Privacy Policy
Selene is a nutritional guidance and supplement subscription platform. We designed our data architecture around the sensitivity of menstrual and hormonal health data — not as a compliance checkbox, but as a core product value.
Last updated May 2026 · Selene by Steps Ventures LLC · New York, NY
The short version
Your cycle data, hormone profile, and health answers live on your device. We cannot access them.
Period dates are never transmitted to our servers — by design.
We store only your email when you subscribe, plus a non-identifiable tier label.
Wearable data (Oura, Apple Health) is processed in real time and not persisted on our servers.
We will never sell, share, or license your health data. Not now, not after acquisition.
You can delete all data — local and server-side — at any time.
Selene is operated by Steps Ventures LLC, a New York limited liability company. “Selene,” “we,” “us,” and “our” refer to Steps Ventures LLC and the Selene application available at selene.stepsventures.com.
Selene is a nutritional supplement guidance and subscription platform. We are not a healthcare provider, medical practice, pharmacy, or clinical service. Nothing in this application or its communications constitutes medical advice, diagnosis, or treatment. See our Terms of Service for the full medical disclaimer.
The following data is stored exclusively in your browser's local storage. We have no technical access to it. It does not leave your device unless you explicitly choose to sync it.
Cycle dates, period start dates, and cycle length estimates
Hormonal profile assessment answers (symptoms, goals, lifestyle flags)
Daily supplement log entries
Onboarding responses (conditions, medications noted, dietary preferences)
We collect your email address, your chosen subscription tier label, and billing confirmation signals from our payment processor. We do not store payment card data — all payment processing is handled by Stripe (PCI-DSS Level 1 certified).
If you choose to connect an Oura Ring or other wearable integration, we access the following data types under your explicit OAuth authorization:
Oura Ring: Daily readiness score, sleep summary (total sleep, REM, deep sleep duration), heart rate variability (HRV), resting heart rate, and skin temperature deviation. We request the minimum scope required to personalize your supplement stack (“daily” and “personal” scopes only).
Apple Health (future): Cycle tracking data you explicitly export, sleep analysis, and HRV. Apple Health integrations require your in-app approval for each data type separately.
How wearable data is handled: Wearable data is fetched at session load and used in real time to adjust your supplement recommendations. It is not stored on our servers in persistent form. If you disconnect a wearable integration, we immediately cease all data access. You can revoke Oura authorization at any time via your Oura account settings at cloud.ouraring.com.
Selene's use of data from the Oura API complies with the Oura API Terms of Service. We use Oura data solely to provide and improve the nutritional personalization features you have requested. We do not use Oura data for advertising, sell Oura data to third parties, or retain Oura data beyond your active session.
We use PostHog and Google Analytics 4 for product analytics. These tools collect anonymized behavioral data: pages visited, features used, session duration. All health-related pages (profile, today's pack, log) are excluded from analytics tracking. Inputs are masked. No health data is captured by analytics tools.
We do not collect: precise pregnancy status, abortion history, sexual activity data, genetic information, insurance information, clinical diagnosis data, or any data that could constitute a menstrual surveillance record actionable under state law.
Designed for a post-Dobbs world: Period dates and cycle history are stored only on your device by design. There is nothing on our servers to subpoena. If you are concerned about device-level data, you can reset your profile at any time from the Profile page — this deletes all local data immediately.
Health data: no one. We will never sell, license, transfer, or share your health information — including wearable data, hormonal profile data, or supplement log data — with insurers, employers, pharmaceutical companies, data brokers, research institutions, advertisers, or any third party, under any circumstances including company acquisition.
Infrastructure providers (email and account data only):
Supabase — database and authentication (SOC 2 Type II; US data center)
Resend — transactional email delivery
Vercel — application hosting and edge delivery
Stripe — payment processing (PCI-DSS Level 1; no card data stored by us)
These providers receive only what is necessary to deliver their service. None receive health data.
Legal compulsion: We may disclose account-level data (email, subscription status) if required by valid legal process. Because we do not store health data, there is nothing health-related to disclose.
Right to access: request a copy of all data we hold about you
Right to deletion: request deletion of all server-side data within 30 days
Right to correction: request correction of inaccurate account data
Right to portability: request your data in machine-readable format
California residents have the right to know what personal information we collect, the right to delete it, the right to opt out of sale (we do not sell personal information), and the right not to be discriminated against for exercising these rights.
Our legal basis for processing your email address and account data is contract performance (to provide the subscription service you requested). You have the right to withdraw consent, restrict processing, and lodge a complaint with your supervisory authority.
Device-stored data persists until you reset your profile or clear your browser data. We have no copies.
Server-side data (email, subscription tier) is retained while your account is active and for 90 days after cancellation for billing dispute purposes. To request earlier deletion, email privacy@stepsventures.com.
Anonymized analytics data is retained for 24 months in aggregated form only.
Selene includes a “Just Beginning” profile for teens aged 13–17 with adjusted ingredient safety thresholds. We do not knowingly collect personal information from anyone under 13. If you are under 13, please do not use Selene. Users between 13–17 should have a parent or guardian review this policy before use.
All data in transit is encrypted via TLS 1.3. Server infrastructure (Supabase) maintains SOC 2 Type II compliance. We do not store passwords — authentication uses email magic links or OAuth only. Wearable OAuth tokens are stored encrypted and scoped to minimum required permissions.
We will notify subscribers by email at least 30 days before any material change that weakens the privacy protections described here, providing the ability to delete accounts before any change takes effect. Minor clarifications and non-material updates may be made without notice.
Privacy questions or rights requests: privacy@stepsventures.com
Steps Ventures LLC · New York, NY
Response within 10 business days.