Privacy Policy

Last updated: 15 April 2026

1. Who We Are

Menodiary is operated by Now (AUST) Pty Ltd, ABN 59 111 630 963, Suite 12, 104 Gympie Road, Strathpine QLD 4500, Australia ("we", "us"). We are the data controller.

Contact: privacy enquiry form

2. Data We Collect

Account: Email, name, DOB (optional), screen name.

Health data (special category under GDPR): Symptoms (MRS scores), lifestyle factors, mood, menstrual data, episodes (panic, hot flushes), notes. Legal basis: your explicit consent (GDPR Art. 9(2)(a)).

Doctor info: GP name, practice, email, phone — voluntarily provided.

Quiz data: Responses captured progressively as you answer, email if provided, IP, browser. Stored even if incomplete.

Technical: IP, browser, device, pages visited, timestamps (server logs + session cookies).

Community: Forum posts, replies, private messages, reports. Screen name visible, email private.

3. How We Use Your Data

  • Provide the Service (tracking, reports, insights, partner linking)
  • Personalise content to your menopause stage
  • Pattern Spotter: analyse YOUR data only for lifestyle-symptom correlations (never shared)
  • GP reports: generated and sent only at your request
  • Communications: OTP codes, password resets, quiz results, service updates
  • Safety: display red-flag warnings for concerning symptom combinations
  • Improvement: aggregated, anonymised data only

4. Legal Basis (GDPR / APPs)

  • Consent: Health data, marketing, quiz capture
  • Contract: Account management, billing, service delivery
  • Legitimate interest: Security, fraud prevention, anonymised analytics

Under Australian law, we comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs). Health information is treated as sensitive information under APP 3.

5. Data Sharing

We do not sell your data. Ever.

  • Partner: Only data you explicitly share via Partner Linking
  • Doctor: Only when you request a report be sent
  • Stripe: Payment data only (PCI DSS compliant)
  • Law enforcement: Only if required by valid legal process

No advertising networks, Google Analytics, Facebook pixels, or third-party tracking.

6. Cookies

Essential cookies only:

  • Session (PHPSESSID): Login session. Expires on logout/inactivity.
  • Theme (menodiary_theme): Light/dark mode preference.
  • Consent (menodiary_consent): Records cookie acceptance.

No advertising, tracking, or third-party analytics cookies.

7. Storage & Security

Data stored in Germany (IONOS data centre, European Union). Encrypted in transit (TLS). Passwords hashed (bcrypt, cost 12). Access restricted to authorised personnel.

8. Retention

  • Account + health data: While account active. Deleted within 30 days of deletion request.
  • Quiz data: Retained for lead-gen. Request deletion via email.
  • Audit logs: 2 years, then purged.
  • Forum posts: Anonymised after account deletion.

9. Your Rights

Under GDPR, the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and applicable laws:

  • Access: Request a copy of your data
  • Rectification: Correct data via Profile or contact us
  • Erasure: Delete your account and data
  • Portability: Export in JSON/CSV from Profile
  • Restrict/Object: Limit processing
  • Withdraw consent: For health data (effectively deletes it)

Exercise rights via Profile page or email privacy enquiry form.

10. Children

Not for anyone under 18. We will delete accounts of minors if discovered.

11. International Transfers

Data processed in Germany (IONOS data centre, European Union). Now (AUST) Pty Ltd (Australia) complies with GDPR for EU residents and with the APPs for Australian residents.

12. Complaints

Now (AUST) Pty Ltd
Suite 12, 104 Gympie Road, Strathpine QLD 4500, Australia
Contact us (Privacy)

Unsatisfied? You may complain to the Office of the Australian Information Commissioner (OAIC).

13. Changes

Material changes notified via email. "Last updated" date indicates the latest revision.

← Home Terms of Service →