Vita Privacy Policy

Last updated: August 2025

This Privacy Policy explains how Vita App Inc. (“Vita,” “we,” “us,” or “our”) collects, uses, discloses, retains, and secures information about you when you:

use the Vita iOS application (the “App”), including our AI meal scanning, voice input, nutrition analysis, and lightweight workout logging features;
visit, sign up, or interact with our website thevita.ai (the “Site”);
join our beta waitlist or participate in our private/public beta programs;
communicate with us, including by email or through social channels; and
engage with features we may provide now or in the future, such as Apple Health integrations, coach features, or token-based rewards (“Services”).

We are committed to data minimization and privacy-by-design. This policy is descriptive and does not constitute legal advice. If you have questions, contact us at privacy@thevita.ai.

Quick summary (non-exhaustive)

We collect the information you give us (e.g., email, device info, food descriptions/photos), information the App generates (e.g., nutrition estimates), and certain technical data (e.g., logs, diagnostics).
Where you opt in, we may access Apple Health data to display your totals and trends. You control this in iOS. We do not sell your personal information.
We use service providers to operate the App (e.g., Firebase for auth/storage, OpenAI for nutrition parsing, Google Cloud Vision for image recognition, Formspree for waitlist submissions, Vercel for hosting).
You have rights over your data, including access, deletion, correction, portability, and the right to opt out of certain sharing or targeted advertising where applicable.
We implement technical and organizational measures to protect data and limit retention.
Vita is not a medical device and is not a HIPAA “covered entity.” Do not use Vita to diagnose, treat, or manage medical conditions.

1) The information we collect

Depending on how you use Vita, we may collect the following categories of information:

1.1 Information you provide directly

Account and Contact Data: name, email address, password (hashed), phone (if provided), profile data, communications with us.
Waitlist and Beta Enrollments: your name, email, iPhone model, iOS version, and responses to onboarding forms (e.g., “How did you hear about Vita?”).
Content You Submit: food photos, voice descriptions, typed entries, brand/portion edits, notes, workouts you log, and feedback you voluntarily provide.
Support Queries: tickets or emails you send us, and metadata necessary to troubleshoot issues.

1.2 App-generated and usage information

Nutrition Outputs: per-item and per-meal estimates (calories, macros, portions) generated by Vita’s AI processing and your edits/confirmations.
App Activity: features used, timestamps, error/crash logs, diagnostic events, and performance metrics.

1.3 Device and technical data

Device Details: device model, OS version, app version, language, time zone, coarse location (city/region) inferred from IP where necessary for diagnostics or localization.
Network & Cookies (Site): IP address, request headers, referrers, and limited cookies or local storage used to provide core functionality, security, and basic analytics. We avoid heavy tracking cookies and do not engage in cross-site behavioral advertising.

1.4 Apple Health data (opt-in)

With your explicit opt-in, Vita may read certain Apple Health categories (e.g., daily calories burned, workouts) to display totals and trends. Access is controlled by iOS permissions and can be changed in Settings at any time. We do not write to Apple Health without your permission. We do not sell Apple Health data.

1.5 Voice and camera access

If you use the camera or microphone features, the App will access those sensors only to let you scan a meal or dictate a description. We do not access your camera or microphone in the background.

1.6 Blockchain/Token features (optional/future)

If you opt in to on-chain rewards or wallet features in the future (e.g., a Solana-based token), we may process your wallet address, transaction metadata, or public on-chain activity. Blockchain transactions are typically public and may be accessed by anyone. Please consider what you share on-chain. We will describe any such feature before activation and seek consent where required.

2) How we use information

We use information to operate, secure, and improve Vita, including to:

Provide the Services: create/manage accounts; process scans/voice input; generate nutrition estimates; display logs, totals, and trends; enable opt-in Apple Health integrations; and deliver beta onboarding.
Improve accuracy and user experience: learn from your corrections (e.g., portion edits, brand selections), run A/B tests, and refine prompts or models (while following provider terms and privacy settings).
Communicate with you: send onboarding messages, app tips, product updates, and beta invitations; respond to support requests.
Security, fraud, and abuse prevention: protect accounts; detect misuse; monitor for suspicious activity; enforce our Terms.
Legal compliance: fulfill legal obligations; respond to lawful requests; maintain appropriate records.

