I agree with you, therefore I also need contributors for that. It is difficult to run this on my own, as I have basic in coding, but not a tester, so I have to use agentic workflow to check after it was generated, so it is not just like hiding sh*t.

Thank you, I opened Discussions for that, fell free to communicate.

Thanks, this is really useful feedback.

The reminder part is already on the roadmap, and I’ve now added two more issues based on your note about irregular cycles:

• #17 Add irregularity factor tags for cycle tracking
• #18 Use recorded cycle factors to improve prediction context

The direction I’d want for Ovumcy is less “the app predicts the why” and more:

• users can log things like stress, illness, travel, sleep disruption, etc.
• the app can use that to give better context and reliability hints for irregular cycles
• without pretending to make hard medical claims

The anonymous scrubbed-submission idea is interesting too, but I’d treat that as much later, because it changes the privacy/trust model a lot.

Happy to keep talking about it, and future PRs would definitely be welcome.

Thank you! I am aware of it, but mine is slightly diffrent approaches to the privacy, allowing to access from multiple devices.

Worth to say, that this is an ongoing development, this is not even version 1, v 0.3.1

No, we didn’t ship it without security hardening.

We already hardened the main sensitive parts:

sealed auth/recovery/reset/flash cookies no auth or recovery secrets in URLs or JSON POST + CSRF logout basic browser security headers CodeQL, gosec, Trivy, and SBOM in CI What’s still missing is a strict CSP. That’s not a one-line switch here because the current frontend still needs some refactoring first.

No-no, you run your VPS and deploy it there. So you define your storage, it can be homeVPS

I agree, though there is a difference in case you rovided and mine. It is a human-directed work. Thousands of libraries, Kubernetes, Kubernetes still live and license is valid.

Thanks for the suggestions, those are good points.

CSP is something I plan to tighten over time, but enabling a strict policy right now would require refactoring some inline JS patterns used in the templates. It’s definitely on the roadmap as part of security hardening.

Regarding CORS, the application currently runs as a same-origin server-rendered app rather than a cross-origin API, so CORS headers aren’t enabled by default. If external clients or integrations are added in the future, I’d likely introduce a restricted allowlist for specific API routes.

I use Android, my wife - iOS. So many things that on F-Droid are simply unavailable to her (yes, I tried to convince her to go to our side). So I searched for living projects with self-hosting idea, did not find one and decided to create one. I have a CS background, though my professional work today is mostly in finance as a senior analyst where I write code to automate and optimize workflows. Ovumcy started as a personal project exploring a self-hosted approach to cycle tracking.

Yes, I’m aware of those apps. They’re great local-first mobile trackers. Ovumcy explores a slightly different approach - a self-hosted web app that can run on infrastructure you control and be accessed from multiple devices.

I see that we face it all over the world now.

As a non-native speaker, I had to use LLM to get that joke)

It is a greap project, mine is not a replacement, but a little bit different approach. It’s a self-hosted web application that you run on infrastructure you control and access from multiple devices. In Drip you can export or import data, but this step is a payment for privacy. Mine offers privacy but from a different perspective.

You can see that I use some of metrics, like test coverage, estimates and so on to prove its validation as potentially serious project, that will grow from a pet one.

Partially agree, but I do know how to code and use it as a tool.

Appreciate that!

Ovumcy isn’t trying to replace them. The idea here is to explore a self-hosted, web-based approach that focuses on running the app on infrastructure you control, with simple deployment and cross-device access through the browser.

Different tools optimize for different things. Native apps like Drip or Mensinator are great for fully local tracking, while Ovumcy explores a self-hosted model that can be accessed from multiple devices without relying on a third-party service.

I answered earlier, that I use AI and this is just a commit skill for an agent.

Well, not stealing, being inspired)