A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I was going to recommend this to someone I know but when I realised your readme.md is entirely AI-generated, I guess the whole project is probably vibe-coded. I can't in good conscience recommend someone trust their health data to a vide-coded app because they tend to have security problems.
Also all ai-generated code is public domain so your AGPL license is kinda empty. Might as well use MIT.
I do use AI tools while developing this project, but I also have a BSc in Computer Science. AI is a productivity tool.
Security is something I take seriously, especially since the project deals with health data. All code has test and you're welcome to inspect the repository yourself or point out any specific security concerns if you notice them.
Regarding licensing: the AGPL license applies to the project as a whole regardless of the tools used to write parts of the code.
If you have concrete technical feedback or security issues, I’d genuinely appreciate it.
You should add a disclaimer stating that you have used an LLM. I have done so for a tool I built with an LLM that I needed, because I don’t know jackshit about coding and I am not gonna pretend I do.
because I don’t know jackshit about coding and I am not gonna pretend I do.
But if OP does know and applies that knowledge to what they are doing, it's not the same thing and doesn't make sense to have the same disclaimer.
Partially agree, but I do know how to code and use it as a tool.
The danger being raised with the licensing is that you can't license something if you're not considered to be the author. There are growing examples of courts and lawmakers determining AI output to be public domain:
The US Supreme Court recently refused to reconsider Thaler v. Perlmutter, in which the plaintiff sought to overturn a lower court decision that he could not copyright an AI-generated image. This is an area of ongoing concern among the defenders of copyleft because many open source projects incorporate some level of AI assistance. It's unclear how much AI involvement in coding would dilute the human contribution to the extent that a court would disallow a copyright claim.
https://www.theregister.com/2026/03/06/ai_kills_software_licensing/
This is an evolving, global situation and hard to know what to do right now. I think what you've got is fine though - you've made it clear your intention is to license with AGPL. It's just that depending on the jurisdiction it might be public domain instead.
This is another reason to be clear about the use of AI in the README so your users can make an informed decision.
I agree, though there is a difference in case you rovided and mine. It is a human-directed work. Thousands of libraries, Kubernetes, Kubernetes still live and license is valid.
Charitably, it could be an AI readme and hand rolled code, but it definitely is a smell.
Yeah there are other signs too. Look at those commit messages, all vague, all perfectly capitalized. All with a nice long description with bullet points.
No one does that in a project they're building for themselves.
Judging code quality by use of LLM in a documentation and commit messages is weird.
While I write all of my code myself and I'm against vibe coding etc., there is one place where I let a LLM write for me: readmes, commit messages and Javadoc comments.
I know how to write code but at the same time I'm shit at both my native language and even more so at English. So I let Language Models write natural language texts for me and just fix them when necessary. My documentation is more clear, grammatically correct and more detailed than in any of my previous projects, and I can focus on writing code.
And I wouldn't say "No one does that in a project they're building for themselves". I do that for projects that only I will ever see, and OP shared his project with others, so it's great that he included a clear documentation
Thanks for doing this, I was debating doing the same. It needs to exist.
I recommend you set the Content-Security-Policy http header so that inline javascript (commonly used for XSS attacks) cannot be executed.
https://web.dev/articles/strict-csp
CSP being off is not exactly a security hole but it makes security holes much more likely. By using a strict CSP configuration you close off the possibility of a whole class of holes.
Also think about setting the Access-Control-Allow-Origin header and enable CORS on your REST endpoints.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin
Again, kind of a pain in the ass but gets rid of a bunch of potential problems before they start.
Thanks for the suggestions, those are good points.
CSP is something I plan to tighten over time, but enabling a strict policy right now would require refactoring some inline JS patterns used in the templates. It’s definitely on the roadmap as part of security hardening.
Regarding CORS, the application currently runs as a same-origin server-rendered app rather than a cross-origin API, so CORS headers aren’t enabled by default. If external clients or integrations are added in the future, I’d likely introduce a restricted allowlist for specific API routes.
Why not use drip or mensinator? Both FOSS.
