Last updated: June 2, 2026 Company: DiaFem | Platform: DiaFem.ai

Introduction

DiaFem ("we," "us," "our") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website DiaFem.ai (the "Site"), our mobile application, or any related services (collectively, the "Platform").

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Platform.

This policy applies to all users, including those in the United States, the European Union, the United Kingdom, and California. Where applicable, we comply with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and SOC 2 Type II security standards.

1. Information We Collect

Personal information you provide directly: Name, email address, date of birth, contact information, and account credentials submitted during registration or via forms.

Protected health information (PHI): Symptom data, cycle information, lab results, wearable data, biomarker data, medication and treatment history, clinician visit summaries, and any other health-related information you share with the Platform. This information is treated as PHI under HIPAA and is subject to the highest level of protection.

Automatically collected information: Usage data, IP address, device and browser type, log data, session duration, and analytics data collected through cookies and similar technologies.

Wearable and third-party integrations: If you connect a wearable device or third-party health app (such as Apple Health, Fitbit, or Oura), we collect the data you authorize from those integrations, including sleep, heart rate, activity, and recovery metrics.

2. How We Use Your Information

We use your information solely to provide and improve the Platform and your care experience. Specifically, we use it to:

Deliver personalized health protocols, daily guidance, and clinician visit summaries based on your health data. Operate, maintain, and improve the Platform and its features. Communicate with you regarding your account, care updates, and platform changes. Detect, prevent, and investigate fraud, abuse, or security incidents. Train and improve our AI models — using only de-identified, aggregated data, never individually identifiable health information, and only with your explicit consent where required. Comply with applicable legal and regulatory obligations.

We do not use your health data for advertising, marketing profiling, or any purpose unrelated to your direct care.

3. HIPAA Compliance

DiaFem operates as a HIPAA-compliant platform. We implement the following to protect your PHI:

We enter into Business Associate Agreements (BAAs) with all third-party vendors who access PHI on our behalf. All PHI is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 encryption. Access to PHI is restricted to authorized personnel on a strict need-to-know basis. We maintain audit logs of all access to PHI. In the event of a data breach involving PHI, we will notify affected individuals within 60 days as required by the HIPAA Breach Notification Rule.

Your full Notice of Privacy Practices (NPP) is available at DiaFem.ai/privacy-practices.

4. Data Sharing and Disclosure

We will never sell, rent, or trade your personal or health information to any third party for commercial purposes.

We may share your information only in the following limited circumstances:

With licensed clinicians and care team members on the Platform, solely to provide your care. With third-party service providers (such as cloud hosting, analytics, and communication services) who are contractually bound to confidentiality and HIPAA compliance where applicable. With your explicit consent, such as when you choose to share your health data with a connected third-party app or provider. When required by law, court order, or lawful request by a government authority. In connection with a merger, acquisition, or sale of substantially all assets — in which case you will be notified and your rights preserved.

We do not share your data with advertisers, data brokers, insurance companies, or employers under any circumstances.

5. Data Security

We implement and maintain industry-leading security measures including:

AES-256 encryption for all data at rest. TLS 1.2+ encryption for all data in transit. SOC 2 Type II certified infrastructure, audited annually. Multi-factor authentication for all account access. Role-based access controls limiting who can view your data. Regular penetration testing and vulnerability assessments. Secure data backup and disaster recovery protocols.

While we take every reasonable precaution, no method of data transmission or storage can be guaranteed to be 100% secure. In the event of a security incident, we will notify affected users promptly in accordance with applicable law.

6. Data Retention

We retain your personal and health information for as long as your account is active, or as long as necessary to provide the Platform's services, comply with legal obligations, resolve disputes, and enforce our agreements.

Upon account deletion, we will delete or de-identify your personal data within 30 days, except where retention is required by law. You may request deletion of your data at any time by contacting us at privacy@diafem.ai.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Platform, analyze usage patterns, and improve your experience. We use the following types of cookies:

Strictly necessary cookies — required for the Platform to function. These cannot be disabled. Analytics cookies — used to understand how users interact with the Platform. These are anonymized and aggregated. Preference cookies — used to remember your settings and personalization choices.

We do not use advertising or third-party tracking cookies. You may manage your cookie preferences at any time through your browser settings or our cookie preference center at DiaFem.ai/cookies.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal and health information:

All users: The right to access the personal information we hold about you. The right to correct inaccurate or incomplete information. The right to request deletion of your data. The right to withdraw consent at any time where processing is based on consent.

EU and UK users (GDPR): The right to data portability — receive your data in a structured, machine-readable format. The right to restrict or object to processing. The right to lodge a complaint with your local supervisory authority.

California users (CCPA): The right to know what personal information is collected, used, shared, or sold. The right to opt out of the sale of personal information — we do not sell personal information. The right to non-discrimination for exercising your privacy rights. To submit a verifiable consumer request, contact us at privacy@diafem.ai.

HIPAA rights: You have the right to access, amend, and receive an accounting of disclosures of your PHI.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it immediately. If you believe a minor has submitted information to us, please contact us at privacy@diafem.ai.

10. AI and Automated Decision-Making

Our Platform uses artificial intelligence to analyze your health data and deliver personalized recommendations. We want to be transparent about how this works:

Our AI surfaces patterns, flags risks, and generates recommendations — but all clinical decisions are reviewed and supported by licensed clinicians. No automated decision will adversely affect your access to care without human review. You have the right to request human review of any AI-generated recommendation. Our AI models are trained using de-identified, aggregated data only. Your individually identifiable health data is never used to train external AI models without your explicit consent.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and notify you via email or an in-platform notification for material changes. Your continued use of the Platform following notification constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at:contact@diafem.ai