exists only to serve you.

1. What we collect

Account information

Health data (entered voluntarily by you)

AI conversation data

Community data (only if you choose to participate in Contigo)

Device and preference data

2. How we use your information

Your health data is never used to train shared AI models or benchmarks. Pattern insights are built solely from your own logged data.

3. Data storage and security

All personal and health data is stored in Supabase, a PostgreSQL database service with row-level security (RLS) enforced at the database level. This means no other user — or anyone without your credentials — can access your records, even in the event of an application-layer bug.

Data is encrypted at rest and in transit. Supabase infrastructure is hosted in EU-region servers (AWS eu-west). You can review Supabase's security practices at supabase.com/security.

Language preference is stored locally on your device and synchronised with your account so Solena can respond in your language across sessions.

4. Health data — special category

Health and menopause-related data is considered sensitive personal data under GDPR Article 9. We process it under your explicit consent, given when you create an account and begin logging. You may withdraw this consent at any time by deleting your account.

This data is used exclusively to generate your personal pattern insights and health reports. It is never disclosed to third parties, employers, insurers, or researchers without your separate, explicit written consent.

5. Third-party services

We use a limited set of third-party services to operate Solena. All processors are contractually bound to handle your data only as we instruct:

We do not use advertising networks or data brokers.

5b. Administrative access

Solena's founding team has technical access to the database for the purpose of operating, debugging, and maintaining the service. This access is limited, logged with a stated reason, and subject to strict confidentiality obligations. When technical access is required, the team sees only your health data — never your name or contact information, which are stored separately. We will never access your data unless required to resolve a technical problem, and will never share what we access with any third party.

5c. Collective intelligence

With your opt-in consent, your anonymised patterns — with no link to your identity — contribute to aggregate insights about perimenopause across all Solena users. This data is subject to k-anonymity (minimum group size enforced before any statistic is calculated), meaning individual data can never be reverse-engineered. You can opt in or out at any time from your profile settings. Opting out does not affect any other feature of the service.

6. Your rights

7. Data retention

Your data is retained for as long as your account is active. If you delete your account, all personal information and health logs are permanently and irreversibly deleted within 30 days. Anonymised aggregate statistics (with no connection to your identity) may be retained for internal research purposes.

8. Children

Solena is intended for adults aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, please contact us and we will delete the account immediately.

9. Cookies and analytics consent

Solena uses PostHog for product analytics (EU servers). PostHog is only activated after you explicitly accept cookies. If you decline, no analytics data is collected. PostHog receives only an anonymous user ID — your email, name, and health data are never sent to analytics services.

10. GDPR (European Union)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). The data controller is 20-80 Editorial Unipessoal Lda., registered in Portugal. Legal basis for processing: explicit consent (Article 6(1)(a) and Article 9(2)(a) for health data). You may lodge a complaint with the Portuguese data protection authority (CNPD) at cnpd.pt or with your local supervisory authority.

11. Security breach notification (FTC Health Breach Notification Rule)

If we discover a breach of unsecured health data, we will notify each affected user by email within 60 calendar days. The notification will include: what data was affected, what third parties (if any) accessed it, what steps we are taking, and how to contact us. If the breach affects 500 or more users, we will also notify the U.S. Federal Trade Commission and relevant media outlets within the same timeframe.

12. Changes to this policy

We may update this policy as the app evolves. If changes are material, we will notify you by email at least 14 days in advance. The date at the top of this page always reflects the most recent version.

13. Contact

For any privacy-related questions, data requests, or to exercise your rights, contact us at . We respond within 48 hours.