Ovumcy isn’t trying to replace them. The idea here is to explore a self-hosted, web-based approach that focuses on running the app on infrastructure you control, with simple deployment and cross-device access through the browser.
Different tools optimize for different things. Native apps like Drip or Mensinator are great for fully local tracking, while Ovumcy explores a self-hosted model that can be accessed from multiple devices without relying on a third-party service.
I see how they differ now. Local vs self hosted. Niche use. But I get your idea especially helpful between partners I suppose. Keep it going! Let's see where it lands in time. Personally I think the name is hard to remember and pronounce correctly which means it might not be super catchy and really take off. My opinion and in no way should deter you. Perhaps tweak the name. Overall though good job and keep going. This not a negative thing I say. Just to trying to help you refine the idea to success. Best of luck!
Appreciate that!
this is great, especially when our government starts tracking everything we do online.
great forward thinking if that was your intention.
Yup. You really don't want the maga cult monitoring your cycle. If you stopped menstruating for a bit you must be pregnant. Where is the baby? Omg you murdered the baby by taking Tylenol!
I see that we face it all over the world now.
I use Android, my wife - iOS. So many things that on F-Droid are simply unavailable to her (yes, I tried to convince her to go to our side). So I searched for living projects with self-hosting idea, did not find one and decided to create one. I have a CS background, though my professional work today is mostly in finance as a senior analyst where I write code to automate and optimize workflows. Ovumcy started as a personal project exploring a self-hosted approach to cycle tracking.
A lot of cycle trackers right now sell that data and there is some concern it could be used to find women who have miscarried and charge them with a crime.
Something like your idea is safer for women to use.
How can that even be a thing? Miscarriages happen all the time
Well a miscarriage is basically an abortion and an abortion is basically a murder.
/s, to be clear, but some people will say that sincerely and in some parts of the world they get to write the law.
Yeah they have tried to prosecute women for miscarriages. Basically saying women cause them on purpose.
https://www.nbcnews.com/news/nbcblk/brittany-watts-miscarriage-bathroom-charged-rcna135861
The right wing conservatives often have these weird paradoxical beliefs. Like Mexicans are lazy but also stealing everyone's jobs.
They believe women are designed to be baby incubators and are natural caregivers, but we are also naturally baby killers and have to be watched and kept from killing all the babies.
It's ridiculous.
I did the same thing for my partner. She didn't migrate in the end, and google killed my play store account.
https://bloodyhealth.gitlab.io/ - is also a good option.
Some kind of data import would be nice to have according to my partner, but it might be tricky with all the different apps.
There definitely an actively developped open source privacy focused period tracker available, go check it out: https://gitlab.com/bloodyhealth/drip But all data stays local on your device , which is of course good from privacy pov but if you are looking for something accessible from different devices then this might not be suitable.
Thank you! I am aware of it, but mine is slightly diffrent approaches to the privacy, allowing to access from multiple devices.
Do you know about drip? It as local non-profit cross-platform open source smartphone app and my girlfriend is a happy user for years.
It is a greap project, mine is not a replacement, but a little bit different approach. It's a self-hosted web application that you run on infrastructure you control and access from multiple devices. In Drip you can export or import data, but this step is a payment for privacy. Mine offers privacy but from a different perspective.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| HTTP | Hypertext Transfer Protocol, the Web |
| IP | Internet Protocol |
| LXC | Linux Containers |
| SSH | Secure Shell for remote terminal access |
| VPS | Virtual Private Server (opposed to shared hosting) |
6 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #140 for this comm, first seen 7th Mar 2026, 01:40] [FAQ] [Full list] [Contact] [Source code]
I use a period tracker to identify file extensions.
As a non-native speaker, I had to use LLM to get that joke)
This is super cool! I'm not afab so I can't help test and my question may be ignorant but I'm curious why one would want this functionality to not be something native and benefits from being hosted at all?
There are some f-droid trackers that look nice (I keep seeing one there with a super pretty ui) but I'm not sure what the tradeoffs of just using a native application for something like this might be
The benefit over a purely local app is mainly cross-device access and easier syncing/backups, while still avoiding a third-party service storing your data.
