Your cycle data, under your control
A private health journal with PIN encryption. No accounts. No cloud. No exceptions.
The problem
Period tracking data has been requested in legal proceedings. Most trackers store your data in the cloud, where it can be accessed with a subpoena or a breach. A 2025 study found that 71% of period tracking apps share personal health data with third parties.
As of early 2026, thirteen states enforce total abortion bans. The federal HIPAA Reproductive Health Rule was vacated in 2025 and HHS did not appeal. The legal landscape is shifting, and most period trackers were not built for it.
How Tarn is different
Encrypted on device
SQLCipher with AES-256. Your PIN derives the encryption key via Argon2id with 64MB memory cost. Without the PIN, the data is noise.
Zero network calls
No analytics. No crash reporting. No telemetry. No servers. Nothing to intercept, nothing to subpoena, nothing to breach.
Self-destruct on brute force
After a configurable number of wrong PIN attempts, all data is overwritten with random bytes and deleted. Not a reset. Gone.
Duress PIN
An optional second PIN that shows a convincing empty app — or wipes everything. For situations where someone is forced to unlock.
Open source
GPL-3.0. Every security claim is verifiable. Published threat model. If your security only works when nobody's looking, it's not security.
Disguised app icon
Optional icon disguises make Tarn appear as a calculator, notes app, or weather app. The lock screen shows no branding.
How it works
Install
Download from the App Store or build from source. No account required. No data collected during install.
Set your PIN
Choose a 4-6 digit PIN. This derives your encryption key. There is no recovery — if you forget it, the data is inaccessible.
Track privately
Log your cycle, symptoms, and temperature. Everything stays encrypted on your device. No cloud. No sync. No exceptions.
Security details
Tarn is designed for adversaries beyond "curious friend."
| Feature | Most trackers | Tarn |
|---|---|---|
| Data storage | Cloud | Local only |
| Account required | Yes | No |
| Encryption | At rest (maybe) | SQLCipher + Argon2id |
| Data subpoenable | Yes | Nothing to subpoena |
| Brute force response | Lockout | Data self-destructs |
| Threat model | None published | Published and versioned |
Open source
Every security claim is verifiable by reading the code.
Tarn is licensed under GPL-3.0. The encryption scheme, key derivation parameters, self-destruct mechanism, and threat model are all publicly documented. If you find a flaw, report it.