PrivyCycle - Private Cycle Tracking

:drop_of_blood: PrivyCycle – Private Cycle Tracking Reinvented

Built at ETHGlobal Cannes 2025 • Finalist • Swept 3 sponsor bounties (Privy, Zircuit, 0G) • $11,000 in prizes


1. What We Built

PrivyCycle is a private, end-to-end-encrypted menstruation tracker that keeps data ownership with the user while hiding all Web3 complexity behind a seamless Web2-style UX.

  • Track periods, symptoms, moods & lifestyle factors
  • Encrypt everything locally (Zircuit SDK) before any network hop
  • Store ciphertext on IPFS for permanence & portability
  • Share or revoke access with doctors, partners or family without exposing plain-text to anyone—including us
  • Generate anonymised AI insights with 0G Compute
  • Export a fully-encrypted archive as a future gift to your daughter

Why It Matters – The Problem :drop_of_blood::lock:

Most period-tracking apps still treat intimate cycle data as a product to be sold or breached. For example, a top menstruation tracking app, Flo, was found to have shared sensitive health data with private companies for analytics and advertising purposes, along with claims that the US government used this data to prosecute women who underwent abortion. There are real privacy concerns and hypothetical risks.

Once you log your history, there’s often:

  1. No privacy – plaintext (or easily reversible) data lives on company servers, ready for subpoenas, breaches, or resale.
  2. No permanence – if the service shuts down, your health timeline disappears.
  3. No granular sharing – doctors, partners, or future family members struggle to access the right slice of information at the right time.

The result? Users stay in the dark, critical health patterns get missed, and trust in fem-tech erodes.

PrivyCycle flips the script: on-device encryption, decentralized storage, and selective sharing mean your cycle data remains yours—forever and on your own terms.

Quick Links


2. ETHGlobal Cannes 2025 Results :tada:

Prize
ETHGlobal - :trophy: ETHGlobal Cannes 2025 Finalist
Privy - Best Consumer App Built on Privy
Zircuit - Best Project Deployed on Zircuit
0G - Most Innovative Use of 0G Ecosystem
Total Prizes: $11,000

2.5 Meet the Team & Why We Click :handshake:

Name Role Affiliation & Synergy
Migle Idea, Product, UX Founder at Women in Web3PrivacyNow (part of Logos family) – brings deep privacy advocacy & direct channel to Waku/Logos community
Atlas Backend & Smart-Contract Engineering Seasoned full-stack dev; bridges encryption, IPFS & contract layers
Danish Eng
Ryan Pitch & Partnerships Taco.threshold – collaborates closely with Waku team; business lens + network

Because two of us already work with Logos/Waku initiatives, integrating Waku into PrivyCycle isn’t just technically sound—it’s culturally aligned and backed by existing relationships.


3. Technical Architecture (Current MVP)

flowchart TD
    subgraph Client (React Native)
        A1[Privy SDK \n social-login]
        A2[Zircuit SDK \n on-device AES]
        A3[IPFS Client]
        A4[UI + Hooks]
    end

    subgraph Decentralised Backplane
        B1(IPFS Cluster)
        B2(0G Compute)
    end

    A1 -->|key management| A2
    A2 -->|encrypt logs| B1
    B1 -->|CID| A4
    A4 --> B2
  1. Privy SDK – OAuth-style login; abstracts wallet keys
  2. Zircuit SDK – Generates symmetric keys & does local AES/GCM
  3. Encrypted blobs stored on IPFS; only CIDs ever leave the device
  4. 0G Compute pulls anonymised aggregates for AI insights
  5. Smart contract stores a hash of the latest encrypted log root → integrity & timestamp

4. Where Waku Fits Next :link:

Waku is a privacy-preserving, decentralised messaging layer. It complements—rather than replaces—our on-chain anchor.