3) Our legal bases for processing (EEA/UK)

If you are in the European Economic Area or United Kingdom, we process personal data under these legal bases:

Performance of a contract (Art. 6(1)(b) GDPR) — to provide the App/Services you request.
Consent (Art. 6(1)(a)) — for optional features such as reading Apple Health data, certain analytics, marketing emails, or experimental features.
Legitimate interests (Art. 6(1)(f)) — to secure, debug, or improve our Services; prevent fraud; or engage in limited analytics consistent with your rights and expectations.
Legal obligations (Art. 6(1)(c)) — to comply with applicable laws and requests.

4) How we share information

We do not sell your personal information. We share information as follows:

4.1 Service providers (processors)

Firebase (Google): authentication, Firestore database, storage, crash/analytics (as configured);
OpenAI: nutrition parsing and text/voice analysis for prompts you submit; we endeavor to disable training on your content where controls exist and instruct providers through contracts not to use your data beyond providing the Services;
Google Cloud Vision API: image recognition on food photos you submit;
Formspree (website waitlist form): collection and routing of waitlist data;
Vercel: hosting and deployment of the Site and related infrastructure;
Email/communication tools: transactional emails, support, and notifications;
Payment processors (future): if you purchase coaching or subscriptions, we will use a PCI-compliant processor; we do not store full card numbers.

Service providers are contractually required to handle personal data only on our instructions and to implement appropriate security measures.

4.2 Legal, safety, and compliance

We may disclose information when we believe in good faith that disclosure is reasonably necessary to protect our rights, users, or the public; to detect, prevent, or address fraud, security, or technical issues; or to comply with a law, regulation, subpoena, or court order.

4.3 Business transfers

In connection with a merger, acquisition, financing, or sale of assets, your information may be transferred to the acquiring entity as part of the transaction, subject to applicable law and this Policy’s commitments.

5) Cookies and similar technologies

We aim to keep tracking minimal. The Site may use essential cookies (or local storage) to maintain session state and security, and lightweight analytics (e.g., aggregated page views) to understand product interest. We do not use cross-site behavioral advertising cookies. You may control cookies via browser settings though essential cookies may be required for basic functionality.

6) Data retention

We retain personal data only as long as necessary for the purposes described in this Policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements. In general:

Account data is kept while your account is active and a reasonable period thereafter for reactivation or support (unless you request deletion sooner).
Food photos/voice inputs are stored only as needed to produce results, allow edits/history, and improve your personal experience; where feasible we minimize retention or store derived results instead of raw media.
Apple Health data is not stored unless necessary to display trends or totals you request; we minimize copying and respect iOS revocation.
Diagnostics/logs are retained for short periods necessary to troubleshoot and improve.
Backups persist for limited windows consistent with operational recovery.

You can request deletion at any time (see “Your rights”). Some information may persist in backups for a limited period or as required by law.

7) Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, least-privilege role assignments, environment isolation, and monitoring. No system is perfectly secure; we encourage you to use strong, unique passwords and enable device security features. If we become aware of a breach impacting your data, we will notify you and regulators as required by law.

8) Your choices

Apple Health permissions: control access in iOS Settings > Health > Apps > Vita.
Camera/Microphone: enable/disable in iOS Settings > Privacy & Security.
Marketing emails: opt out using the unsubscribe link or by emailing privacy@thevita.ai.
Beta participation: you may withdraw from the beta at any time; uninstalling the TestFlight build stops further data collection from the App.

9) Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. You can exercise these rights by contacting us at privacy@thevita.ai. We will verify your identity and respond within applicable timelines.

9.1 California & U.S. state privacy notices

If you are a resident of California, Colorado, Connecticut, Utah, Virginia (and similar U.S. state laws), you may have rights to:

know the categories and specific pieces of personal information we collect;
request deletion of your personal information;
correct inaccuracies;
opt out of sales or sharing of personal information and of targeted advertising;
limit the use/disclosure of sensitive personal information (where applicable); and
non-discrimination for exercising these rights.

Do we sell or share personal information for cross-context behavioral advertising? No. We do not sell your personal information and we do not engage in cross-context behavioral advertising. If we ever change this practice, we will provide clear notice and opt-out mechanisms.

Sensitive information: if you connect Apple Health or share health-related entries, we treat such data as sensitive and use it only to provide requested features, not for advertising.

