Privacy Policy

Last updated: February 2, 2026

At VitalAI, we take your privacy seriously. This Privacy Policy explains how BaseOne Media Ltd ("we", "us", or "our") collects, uses, and protects your personal information when you use our health optimization platform.

Key Privacy Points

Your health data is encrypted end-to-end
We never sell your personal information
You can delete your data at any time
GDPR and HIPAA compliant
Transparent data usage policies
Regular security audits

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Password (encrypted and never stored in plain text)
  • Profile information (age, gender, fitness goals)

Health & Fitness Data

With your explicit consent, we collect:

  • Wearable device data (heart rate, HRV, sleep, activity)
  • Workout logs and exercise history
  • Nutrition tracking and meal logs
  • Blood work results (if you choose to upload)
  • Body measurements and progress photos

Usage Data

We automatically collect:

  • Device information and IP address
  • Browser type and operating system
  • Pages visited and features used
  • AI chat interactions (to improve our service)

How We Use Your Information

  • Personalization: To provide AI-powered health recommendations tailored to your goals and data
  • Service Delivery: To operate and maintain the VitalAI platform
  • Communication: To send you updates, notifications, and support messages
  • Improvement: To analyze usage patterns and improve our AI models
  • Security: To detect and prevent fraud, abuse, and security incidents

Data Security

We implement industry-leading security measures to protect your data:

  • End-to-end encryption for all health data
  • Secure cloud infrastructure with SOC 2 compliance
  • Regular security audits and penetration testing
  • Two-factor authentication available
  • Employee access controls and training

Third-Party Services

We work with trusted third-party services to provide our platform:

Anthropic (Claude AI)

Powers our AI health coaching. Data is anonymized before processing.

Supabase

Secure database hosting with encryption at rest and in transit.

Stripe

Payment processing. We never store your full credit card details.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of all your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

To exercise any of these rights, contact us at privacy@vitalai.com

Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations. When you delete your account, we permanently remove your personal data within 30 days, except where we're required by law to retain certain information.

Children's Privacy

VitalAI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of any material changes by email or through the app. Your continued use of VitalAI after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@vitalai.com

Address: BaseOne Media Ltd, London, United Kingdom

Data Protection Officer: dpo@vitalai.com