Last Updated: January 1, 2026

Privacy Policy

LYNA CAM UK Limited ("LYNA", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains what data we collect, how we use and protect it, and the rights you have over your information.

Our practices are designed to comply with the UK GDPR, EU GDPR, CCPA/CPRA, COPPA, and other applicable data protection laws.

1. Information We Collect

We collect only the information necessary to provide, personalis, and improve LYNA.

1.1 Personal Information

• Name and email address
• Date of birth or age range (for eligibility and personalization)
• Account login credentials and security information
• Optional profile details such as display name or avatar

1.2 Health & Wellness Information (Optional)

LYNA focuses on wellness and performance insights. You may choose to provide:

• Menstrual cycle data (cycle dates, symptoms, flow intensity)
• Wellness and lifestyle inputs (energy, mood, sleep, stress, training)
• Nutrition, hydration, and meal logs
• Personal notes related to wellness or performance goals

Some of this data may be considered sensitive under privacy laws. We only process it with your consent and where legally permitted

1.3 Device & Usage Information

• Device type, operating system, language settings
• App usage data (features used, session duration)
• Crash reports and diagnostics
• IP address and general location (country/region only, no precise GPS unless enabled)

1.4 Cookies & Similar Technologies

We use cookies and similar technologies to:

• Enable core functionality
• Remember preferences
• Measure and improve performance

More details are available in our Cookie Policy at lyna.cam/cookie-policy.

2. Face Data & Facial Analysis (Wellness Only)

Important: LYNA does not provide medical diagnosis or treatment. Face data is used solely for wellness personalization.

What We Collect

• Selfies captured via the in-app camera
• Facial analysis metrics such as:

• Skin tone and undertone
• General complexion indicators
• Facial symmetry measurements
• Lighting quality assessment

What We Do NOT Collect

• Biometric identifiers or facial recognition data
• Face ID or authentication templates
• Permanent facial fingerprints
• Identification or verification data

How We Use Face Data

• Personalized wellness recommendations
• Cycle phase correlation insights
• Hydration and lifestyle suggestions
• Optional progress tracking over time
• Image quality checks for accurate analysis

What We Never Use Face Data For

• Medical diagnosis
• Identity verification
• Advertising or marketing
• Selling or sharing with third parties
• Training external AI models

Storage & Security

• Stored locally on your device using encrypted storage
• Optional encrypted cloud backup (AWS UK/EU)
• AES-256 encryption at rest
• TLS 1.3 encryption in transit

Retention

• Active accounts: retained while enabled
• Inactive accounts (12 months): automatically deleted
• Account deletion: permanently deleted within 30 days
• Temporary processing data: deleted within 24 hours

Your Face Data Rights

• Active accounts: retained while enabled
• Inactive accounts (12 months): automatically deleted
• Account deletion: permanently deleted within 30 days
• Temporary processing data: deleted within 24 hours

Manage these settings in Settings → Privacy → Face Data Management or contact hello@lyna.com.

3. How We Use Your Information

We use your data to:

• Provide and personalise LYNA features
• Generate wellness insights and recommendations
• Send reminders and service-related communications
• Maintain security and prevent misuse
• Improve product performance and user experience
• Comply with legal obligations

4. Legal Bases for Processing

Where required, we rely on:

• Consent – for health and face data
• Contractual necessity – to provide the service
• Legitimate interests – to improve and secure LYNA
• Legal obligations – to comply with laws

5. Data Sharing & Disclosure

We Never Sell Your Data

Your personal, health, or face data is never sold.

Trusted Service Providers

Cloud Infrastructure: Amazon Web Services (AWS) – UK & EU
Analytics: Anonymised and aggregated only
Customer Support: Minimal access, only with consent

All providers operate under strict Data Processing Agreements.

Legal Disclosure

Data is shared only when legally required. You will be notified unless prohibited by law

Business Transfers

In the event of a merger or acquisition:

• You will be notified at least 30 days in advance
• Your rights remain protected
• You may delete your data prior to transfer

6. International Transfers

Data is primarily stored in the UK and EU. If transferred elsewhere, appropriate safeguards (such as Standard Contractual Clauses) are applied.

7. Data Retention Summary

Data Type

Face Data
Cycle & Wellness Data
Account Information
Support Communications
Anonymised Analytics
Temporary Processing Data

Retention Period

Until deletion or 12 months inactivity
Until deletion or 12 months inactivity
Until deletion + 30 days
2 years
Indefinite
Max 24 hours

8. Children’s Privacy

LYNA is not intended for children below the legal age of digital consent. We do not knowingly collect data from children without required consent.

9. Your Rights

Depending on your location, you may:

• Access your data
• Correct inaccuracies
• Request deletion
• Restrict or object to processing
• Export your data
• Withdraw consent

Requests can be made in-app or via hello@lyna.com.

10. AI & Wellness Disclaimer

LYNA uses AI to generate wellness insights. Outputs are informational only and not medical advice. Always consult a healthcare professional for medical concerns.

11. Marketing Preferences

You control marketing communications via:

• App settings
• Unsubscribe links App settings
• Contacting hello@lyna.com

12. Regional Rights

GDPR (UK, EEA, Switzerland)

Includes rights of access, correction, deletion, portability, objection, and complaint to the ICO.

California (CCPA/CPRA)

Includes rights to know, delete, correct, and limit use of sensitive data. We do not sell data.

13. Biometric & Face Recognition Clarification

LYNA does not use facial recognition or biometric identification technologies and complies with applicable biometric privacy laws.

14. Security Measures

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Role-based access controls
• Multi-factor authentication
• Regular security audits
• Incident response procedures

15. Third-Party Integrations

Optional integrations include:

• Apple Health / Google Fit (user-authorized only)
• Anonymised analytics services
• Secure payment processors (PCI compliant)

16. Changes to This Policy

We will notify you of material changes via the app, email, or website with at least 30 days’ notice.

Contact

Email: hello@lyna.com
Data Protection Officer: dpo@lyna.com

By using LYNA, you acknowledge that you have read and understood this Privacy Policy