top of page

Disclaimer, Privacy Policy & Terms of Service

Disclaimer

This app is designed to provide general emotional support and wellness information only. It does not provide medical, psychological, or therapeutic advice, diagnosis, or treatment, and using it does not create a therapist–client or doctor–patient relationship. Always seek the guidance of a qualified healthcare or mental health professional with any questions you have about your physical or emotional health, and never ignore or delay professional advice because of something you read or experience in this app. If you are in crisis or think you may harm yourself or others, contact your local emergency services or a crisis hotline immediately.

  • Not a medical or therapy service: Clearly state that the app does not provide medical, psychological, or therapeutic advice, diagnosis, or treatment, and does not create a doctor–patient or therapist–client relationship.

  • No emergency or crisis support: Explain that the app cannot be used in emergencies, and users in crisis should contact local emergency services or crisis hotlines immediately.

  • AI, not a human professional: Disclose that users are interacting with an AI system, not a licensed clinician, and that responses may be incomplete, inaccurate, or not tailored to their full medical history.

  • Encouragement to seek professional care: Reiterate that any health or mental health concerns should be discussed with a qualified healthcare or mental health professional, and that the app is for support/education only.

  • Data privacy and limitations: Describe what data is collected, how it is stored and used, its limits (e.g., not monitored in real time), and that users should avoid sharing information they are not comfortable disclosing.

  • Age restrictions: Specify that the app is not intended for minors (for example, under 18) and that underage users should not use it without appropriate guardian and professional involvement.

  • No guarantees of outcomes: Clarify that you do not guarantee improvements in mental health, symptom reduction, or specific results from using the app.

Privacy Policy

1. Introduction

Cayla ("we," "us") is an AI wellness app for women aged 40-60 navigating perimenopause/menopause, available in English, Spanish, and French. This Privacy Policy explains how we collect, use, and protect your data. Effective: 14 March 2026. EU/France contact: Tanya Bamber, 19 Chemin des Moulins, 33590 Saint-Vivien-de-Medoc, FRANCE. Email: support@cayla-app.com. GDPR: We are the data controller; processing is lawful under consent (Art. 6(1)(a)) and explicit consent for health data (Art. 9(2)(a)).

 

2. Data Collected

  • Personal data: Name, email, age range (40-60), device ID, IP address, language preference.

  • Wellness data (special category under GDPR): Symptom logs, journal entries, chat history with Cayla AI, mood tracking, notification interactions.

  • Usage data: App sessions, feature usage (e.g., Quick Reads views), 30-day symptom visuals.

  • Collected via app forms, AI interactions, and device permissions. No medical records unless you voluntarily input them (discouraged).

 

3. Lawful Basis and Purposes (GDPR Art. 13)

PurposeData UsedLawful Basis (GDPR)

Personalize Cayla AI chats/responsesWellness + personal dataExplicit consent (Art. 6(1)(a), 9(2)(a))

Generate Insights/30-day visualsAnonymized wellness dataLegitimate interest (Art. 6(1)(f)); opt-out available

Send notificationsPreferences + usageConsent (Art. 6(1)(a)); withdraw anytime

Improve app (aggregated analytics)Anonymized usage dataLegitimate interest (Art. 6(1)(f))

Comply with law/support queriesRelevant dataLegal obligation (Art. 6(1)(c))

AI Note: Cayla uses AI for response generation (no solely automated decisions with legal effects per GDPR Art. 22; human oversight possible via support).

 

4. Data Sharing

  • Processors: Secure third parties (e.g., AWS for hosting, encrypted; Firebase for notifications) under DPAs (Art. 28).

  • No sales: Never sell/share for marketing (CCPA "sale" opt-out not applicable).

  • Legal: Only for subpoenas/emergencies (Art. 6(1)(c)).

  • EU transfers: Within EEA or with SCCs/adequacy (e.g., to US servers).

 

5. Cookies & Tracking

Essential (app function), analytics (opt-in consent). Manage in app settings. GDPR: Consent banner required.

 

6. Data Security (GDPR Art. 32)

Encryption (AES-256 at rest/transit), access controls, pseudonymization for wellness data, annual audits. Report breaches within 72 hours (Art. 33). No 100% security guarantee.

​

7. User Rights (GDPR Chapter III & CCPA)

  • Access, rectify, erase (right to be forgotten): Free request via app/email; response in 1 month (extendable).

  • Restrict/object/port: Including to AI processing.

