Privacy Policy

Version 1.0 · Effective from [LAUNCH DATE]

This policy applies to all Vitalio users (mobile and web). It complies with GDPR (Regulation 2016/679) and Romanian Law 190/2018.

1. Who we are

Vitalio is operated by [YOUR_LEGAL_ENTITY], registered at [YOUR_ADDRESS], registration number [J/CUI]. Contact: hello@vitaliopro.com. DPO: dpo@vitaliopro.com. We are the data controller under GDPR (Regulation 2016/679).

2. What data we collect

Account: email, encrypted authentication tokens. Profile: first name, age/DOB, biological sex, height, weight, fitness goal, activity level, dietary restrictions, workout time preference, optional psychological questionnaire answers. Health & fitness (sensitive — GDPR Art. 9): weight history, body measurements, workouts (incl. personal records), meals, wellbeing check-ins, hydration, menstrual cycle (if opted in), fasting sessions, HealthKit/Apple Watch imports, Oura Ring data (sleep, HRV, readiness, steps). Longevity data (sensitive — GDPR Art. 9): biological age, healthspan score, lab biomarkers (HDL, LDL, ApoB, glucose, vitamin D, etc.) manually entered, daily longevity habits checklists, manual longevity inputs (VO2max, RHR, HRV from external trackers). AI interactions: food scan photos (transient — NOT stored permanently), recipe URLs (HTML processed transiently), AI coach chat messages (stored for context, deletable), lab biomarker interpretation requests. Technical: device type, OS, app version, language, anonymous usage stats (PostHog EU), crash reports (Sentry when active). Payment: subscription status via RevenueCat. We never store credit card numbers — those are handled by Apple App Store / Google Play.

3. Why we collect it (GDPR legal basis)

Account & profile: contract (Art. 6(1)(b)). Health data: explicit consent (Art. 9(2)(a)). AI processing: explicit consent + service performance. Analytics: legitimate interest (Art. 6(1)(f)). Payment: contract. You can withdraw consent anytime by disabling features in Settings or deleting your account.

4. How long we keep your data

Account, profile, health & fitness data: until you delete your account. Food scan photos: NOT stored — transient processing only. Analytics: 24 months (anonymized after 90 days). Crash reports: 90 days. Payment records: 7 years (Romanian tax law). Inactive accounts: auto-deleted after 36 months (we notify by email 30 days prior).

5. Who we share your data with

We NEVER sell data. We share with processors strictly to provide the service: • Supabase (EU/Frankfurt) — database & auth, all app data encrypted, DPA signed. • Anthropic / Claude AI (US) — transient AI processing for food scan, AI coach chat, and lab biomarker interpretation. Anthropic does NOT train on commercial API inputs. Requests retained max 30 days for abuse detection. DPA signed. SCCs in place. • Apple HealthKit / Oura Cloud — you connect these directly; we only receive the metrics you authorize. Oura access token stored encrypted in our DB, revocable from Oura dashboard. • RevenueCat (US) — subscription management. DPA + SCCs. • PostHog (EU/Frankfurt) — anonymous analytics, self-hosted EU instance. • Sentry — crash reporting when active, no PII. • Apple / Google — payment processing. We do NOT share data with advertisers or data brokers.

6. Your rights under GDPR

You have the right of access, rectification, erasure ("right to be forgotten"), restriction, portability (data export as JSON), objection, withdraw consent, and lodge a complaint with the Romanian supervisory authority ANSPDCP (www.dataprotection.ro). Delete your account self-service: Settings → Account → Delete account. Processed within 30 days. For other requests, email dpo@vitaliopro.com. We respond within 30 days.

7. Children’s privacy

Vitalio is not intended for children under 16. We do not knowingly collect data from minors under 13 (no exception). Between 13-16: parental consent required where local law applies.

8. International transfers

Some processors are in the US (Anthropic, RevenueCat, Sentry). We use Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) to ensure adequate protection.

9. Security

TLS encryption in transit, AES-256 at rest, Row-Level Security policies scoping data to your account, magic link authentication (no passwords to steal), regular security audits, Sentry monitoring. In case of breach, we notify you and the supervisory authority within 72 hours per Art. 33 GDPR.

10. AI processing transparency

We use Anthropic Claude for food scans, recipe imports, AI coach chat, and lab biomarker interpretation. Important: Claude receives only the specific input needed for each task (e.g., the photo for scan, the lab values for interpretation) — never your email, full fitness history, or unrelated personal data. Anthropic does NOT use commercial API inputs to train their models (per Claude API Terms). Anthropic retains requests max 30 days for abuse detection then deletes them. Longevity computations (biological age, healthspan score) run LOCALLY in the app using deterministic formulas — they do NOT send data to AI. Only the lab interpretation feature sends biomarker values to Anthropic, with your explicit action. AI estimations are NOT medical advice — always consult a qualified physician for health concerns.

11. Changes to this policy

We may update this policy. Material changes will be notified via in-app notification at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

12. Contact

Email: hello@vitaliopro.com. DPO: dpo@vitaliopro.com. Postal: [YOUR_ADDRESS]. We respond within 30 days.