Privacy Policy | Phaes
Phaes
Back to tryphaes.com

Privacy Policy

Last updated: May 22, 2026

Phaes is operated by Silver Mountain Technologies ("we," "our," or "us"). The Phaes mobile application ("Phaes" or the "Services") helps runners train in sync with their menstrual cycle. This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have.

Phaes handles sensitive health information, including menstrual-cycle and training data. We treat that data with care, we do not sell it, and we do not use advertising or third-party tracking software in the app.

1. Information We Collect

Account Information

When you create an account, we collect your email address. If you sign in with Apple or Google, we receive the name and email address those services provide (you can choose to hide your email with Sign in with Apple). If you register with an email and password, your password is stored only as a salted cryptographic hash, never in plain text.

Health and Fitness Information

Phaes is built around training and menstrual-cycle data. Depending on what you choose to log, we may collect and store:

  • Training profile: birth year, height, weight, running experience, typical weekly mileage, preferred training and rest days, strength-training preferences, goal race distance and date, and injury notes
  • Menstrual-cycle data: average cycle and period length, last period start date, contraception or hormone-therapy type, and daily logs of menstrual flow, spotting, basal body temperature, cervical mucus, and symptoms
  • Hormone information: hormone lab results and hormone-therapy (HRT) regimen details, if you choose to enter them
  • Training activity: planned and completed workouts, including distance, duration, heart rate, perceived effort, strength-training sets, GPS routes for logged runs, and your notes
  • Daily check-ins: ratings for energy, mood, soreness, sleep quality, motivation, stress, and recovery, along with any notes
  • Health metrics: heart-rate variability, resting heart rate, sleep, steps, and body-composition figures such as weight, lean body mass, and body-fat percentage

Information Collected Automatically

When your device communicates with our servers, we receive standard technical information such as your IP address, device type, operating system, app version, and the time of access. We use this to operate, secure, and troubleshoot the Services.

Phaes does not include any third-party analytics, telemetry, crash reporting, or advertising software. We do not track your activity across other apps or websites.

Purchase Information

When you subscribe, we receive your subscription status, product identifier, the store used, and renewal or expiration dates. Payment card details are handled entirely by the Apple App Store or Google Play and our payments partner; we never receive or store your full payment information.

2. Apple Health and On-Device Data

On iOS, Phaes can read data from Apple Health (HealthKit) so you do not have to enter everything by hand. This may include workouts, heart rate, heart-rate variability, sleep, steps, menstrual-cycle data, and body-composition measurements.

We request access to Apple Health only with your explicit permission, and only for the specific data types you approve. Health data stays on your device until you use a feature that syncs it to your Phaes account. You can review or revoke Phaes's access to Apple Health at any time in the iOS Settings app. Health data accessed through Apple Health is never used for advertising and is never sold.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Generate, adapt, and adjust your cycle-synced training plans and insights
  • Sync data you choose to import from Apple Health
  • Process subscriptions and manage your access to paid features
  • Respond to support requests and send service-related messages
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

Aggregated and De-Identified Data

We may de-identify, anonymize, or aggregate the information described in this Policy so that it can no longer reasonably be used to identify you. De-identified and aggregated data excludes direct identifiers such as your name, email address, account ID, and device ID.

We may use and retain this de-identified and aggregated data, including on an indefinite basis, to analyze trends, conduct research, build, train, and improve machine learning models, and develop, evaluate, and improve the Services and our training-plan and cycle insight features. We do not sell de-identified or aggregated data, and we do not attempt to re-identify it. Where applicable law requires, we maintain such data in a form that does not permit re-identification and commit to not re-identifying it, except as permitted by law to test our de-identification practices.

This use of de-identified and aggregated data is separate from the third-party AI processing described in the next section: we do not use your identifiable health or cycle data to train third-party AI models.

4. Artificial Intelligence (Claude by Anthropic)

Phaes uses a third-party artificial intelligence (AI) service to generate and adapt personalized training plans and related coaching content. We use the Claude AI service operated by Anthropic, Inc. (548 Market St, PMB 90375, San Francisco, CA 94104).

