Privacy Policy
Last updated: 15 April 2026
1. About us
MB muuza ("Muuza", "we", "us", "our"), a private limited company registered in Lithuania under company code 307090074, is the data controller for the personal data described in this Privacy Policy. We operate:
The Muuza mobile application for iOS and Android
The Muuza website at muuza.io
The Muuza doctor portal at clinic.muuza.io, used by clinicians at partner clinics
If you have any questions about this policy or how we handle your data, please contact us at info@muuza.io.
2. Scope of this policy
This policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, and the choices and rights you have. It applies to all Muuza products listed above. Where there are differences between the website, app, and doctor portal, we make that clear below.
Muuza is a wellness and symptom-tracking tool. It is designed to help users notice patterns in their reproductive and intimate health and to support informed conversations with healthcare professionals. Muuza does not diagnose medical conditions, does not prescribe treatment, and is not a substitute for professional medical advice, diagnosis, or treatment.
3. The personal data we collect
3.1 When you use the Muuza app
Depending on how you use the app, we may collect:
Account data (only if you register): email address, password (stored as a cryptographic hash, never in plain text), display name if you choose to provide one.
Anonymous identifier: if you use the app without registering, we generate an anonymous identifier so your entries stay linked to your device. We do not know who you are.
Health-related data you provide: survey responses about your menstrual cycle, discharge, pregnancy status, symptoms, and related questions. Photos of discharge that you choose to capture for analysis. Notes or free-text you add.
Results of automated analysis: the outputs our system generates based on your inputs (for example, a pattern that is consistent with a common condition, or a suggested urgency level for following up with a clinician).
Device and technical data: device type, operating system version, app version, language, crash and diagnostic logs, approximate connection information. We do not collect your precise location.
Usage data: which screens you open, which surveys you complete, and similar interaction data used to improve the app.
3.2 When you visit muuza.io
Device and browsing data: IP address, browser type and version, device type, operating system, time zone, referring site, pages viewed, and the time and date of your visit.
Cookies and similar technologies: see Section 9.
Contact and form data: if you contact us, subscribe to updates, or request a demo, we collect the name, email address, organisation, and any other information you voluntarily provide.
3.3 When a clinician uses the Muuza doctor portal
Account data: work email, name, specialty, and the clinic they are affiliated with.
Authentication data: password hash, session tokens, login logs.
Access records: which patient reports were viewed and when, for clinical safety and audit.
4. Special category (health) data
Most of the data you enter in the Muuza app is health-related data, which is a special category of personal data under the EU General Data Protection Regulation (GDPR), Article 9.
We only process your health-related data where you have given us your explicit consent at the point you provide the information. You can withdraw that consent at any time by deleting your data from within the app (Settings → Delete My Data) or by contacting us at info@muuza.io. Withdrawing consent does not affect the lawfulness of processing carried out before you withdrew it.
5. Why we process your data and the legal bases we rely on
6. Automated analysis and model improvement
When you submit a survey or photo, the app runs automated analysis to surface educational insights about patterns in your inputs. This analysis is not a medical diagnosis. It is designed to help you decide whether to discuss your symptoms with a healthcare professional. You always remain in control: you decide whether to submit a survey, and you decide whether to share any result with a clinician.
This automated processing does not produce legal or similarly significant effects on you within the meaning of GDPR Article 22. If you would prefer not to receive automated insights, you can stop using the relevant features at any time.
Using your data to improve Muuza’s models. By default, we do not use your personal data — including your survey responses, photos, or results — to train or retrain our analysis models.
You can choose to help improve Muuza by opting in from the Settings screen. If you opt in, we may use your submitted data, including images and survey responses, to train and improve our analysis models. Opting in is entirely voluntary, you can turn it off at any time, and refusing or withdrawing does not affect your access to any feature of the app.
If you withdraw consent, we stop using your data for model training from that point forward. Data that has already been incorporated into a trained model cannot technically be removed from that model, but no new training runs will include your data.
7. How we share your data
We do not sell your personal data. We do not share your personal data with advertisers.
We share limited personal data with the following categories of recipients, only as needed to run the service:
Technology providers (sub-processors): we use Google Ireland Limited (Firebase and Google Cloud services) to host the app backend, store data, run authentication, and process automated analysis. Our infrastructure is configured so that user data is stored within the European Union.
