Effective Date: 1 July 2025

At Sibyl, we are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal data through the Sibyl mobile application (the “App”).

1. Who We Are

This App is operated by Percipience B.V., a company registered in the Netherlands. Under GDPR, Percipience B.V. is the data controller for your personal data.

For any questions or concerns about your data or to delete your account, you can reach us at:

Email: support@sibyl.care

2. What Data We Collect

We may collect the following types of data:

• Personal Information: such as your email address and app usage preferences when you create an account or contact support.
  
  

• Health-Related Data: optional information you choose to share about your pregnancy loss experience and emotional state (see Section 13 for more detail on health information we collect).
  
  

• App Usage Data: anonymized technical data like device type, usage patterns, and session length to help us improve the app.

3. How We Use Your Data (Legal Basis)

We process your data on the following lawful bases:

• Consent: for storing and analyzing sensitive personal data you choose to provide within the app (e.g., emotional journaling, pregnancy loss context).
  
  

• Legitimate Interest: for ensuring the app functions properly, securing our systems, and improving performance. Certain analytics are processed under legitimate interest, subject to a balancing test. You may opt out of analytics in the app or by contacting us.
  
  

• Legal Obligation: if required to retain certain data by law or regulatory authorities.
  
  

You may withdraw your consent at any time by contacting us or deleting your account.

4. Use of Artificial Intelligence

Sibyl includes features powered by AI to offer emotional support and personalized journaling prompts.

• You are interacting with an AI system. The AI provides supportive guidance but has limitations and is not a substitute for professional medical or psychological care.
  
  

• The AI does not have access to your complete medical history and should not be relied upon for medical decisions.
  
  

• We partner with OpenAI to power our AI system. OpenAI may temporarily retain user inputs for up to 30 days for abuse monitoring and quality purposes, after which they are deleted. We do not use your data to train AI models, and OpenAI does not use inputs from our app for training purposes.
  
  

• We include in-app disclaimers reminding users that AI guidance is not professional advice.
  
  
  

5. Data Security and Storage

• Your data is encrypted in transit using industry-standard protocols (HTTPS/TLS).
  
  

• Data is stored securely on EU-based servers with access restricted to authorized personnel.
  
  

• We implement appropriate technical and organizational measures to prevent unauthorized access, misuse, or disclosure.
  
  
  

6. International Transfers

We do not transfer your personal data outside the European Economic Area (EEA). Any third-party services we use that process personal data are GDPR-compliant and bound by data processing agreements.

7. Your Rights Under GDPR

You have the following rights under GDPR:

• Right of access – to see what data we hold about you
  
  

• Right to rectification – to correct inaccurate or incomplete data
  
  

• Right to erasure – to request deletion of your data (“right to be forgotten”)
  
  

• Right to restrict processing – to limit how we use your data
  
  

• Right to data portability – to obtain a copy of your data in a standard format
  
  

• Right to object – to object to processing based on legitimate interests (including analytics)
  
  

• Right to lodge a complaint – with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise any of these rights, contact us at support@sibyl.care.

8. Data Retention and Deletion

• We retain your data only for as long as necessary to provide services or comply with legal obligations.
  
  

• Support emails are generally kept for up to 12 months unless needed longer to resolve a request.
  
  

• Security logs are retained for up to 12 months for system integrity and then deleted.
  
  

• You can request account and data deletion at any time via the app or by emailing support@sibyl.care. Your data will be deleted within 30 days unless legal obligations require us to retain it longer.
  
  
  

9. Children’s Data

This app is intended for use by adults only and is not directed at children under 18. We do not knowingly collect personal data from children.

10. Research and Insights

We may use aggregated and de-identified data (data that cannot be linked back to you) for research, statistical analysis, and to improve our services. Aggregated data is not considered personal data under GDPR.

11. Changes to This Policy

We may update this Privacy Policy periodically. If we make significant changes, we’ll notify you through the app or by email.

12. Contact

Percipience B.V.
Bergweg 265a
3037EM Rotterdam, Netherlands
Email: support@sibyl.care

13. Health Information We Collect

Sibyl may collect health-related data, including sensitive information, that you choose to share during your use of the app. This may include:

• Emotional and psychological experiences related to pregnancy loss (e.g., grief, anxiety, insomnia, depression)
  
  

• Physical symptoms you describe (e.g., cramping, bleeding, pain after a procedure)
  
  

• Other sensitive reproductive health information shared as part of journaling, onboarding, or AI-guided reflections
  
  

This information is considered sensitive personal data under GDPR and is processed only with your explicit consent.

We do not:

• Use this information for advertising
  
  

• Share it with third parties for marketing purposes
  
  

• Sell your data
  
  

All health-related data is:

• Encrypted in transit
  
  

• Stored securely on EU-based servers
  
  

• Used only to provide emotional support and personalize your in-app experience
  
  

You can withdraw consent at any time by deleting your account or contacting support@sibyl.care. Once deleted, your health data will be permanently removed from our systems within 30 days.