The short version โ in plain language:
- Local Cycle cannot connect to the internet. The app has no network permission in its code.
- Your data never leaves your device. There are no servers, no cloud sync, no accounts.
- All data is encrypted with AES-256 (SQLCipher) and protected by your PIN.
- No third-party SDKs for advertising, analytics, or crash reporting are included.
- You can delete all data at any time by uninstalling the app.
1. Who we are
Local Cycle is an independently developed mobile application created by Kevin Orndorff. There is no company, no team, and no third-party service provider involved in the operation of this app.
Contact: kborndorff@gmail.com
2. What data the app stores
Local Cycle stores the following data locally on your device, inside an AES-256 encrypted database. This data is never transmitted anywhere.
| Data type | Why it's stored | Shared? |
|---|---|---|
| Menstrual cycle dates (period start & end) |
Core app function โ cycle tracking and predictions | Never |
| Symptoms (e.g. cramps, headache, bloating) |
Day log entries and symptom correlation insights | Never |
| Mood | Day log entries | Never |
| Flow intensity | Day log entries | Never |
| Basal body temperature (BBT) | Optional temperature tracking for fertility awareness | Never |
| Pregnancy mode state (LMP date, if activated) |
Gestational age calculation and milestone display | Never |
| Notes (free text) | Optional per-day journal notes | Never |
| PIN hash / biometric flag | Locking the app โ stored in the device's hardware-backed Keystore | Never |
3. How your data is protected
AES-256 encryption at rest. All cycle and health data is stored in an SQLCipher-encrypted SQLite database. The encryption key is derived from your PIN using Argon2id, a memory-hard key derivation function designed to resist brute-force attacks.
Hardware-backed key storage. The app uses Android's hardware-backed Keystore (or iOS Secure Enclave) for PIN-derived key material and the optional biometric unlock flag.
Screen security. The app sets the
FLAG_SECURE window flag, which prevents the app contents from
appearing in screenshots and in the Android recents switcher.
No backup to cloud. android:allowBackup="false" and
android:fullBackupContent="false" are set in the app manifest,
preventing Android from automatically backing up app data to Google's servers.
4. Network access
Local Cycle does not have the
android.permission.INTERNET permission. This is a hard constraint
enforced at the operating-system level โ not a setting, not a toggle. The
app is physically incapable of making any network request regardless of what
code runs inside it.
You can verify this independently using any APK analysis tool (e.g. JADX, APKTool, or the Play Store's "App permissions" detail screen) and confirming that INTERNET is absent from the declared permissions.
The only exception is in-app purchases, which are handled entirely by Google Play Billing / Apple StoreKit โ platform components that run outside the app process. These services are governed by Google's and Apple's own privacy policies, not ours.
5. Third-party SDKs and libraries
Local Cycle contains no third-party SDKs for advertising, analytics, crash reporting, remote logging, A/B testing, or user profiling.
The libraries used are:
| Library | Purpose | Network access? |
|---|---|---|
| Flutter / Dart runtime | UI framework | None |
| SQLCipher (via sqlcipher_flutter_libs) | AES-256 encrypted database | None |
| Drift | Type-safe local database queries | None |
| flutter_secure_storage | Keystore-backed secure storage for PIN key | None |
| local_auth | Biometric / fingerprint unlock prompt | None |
| flutter_local_notifications | On-device period reminder notifications | None |
| in_app_purchase | One-time Pro unlock via Google Play / App Store | Play / App Store only |
| health | Optional read/write to on-device Health Connect | None |
| pdf / printing | Local PDF report generation | None |
| share_plus | Opens the OS share sheet for backup export | None |
| fl_chart | Local chart rendering (BBT graph) | None |
6. Health Connect / Apple Health integration
If you choose to enable Health sync, the app requests permission to write menstruation flow data to Android Health Connect (or Apple Health on iOS). This is entirely optional, requires explicit user consent at runtime, and can be revoked at any time in your device's Health settings.
Health Connect and Apple Health are on-device stores. Local Cycle writes to them โ it does not read your data from them. No health data is sent to any server as a result of this integration.
7. Android permissions declared
| Permission | Reason |
|---|---|
USE_BIOMETRIC |
Optional biometric unlock (fingerprint / face). Not required for PIN-only mode. |
VIBRATE |
Haptic feedback on UI interactions. |
POST_NOTIFICATIONS |
Period reminder notifications. Requested at runtime on Android 13+. |
RECEIVE_BOOT_COMPLETED |
Re-registers scheduled period reminders after device restart. |
health.READ_MENSTRUATIONhealth.WRITE_MENSTRUATIONhealth.READ_STEPS |
Health Connect integration. Requested at runtime only if you choose to enable Health sync. |
8. Data export and deletion
Export. You can export your data at any time via the app menu (CSV or JSON format). The exported file is saved locally and shared only through the OS share sheet โ it is not uploaded anywhere automatically.
Backup. The app includes an encrypted backup feature that
produces a .lcbackup file. You choose where to save or send it.
Deletion. Uninstalling the app permanently removes all data, including the encrypted database and all secure storage entries. There is no server-side data to delete because no data was ever sent to a server.
9. Children's privacy
Local Cycle is not directed at children under 13 (or under 16 in the European Economic Area). If you believe a child has used the app, all data can be removed by uninstalling it. There is no account to delete or server record to erase.
10. Changes to this policy
If this policy is updated, the new version will be posted at https://kborndorff.github.io/local-cycle/privacy.html with a revised effective date. Because there is no account system, we cannot notify you by email โ please check this page if you have questions about data practices after an app update.
The core commitment โ no network access, no third-party data collection, all data encrypted on-device โ will not change without a major version bump and prominent in-app disclosure.
11. Contact
Questions about this privacy policy or data practices? Email kborndorff@gmail.com.