Feature Current Pain Waku-powered Solution
Consent & Revocation Granting access link today uses a web API LightPush envelope on topic /privycycle/share/{user} → gas-less, real-time, revocable
Cross-Device Sync Requires polling IPFS for new CIDs Devices subscribe to /privycycle/sync/{wallet}; Store node guarantees delivery when offline
Private Notifications FCM/APNS centralised, country-blocked Relay + Filter push encrypted reminders & AI tips; RLN prevents spam
Doctor Chat No real-time chat yet Temporary topic /privycycle/consult/{uuid} on Relay; optional Store for history
Anonymous Data Marketplace (future) Need gas-less bid/ask channel Aggregated stats published over Waku; 0G validators reward providers

Feature Deep-Dive :mag:

  • Consent & Revocation – When a user wants to grant access to their data, the app uses Waku’s LightPush protocol to send a signed envelope. This envelope contains the IPFS Content Identifier (CID) for the encrypted data, the symmetric key needed to decrypt it, and a policy describing the scope and duration of access. This message is cryptographically signed by the user, ensuring authenticity and non-repudiation. If the user later wishes to revoke access, the app sends a corresponding revoke envelope with the same nonce (unique identifier) as the original consent. This instantly invalidates the prior consent without any blockchain transaction or gas fee, providing a seamless, real-time, and privacy-compliant (HIPAA-friendly) user experience.

  • Cross-Device Sync – To keep user data consistent across multiple devices, each device periodically sends a sync message over Waku. This message includes the latest Merkle root (representing the current state of the user’s data) and a diff-CID pointing to any new or changed data chunks. Other devices listening on the same topic can detect these updates and request only the missing data, minimizing bandwidth and storage requirements. Thanks to Waku’s Store protocol, even if a device is offline when a sync message is sent, it can retrieve missed messages later, ensuring reliable synchronization even when the primary device is unavailable.

  • Private Notifications & Reminders – Instead of relying on centralized push notification services like FCM or APNS (which can be blocked or compromise privacy), PrivyCycle uses Waku to deliver notifications. A backend worker (or optionally, an on-device cron job) encrypts a JSON payload such as { type: "reminder", ts, body } and LightPushes it to a topic specific to the user’s wallet address (e.g., /privycycle/notify/{wallet}). The React Native app listens for these messages, decrypts them locally, and triggers a native push notification, ensuring timely reminders and tips without exposing user data to third parties.

  • Doctor Chat – For real-time consultations, a unique Waku Relay topic is created for each doctor-patient session (e.g., /privycycle/consult/{uuid}). All messages sent in this chat are relayed in real time and automatically stored by Waku’s Store nodes, allowing both parties to access the conversation history later for audit or follow-up. To prevent spam and abuse while preserving user anonymity, Waku’s Rate-Limiting Nullifier (RLN) protocol is used to enforce a limit of one message per second per participant.

  • Partner Tips & AI Insights – When a partner (such as a healthcare provider or AI module) wants to send personalized tips or insights, the 0G compute layer generates the content, encrypts it using the recipient’s public key, and transmits it via Waku. This ensures that only the intended user can read the message, and the delivery feels as seamless and familiar as a WhatsApp message—while remaining fully decentralized and private.

  • Anonymous Data Marketplace – Users who wish to participate in research or data sharing can opt in to an anonymous marketplace. The app publishes a blinded bloom-filter summarizing the types of metrics the user is willing to share, without revealing their identity or raw data. Researchers can then post “bid” messages over Waku, specifying the data they seek and the rewards offered. If a user accepts a bid, they respond with a decryption token, enabling secure, gas-less, and privacy-preserving data exchange.


Join the Discussion :speech_balloon:

We’d love to hear your thoughts, feedback, and ideas!
Which features excite you most? What would you add or change?
Share your questions, suggestions, or concerns below.


Big TYs to @vpavlin for the nudge to make this forum post:D

9 Likes

Love it! Great cause, well thought through - absolutely deserved win:) I hope you continue building this.

One nitpick

Should be at least a hash(wallet)

1 Like

This is an excellent initiative, particularly in moving beyond device-native apps such as Apple Health.