Partner clinics: if you choose to share a report with a clinician at a partner clinic, the clinician accesses that report through the Muuza doctor portal. The clinic is a separate data controller for the clinical use it makes of the report once shared.
Professional advisers: lawyers, accountants, and auditors bound by confidentiality, when reasonably required.
Authorities: law enforcement, regulators, or courts where we are legally obliged to disclose information, or where we believe in good faith that disclosure is necessary to protect our rights, comply with a legal process, or protect the safety of users or the public.
Successors in a corporate transaction: if Muuza is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify users if their data becomes subject to a different privacy policy as a result.
We require all recipients acting on our behalf to handle your data in line with this policy and applicable data protection law.
8. Where your data is stored
Personal data collected through the Muuza app and doctor portal is stored on infrastructure located within the European Union (multi-region EU for databases and europe-west1 for storage and processing).
If any processing ever requires a transfer outside the European Economic Area, we rely on appropriate safeguards recognised under GDPR, such as the European Commission’s Standard Contractual Clauses, and we apply additional technical measures where appropriate.
9. Cookies and similar technologies
The Muuza website uses cookies and similar technologies to make the site work, remember your preferences, and understand how visitors use the site so we can improve it.
The Muuza mobile app does not use browser cookies. It uses standard mobile-app local storage to keep you signed in and to cache data between sessions.
You can control cookies through your browser settings. Blocking some cookies may affect how parts of the website function.
10. How long we keep your data
Active account data and logs you have entered: while your account is active. If you use the app anonymously, data associated with your device’s anonymous identifier is kept until you request deletion or reinstall the app.
Data after a deletion request: when you request deletion (from within the app or by emailing info@muuza.io), we remove your personal data from our active systems within 30 days. Some data may remain in encrypted backups for a short additional period before being overwritten on our standard backup rotation.
Clinician account and audit logs: kept for the duration of the clinic relationship and, after termination, for the period required to meet our legal and contractual obligations to the clinic.
Contact and support correspondence: kept for up to 3 years after the last interaction so we can evidence and follow up on past conversations.
Data we are required to keep: any data we are legally required to retain (for example, to meet regulatory or accounting obligations) will be kept for the period required by the relevant law.
11. Your rights
Under GDPR and equivalent laws, you have the following rights in respect of your personal data:
The right to be informed about how we use your data (this policy).
The right of access to the personal data we hold about you.
The right to rectification if your data is inaccurate or incomplete.
The right to erasure ("right to be forgotten").
The right to restrict processing in certain circumstances.
The right to data portability: to receive your data in a structured, commonly used, machine-readable format.
The right to object to certain processing (including processing based on legitimate interest).
The right not to be subject to solely automated decisions that produce legal or similarly significant effects on you. As described in Section 6, we do not believe the app’s automated analysis produces such effects, but if you disagree we will review on request.
The right to withdraw consent at any time, where we rely on consent. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at info@muuza.io. We will respond within one month. We may ask you to verify your identity before acting on your request.
You also have the right to lodge a complaint with a data protection supervisory authority in the European Economic Area country where you live or work, or where you believe a breach of data protection law has occurred. A list of authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
12. Security
We take the protection of your data seriously. Measures we use include:
Encryption of data in transit using TLS
Encryption of data at rest on our infrastructure
Access controls and authentication for team members who may need access to systems that hold personal data
EU-only storage for app and doctor-portal data
Separation of clinician accounts from patient data so access is only granted to a report when the user chooses to share it
Regular review of our technical and organisational security measures
No system is perfectly secure. If we become aware of a data breach that affects your personal data and creates a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, you.
13. Links to other websites
Our website and communications may contain links to other websites or services that are not operated by Muuza. We are not responsible for the content or privacy practices of those other sites. We encourage you to review the privacy policy of any site you visit.
14. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of the policy and, where appropriate, notify you in the app, by email, or on our website. We encourage you to review this policy periodically.
15. Contact
If you have questions about this Privacy Policy or how we handle your data, or if you would like to exercise any of your rights, please contact us:
Email: info@muuza.io
Postal: Muuza, M. Valančiaus g. 17, LT-00134, Vilnius, Lithuania