  • Withdraw consent: Anytime, no effect on prior processing.

  • CCPA (CA residents): Know/delete/opt-out of sharing; verifiable requests.

  • DPO contact: support@cayla-app.com. Complain to CNIL (cnil.fr).

 

8. Data Retention

As needed: Active accounts indefinite (until deletion); inactive 24 months auto-delete. Journals/Insights: Until erased. Logs for legal: 5 years max.

 

9. Children's Privacy

Not for under-18s (COPPA/GDPR). No knowing collection from minors.

 

10. International Transfers

EU data stays in EEA where possible; non-EEA uses EU SCCs + TIA (Art. 46).

 

11. Changes

30-day notice via app/email. Continued use = consent.

 

12. Contact

support@cayla-app.com | 19 Chemin des Moulins, 33590 Saint-Vivien-de-Medoc, FRANCE.

Terms of Service

1. Acceptance of Terms

By accessing or using Cayla, you agree to these Terms, our Privacy Policy, and any updates. They form a binding contract. EU users: You have a 14-day cooling-off period for any paid features under EU consumer laws. US users: California residents have CCPA rights (see User Rights section). If you don't agree, stop using the app. We'll notify of changes via app/email/push; continued use means acceptance (EU: 30-day notice for material changes).

​

2. Description of Service

Cayla provides AI-driven emotional support for women aged 35-55 in perimenopause/menopause, with Journal, Symptom Tracker, Chat, Insights, Tips & Resources, and notifications in English, Spanish, and French. It's educational and supportive only—not medical, therapeutic, or diagnostic. No doctor-patient relationship is created.

​

3. User Accounts and Eligibility

You must be 18+ (EU/US legal age of majority). Provide accurate info; you're responsible for security. We may verify age/location. Accounts can be suspended/terminated for violations. EU: Right to object or erase under GDPR. US: No collection from minors under COPPA.

​

4. User Conduct and Content

Use respectfully—no illegal, harmful, or discriminatory activity. You retain ownership of your content (e.g., journals) but grant us a worldwide, royalty-free license for app functionality, improvements, and anonymized analytics. EU: Processing limited to stated purposes (GDPR Art. 5). Remove sensitive health data yourself; we process as wellness info, not medical records (HIPAA-inapplicable as non-covered entity).

​

5. Prohibited Uses

No reverse-engineering, automated scraping, commercial use, or emergency/crisis reliance. Comply with export controls (US/EU). No harmful inputs (e.g., promoting self-harm).

​

6. Intellectual Property

App content is our property or licensed. Personal, non-commercial use permitted. EU/US: Fair use/fair dealing exceptions apply narrowly.

​

7. Third-Party Links and Services

External links/resources are not endorsed; review their terms. Push notifications may use third-party services (e.g., Firebase)—their privacy policies apply.

​

8. Disclaimers

Provided "as is" without warranties (express/implied, including merchantability/fitness). AI may err; not liable for decisions. Not medical advice—consult professionals. EU: Mandatory consumer guarantees apply. US: No HIPAA obligations.

 

9. Limitation of Liability

No indirect/consequential damages (lost profits, health issues). Liability capped at €100/$100 or fees paid in 12 months. EU: Cannot exclude liability for death/injury, gross negligence, or GDPR fines. US: California users retain CCPA private right of action. Emergencies: Contact professionals immediately.

​

10. Termination

We may terminate for violations with notice (EU: reasons provided). You can delete anytime; data handled per Privacy Policy (EU: right to erasure).

​

11. User Rights (EU & US Specific)

  • EU (GDPR): Access, rectify, erase, restrict, port, object to processing. Contact DPO at support@cayla-app.com. Complaints to CNIL (France).

  • US (CCPA/CPRA): California residents—know/request/delete/sopt-out of "sale" (we don't sell data). Non-discrimination. Verify via verifiable request.

  • All: Opt-out of non-essential cookies/notifications in settings.

 

12. Governing Law and Disputes

French law governs (EU users). US users: Subject to local mandatory laws (e.g., CCPA). EU disputes: EU Online Dispute Resolution (ODR) platform or Bordeaux courts. US: Binding arbitration (AAA rules, individual basis, no class actions) in Delaware; opt-out within 30 days.

​

13. Changes to Terms

30-day notice (EU standard); check app for updates.

​

14. Contact

Email support@cayla-app.com. EU DPO: support@cayla-app.com. US: support@cayla-app.com (CCPA).

bottom of page