For context, here is why this tracking is essential:

1. Fertility Tracking:
Vital for identifying peak fertility periods to optimise conception or effectively manage contraception.

2. Understanding the Menstrual Cycle:
Gaining insight into the four phases (menstrual, follicular, ovulation, luteal) helps you as a woman to optimise health, energy levels, productivity, and overall well-being. Many existing health programmes lack detailed education on this topic, making personal tracking essential for tailored health management (exercise routines, diet adjustments, fasting schedules, etc.).
This knowledge has been mostly grassroots sourced to this day, although science is starting to pay attention.

3. Contributing to Broader Knowledge:
Your anonymised data helps establish more accurate standards, providing valuable educational resources for millions who otherwise lack access to comprehensive menstrual health information. Ultimately, education remains one of the most effective forms of activism.

The data is exceptionally valuable, especially if you’re in control of how you share it. There’s so much you can build from here on, in terms of science, technology, physical devices, scientific research etc.

My focus was especially on chronic conditions (I’m a type-1 diabetic), so in 2017, I started designing a full healthtech ecosystem architecture with dedicated patient data flows (we halted building this due to lack of funding). Platform, dedicated apps etc. collection & exchange with the purpose to:

  • Offer a patient-centric social platform (similar to Patients Like Me) that integrates DL/ML-driven insights (big data & custom data).
  • Incorporate rigorous GDPR compliance and ethical data standards (this was before the 2018 wider implementation of data regulations).
  • Support clinical trials and research, with revenue-sharing models benefiting data contributors.
  • Facilitate continuous improvement through targeted demographic surveys.
  • Provide startups and innovators with anonymised, highly relevant medical data to foster the creation of advanced health applications. Think of data standards on blood pressure for e.g. that would help software & hardware medical companies build more accurate devices and apps.

I redid the visual representation of what the data collection & exchange architecture behind the platform looked like (thanks to Deepseek & Mermaid for refreshing the painful old diagrams).

This kind of architecture can be expanded really to any type of applications including femtech-specific that could achieve a decent ethical (private, compliant) and secure data collection process, to feed into the data exchange.

5 Likes

Migle here (PrivyCycle / Womxn in Web3 Privacy).
Thank you for this thoughtful expansion.
It’s beautiful to reminisce about how chaotic and crazy high energy our weekend was during this hackathon, and how, calm and collected we are looking back at this and exploring ways not to put this on a shelf but sincerely continue our mission.

You’re naming exactly why we built PrivyCycle the way we did: cycle data isn’t “app telemetry.” It’s medical, emotional, political, and in some jurisdictions—legally risky.

Where We’re Aligned

  • Cycle patterns intersect with autoimmune flares, medication dosage, mood stability—you see this in diabetes; we’ve heard similar from endo and thyroid communities.
  • Education-as-activism: We agree. Most cycle literacy has been peer-taught in whisper networks. Tooling must surface insight without extracting identity.

Why Privacy Architecture Matters and can’t wait

We’ve already seen health-adjacent data used in ways no one meaningfully consented to—ads for emergency contraception pushed off retail/pharmacy data, location + search inference shaping reproductive marketing flows in the UK & US, and period-app sharing controversies. Even when “anonymised,” linkage risk is high when cycles, ZIP codes, and purchase data intersect. We need systems that commit to selective disclosure by design.

Logos is rallying people around trust-minimised, corruption-resistant digital public goods. Reproductive data sovereignty is a civil-liberties frontier. If we can’t keep something as intimate as a menstrual log user-controlled, “network states” risk replicating surveillance states. PrivyCycle is a small but concrete testbed: culture, consent, cryptography—tied to real human need.

If anyone reading this (And I truly mean anyone; researcher, person who ever used menstruation app and felt frustrated, curious mind about FemTech, engineer) has any suggestions and ideas or owuld like to contribute to making this beyond Hachathon, feel free to connect with me or Danish.

6 Likes