How AI Requests Work

AI requests are sent from our servers to Anthropic, not directly from your device. When you generate or adjust a training plan, the following information may be sent to Anthropic:

  • Your training profile, such as goal race distance, experience level, preferred long-run and rest days, and strength-training preference
  • Your goal event date, if you have set one
  • The menstrual-cycle phase calculated for each day of the upcoming training block
  • Your recent weekly training-time targets
  • Which days you have already completed or locked, and any day adjustments you have requested

We do not send direct identifiers, such as your name, email address, account ID, or device ID, to Anthropic. Data is transmitted solely to generate a response.

Data Protection by the AI Provider

Anthropic encrypts data in transit, does not use data submitted through its API to train its models, and applies the data retention practices described in its Privacy Policy.

Consent and Control

We obtain your explicit consent before AI-powered features are activated, with a clear disclosure of what is shared and with whom. You may withdraw consent at any time in the app's Settings. Withdrawing consent disables AI-powered plan generation but does not affect other features of the app.

5. Third-Party Services

We rely on a small number of third-party providers to operate the Services. Each receives only the information needed for its function:

  • Anthropic, Inc.: AI processing for training-plan generation, as described above. Privacy Policy
  • RevenueCat: Manages and validates subscriptions and receives your subscription status and a Phaes account identifier. Privacy Policy
  • Apple and Google: Provide Sign in with Apple and Sign in with Google, and process App Store and Google Play payments, subject to their own privacy policies.
  • Apple Maps: Renders the map for logged-run routes. Coordinates needed to draw the route may be processed by Apple to display the map.

Phaes may also use a code-update service to deliver minor app updates, which receives only your app version and basic device information.

6. No Advertising or Sale of Data

Phaes is supported by subscriptions, not advertising. We do not display third-party ads, we do not use advertising identifiers, and we do not sell or rent your personal information. We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

7. Data Sharing and Disclosure

Beyond the providers listed above, we may share information:

  • Service Providers: with companies that host infrastructure or provide support on our behalf, under confidentiality obligations
  • Legal Requirements: when required by law, court order, or governmental authority
  • Business Transfers: in connection with a merger, acquisition, or sale of assets
  • Safety: to protect the rights, property, or safety of our users or the public

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. You may request deletion of your account and associated data at any time (see Section 11). We may retain limited information where required by law or to resolve disputes and enforce our agreements.

9. Data Security

Your data is stored on secured servers and transmitted over encrypted (HTTPS) connections. Authentication tokens are stored in your device's secure storage (the iOS Keychain or Android encrypted storage). We implement technical and administrative safeguards to protect your information; however, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Phaes is operated from the United States, and your information is stored and processed there. If you use the Services from outside the United States, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than your country of residence.

11. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Access: request a copy of the personal information we hold about you
  • Correct: request correction of inaccurate information
  • Delete: request deletion of your account and personal information
  • Portability: request your data in a portable format
  • Withdraw consent: withdraw consent where processing is based on consent, including for AI features and Apple Health access

To exercise these rights, contact us at smtn.techologies@gmail.com. We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your privacy rights.

12. California Privacy Rights (CCPA/CPRA)

California residents have rights to know, delete, and correct personal information under the California Consumer Privacy Act, as amended.

Categories of information collected: identifiers (such as email address), health and fitness information, commercial information (subscription records), internet and device activity, approximate location inferred from IP address, and inferences drawn from the above.

Sale or sharing: we do not sell your personal information and do not share it for cross-context behavioral advertising.

13. Other U.S. State Privacy Rights

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and obtain a copy of their personal information. Contact us to exercise these rights.

14. Children's Privacy

Phaes is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at smtn.techologies@gmail.com and we will delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last updated" date. Material changes may also be communicated within the app. Your continued use of the Services after an update constitutes acceptance of the revised policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Silver Mountain Technologies
1500 N Grant St # 4604
Denver, CO
Email: smtn.techologies@gmail.com