PrivyCycle – Private Cycle Tracking Reinvented
Built at ETHGlobal Cannes 2025 • Finalist • Swept 3 sponsor bounties (Privy, Zircuit, 0G) • $11,000 in prizes
1. What We Built
PrivyCycle is a private, end-to-end-encrypted menstruation tracker that keeps data ownership with the user while hiding all Web3 complexity behind a seamless Web2-style UX.
- Track periods, symptoms, moods & lifestyle factors
- Encrypt everything locally (Zircuit SDK) before any network hop
- Store ciphertext on IPFS for permanence & portability
- Share or revoke access with doctors, partners or family without exposing plain-text to anyone—including us
- Generate anonymised AI insights with 0G Compute
- Export a fully-encrypted archive as a future gift to your daughter
Why It Matters – The Problem 

Most period-tracking apps still treat intimate cycle data as a product to be sold or breached. For example, a top menstruation tracking app, Flo, was found to have shared sensitive health data with private companies for analytics and advertising purposes, along with claims that the US government used this data to prosecute women who underwent abortion. There are real privacy concerns and hypothetical risks.
Once you log your history, there’s often:
- No privacy – plaintext (or easily reversible) data lives on company servers, ready for subpoenas, breaches, or resale.
- No permanence – if the service shuts down, your health timeline disappears.
- No granular sharing – doctors, partners, or future family members struggle to access the right slice of information at the right time.
The result? Users stay in the dark, critical health patterns get missed, and trust in fem-tech erodes.
PrivyCycle flips the script: on-device encryption, decentralized storage, and selective sharing mean your cycle data remains yours—forever and on your own terms.
Quick Links
- Demo video → https://privycycle.vercel.app
- Code → https://github.com/PrivyCycle
2. ETHGlobal Cannes 2025 Results 
Prize |
---|
ETHGlobal - ![]() |
Privy - Best Consumer App Built on Privy |
Zircuit - Best Project Deployed on Zircuit |
0G - Most Innovative Use of 0G Ecosystem |
Total Prizes: $11,000 |
2.5 Meet the Team & Why We Click 
Name | Role | Affiliation & Synergy |
---|---|---|
Migle | Idea, Product, UX | Founder at Women in Web3PrivacyNow (part of Logos family) – brings deep privacy advocacy & direct channel to Waku/Logos community |
Atlas | Backend & Smart-Contract Engineering | Seasoned full-stack dev; bridges encryption, IPFS & contract layers |
Danish | Eng | |
Ryan | Pitch & Partnerships | Taco.threshold – collaborates closely with Waku team; business lens + network |
Because two of us already work with Logos/Waku initiatives, integrating Waku into PrivyCycle isn’t just technically sound—it’s culturally aligned and backed by existing relationships.
3. Technical Architecture (Current MVP)
flowchart TD
subgraph Client (React Native)
A1[Privy SDK \n social-login]
A2[Zircuit SDK \n on-device AES]
A3[IPFS Client]
A4[UI + Hooks]
end
subgraph Decentralised Backplane
B1(IPFS Cluster)
B2(0G Compute)
end
A1 -->|key management| A2
A2 -->|encrypt logs| B1
B1 -->|CID| A4
A4 --> B2
- Privy SDK – OAuth-style login; abstracts wallet keys
- Zircuit SDK – Generates symmetric keys & does local AES/GCM
- Encrypted blobs stored on IPFS; only CIDs ever leave the device
- 0G Compute pulls anonymised aggregates for AI insights
- Smart contract stores a hash of the latest encrypted log root → integrity & timestamp
4. Where Waku Fits Next 
Waku is a privacy-preserving, decentralised messaging layer. It complements—rather than replaces—our on-chain anchor.
Feature | Current Pain | Waku-powered Solution |
---|---|---|
Consent & Revocation | Granting access link today uses a web API | LightPush envelope on topic /privycycle/share/{user} → gas-less, real-time, revocable |
Cross-Device Sync | Requires polling IPFS for new CIDs | Devices subscribe to /privycycle/sync/{wallet} ; Store node guarantees delivery when offline |
Private Notifications | FCM/APNS centralised, country-blocked | Relay + Filter push encrypted reminders & AI tips; RLN prevents spam |
Doctor Chat | No real-time chat yet | Temporary topic /privycycle/consult/{uuid} on Relay; optional Store for history |
Anonymous Data Marketplace (future) | Need gas-less bid/ask channel | Aggregated stats published over Waku; 0G validators reward providers |
Feature Deep-Dive 
-
Consent & Revocation – When a user wants to grant access to their data, the app uses Waku’s LightPush protocol to send a signed envelope. This envelope contains the IPFS Content Identifier (CID) for the encrypted data, the symmetric key needed to decrypt it, and a policy describing the scope and duration of access. This message is cryptographically signed by the user, ensuring authenticity and non-repudiation. If the user later wishes to revoke access, the app sends a corresponding revoke envelope with the same nonce (unique identifier) as the original consent. This instantly invalidates the prior consent without any blockchain transaction or gas fee, providing a seamless, real-time, and privacy-compliant (HIPAA-friendly) user experience.
-
Cross-Device Sync – To keep user data consistent across multiple devices, each device periodically sends a
sync
message over Waku. This message includes the latest Merkle root (representing the current state of the user’s data) and a diff-CID pointing to any new or changed data chunks. Other devices listening on the same topic can detect these updates and request only the missing data, minimizing bandwidth and storage requirements. Thanks to Waku’s Store protocol, even if a device is offline when a sync message is sent, it can retrieve missed messages later, ensuring reliable synchronization even when the primary device is unavailable. -
Private Notifications & Reminders – Instead of relying on centralized push notification services like FCM or APNS (which can be blocked or compromise privacy), PrivyCycle uses Waku to deliver notifications. A backend worker (or optionally, an on-device cron job) encrypts a JSON payload such as
{ type: "reminder", ts, body }
and LightPushes it to a topic specific to the user’s wallet address (e.g.,/privycycle/notify/{wallet}
). The React Native app listens for these messages, decrypts them locally, and triggers a native push notification, ensuring timely reminders and tips without exposing user data to third parties. -
Doctor Chat – For real-time consultations, a unique Waku Relay topic is created for each doctor-patient session (e.g.,
/privycycle/consult/{uuid}
). All messages sent in this chat are relayed in real time and automatically stored by Waku’s Store nodes, allowing both parties to access the conversation history later for audit or follow-up. To prevent spam and abuse while preserving user anonymity, Waku’s Rate-Limiting Nullifier (RLN) protocol is used to enforce a limit of one message per second per participant. -
Partner Tips & AI Insights – When a partner (such as a healthcare provider or AI module) wants to send personalized tips or insights, the 0G compute layer generates the content, encrypts it using the recipient’s public key, and transmits it via Waku. This ensures that only the intended user can read the message, and the delivery feels as seamless and familiar as a WhatsApp message—while remaining fully decentralized and private.
-
Anonymous Data Marketplace – Users who wish to participate in research or data sharing can opt in to an anonymous marketplace. The app publishes a blinded bloom-filter summarizing the types of metrics the user is willing to share, without revealing their identity or raw data. Researchers can then post “bid” messages over Waku, specifying the data they seek and the rewards offered. If a user accepts a bid, they respond with a decryption token, enabling secure, gas-less, and privacy-preserving data exchange.
Join the Discussion 
We’d love to hear your thoughts, feedback, and ideas!
Which features excite you most? What would you add or change?
Share your questions, suggestions, or concerns below.
Big TYs to @vpavlin for the nudge to make this forum post:D