To exercise rights, email privacy@thevita.ai with “Privacy Request” in the subject. You may use an authorized agent subject to additional verification. If we deny a request, you may appeal by replying “Appeal” to our decision; we will review and respond per state law.

9.2 EEA/UK data subject rights

If you are in the EEA/UK, you may have rights under GDPR/UK GDPR to access, rectify, erase, restrict, or port your data, and to object to certain processing (including direct marketing). Where processing is based on consent, you may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

10) International transfers

We are based in the United States and process data in the U.S. and other countries where our service providers operate. For EEA/UK transfers, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK Addendum, along with additional measures where appropriate. You may contact us for a copy of relevant safeguards subject to confidentiality.

11) Children’s privacy

Vita is intended for individuals 13 and older (or the minimum age required by your jurisdiction). We do not knowingly collect personal data from children under 13 (or under 16 in the EEA/UK) without verifiable parental consent. If you believe a child has provided us information in violation of this Policy, please contact privacy@thevita.ai and we will take appropriate steps, including deletion where required.

12) AI-specific disclosures

Vita uses AI services to analyze images and text you submit, generate nutrition estimates, and improve the overall experience. We design our prompts and data flows to minimize unnecessary personal data exposure and to respect your choices. Our current AI-related practices include:

Using OpenAI for text parsing and (where enabled) voice transcription; using Google Cloud Vision API for image recognition;
where provider controls allow, disabling training on customer-submitted content and instructing providers to process data only to deliver the requested functionality;
avoiding long-term retention of raw photos/voice beyond what is necessary to deliver results and allow your edits/history;
aggregating and de-identifying data for product improvement where feasible and permitted by law; and
prompt and output filtering designed to avoid the generation of sensitive inferences. Nevertheless, AI may make mistakes; always review results.

Important: Third-party AI providers may process inputs/outputs as part of delivering the service (e.g., transient logging for abuse prevention or debugging). We select providers with strong security commitments and bind them by contract. Their independent privacy notices may apply in addition to ours.

13) Health disclaimers and HIPAA

Vita provides information to help you log meals and track nutrition. It is not a substitute for professional medical advice, diagnosis, or treatment, and is not intended to diagnose, treat, cure, or prevent any disease. Vita is not a HIPAA “covered entity” or “business associate,” and HIPAA generally does not apply to our processing. Always consult a qualified health professional with questions about your health.

14) Product-specific data flows

14.1 iOS App

Scan — with your permission, the camera captures an image of your meal. The image may be sent to Google Cloud Vision for recognition and to our servers (Firebase) to store results and enable edits/history.
Voice — with your permission, audio may be transcribed (e.g., via OpenAI Whisper or comparable service). We aim to send the fewest data necessary and avoid prolonged storage of raw audio.
Parse — text results are processed (e.g., via OpenAI) to estimate items, portions, and macros. We instruct providers not to use your content to train their models where controls exist.
Display & Edit — you can correct item names, change portions, and add brands. Your edits become the authoritative record for your log.
Apple Health (opt-in) — the App may read relevant categories to display totals. You can revoke access any time in iOS.

14.2 Website

The Site is hosted on Vercel. Waitlist forms are routed via Formspree or our backend. We keep analytics light (see “Cookies”). If you email us, we’ll store your message to respond and maintain records.

14.3 Token/Wallet features (planned)

If you choose to participate in a token reward program, your wallet address will be processed to allocate rewards. Blockchain transactions are public by design; entries may be immutable. We will provide targeted disclosures and obtain additional consents where required.

15) De-identified and aggregated information

We may create de-identified or aggregated statistics (e.g., average macro distributions across anonymized logs) to analyze usage and improve the product. We take reasonable steps to prevent re-identification and prohibit recipients from attempting re-identification.

16) Third-party links and social features

The Site or App may include links to third-party sites or content. Their privacy practices are governed by their policies, not this one. Please review them before sharing data.

17) Data governance, accountability, and DPIAs

We apply privacy-by-design principles during development, conduct internal reviews for features that may involve sensitive data (e.g., health-related, biometrics, geolocation), and perform Data Protection Impact Assessments (DPIAs) where required by law. We regularly review vendor security and data processing terms.

18) How to exercise your rights

To access, correct, delete, or export your data—or to object to processing—email privacy@thevita.ai with “Privacy Request” in the subject. Include your name, the email associated with your account, your jurisdiction (e.g., CA, EEA), the right you wish to exercise, and any relevant details. We may request verification information. If you are an authorized agent, include authorization documents.

19) International residents — additional disclosures

19.1 EEA/UK

Controller: Vita App Inc., Los Angeles, California, USA. We have not appointed an EU/UK representative at this time. You may contact your local supervisory authority if you believe we have not addressed your concern, but we ask that you contact us first.

19.2 Canada

We comply with applicable provisions of PIPEDA and provincial privacy laws. You may request access and correction of your personal information by contacting us.

20) California “Shine the Light”

California Civil Code §1798.83 permits California residents to request certain details about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing.

21) Do Not Track

Some browsers include a “Do Not Track” (“DNT”) setting. Because there is no industry consensus on handling DNT signals, we do not respond to DNT at this time.

22) Changes to this Policy

We may update this Policy to reflect changes in our practices or for legal, technical, or operational reasons. If we make material changes, we will provide notice (e.g., by posting the updated Policy on the Site/App with a new “Last updated” date, or by email). Your continued use of the Services after the effective date signifies acceptance of the revised Policy.

23) Contact us

Questions or concerns? Email privacy@thevita.ai or write to:

Vita App Inc.
Los Angeles, CA, United States
privacy@thevita.ai

Annex A — Additional details, definitions, and examples

A1. Definitions

“Personal data” / “Personal information” means information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable person.
“Sensitive personal information” includes data such as health data (including Apple Health categories), precise geolocation, and certain identifiers protected by law.
“Processing” means any operation performed on personal data (collection, storage, use, disclosure, etc.).
“Sell,” “Share,” and “Targeted advertising” carry meanings defined by applicable U.S. state laws.

A2. Categories of data collected

Category	Examples	Sources	Primary Uses	Shared With
Identifiers	Name, email, device IDs, IP address	You; device; beta forms	Account, security, support	Service providers (auth, hosting)
Customer Records	Account details, preferences	You	Provide and personalize Services	Service providers
Commercial/Usage	Feature use, logs, diagnostics	App/Site	Improve, secure Services	Service providers
Audio/Visual	Food photos, voice input	You (opt-in)	Nutrition analysis, logging	AI providers (processing), storage
Health (opt-in)	Apple Health read permissions	Apple HealthKit	Totals/trends, display	Not sold; limited sharing to operate
Inferences	Estimated macros/calories	Generated by the App	Provide insights to you	Service providers under contract

A3. CPRA disclosures (last 12 months)

In the last 12 months we collected the categories above for the purposes described and shared them with service providers as necessary to operate the Services. We did not sell personal information. We did not share personal information for cross-context behavioral advertising.

A4. Appeals and complaints

If we decline to act on your request, you may appeal by replying to our decision email with “Appeal.” If you remain dissatisfied, you may lodge a complaint with your state attorney general or, for EEA/UK, your data protection authority.

A5. Data retention schedule (illustrative)

Account, authentication, and audit logs: up to 24 months after account closure unless a shorter period is requested or longer required by law.
Food photos/voice: retained as needed for your history and personal features; minimized or deleted where feasible within 30–180 days after deletion of associated entries.
Crash/diagnostic logs: typically 30–180 days.
Backups: rolling windows (e.g., 30–90 days) for operational recovery.

A6. Security controls (overview)

HTTPS/TLS for all data in transit; encryption-at-rest by cloud providers;
role-based access, MFA for administrative access; least-privilege;
segmented environments (dev/stage/prod) and secret management;
risk assessments and vendor diligence; incident response procedures;
employee privacy and security training for those with data access.

A7. Beta program specifics

Beta builds may contain experimental features. We may collect additional diagnostics to improve stability and accuracy. You may exit the beta by uninstalling the beta build and emailing us to delete related crash/diagnostic data.

A8. Contact details

Controller: Vita App Inc., Los Angeles, California, United States.Email: privacy@thevita.ai

This Privacy Policy is for informational purposes and reflects Vita’s current practices. It does not create contractual or legal rights other than those provided by law or our Terms of Use. We may update this Policy to reflect technological, legal, or business changes.