Privacy Policy
Effective date: September 1, 2025
Last updated: September 20, 2025
Our Fundamental Privacy Architecture
We can't see what we don't collect.
VitalOS is built on a radically different architecture from other health apps. Your personal health data never leaves
your device. We don't have user accounts, we don't store your email address, and we cannot access your health
information. This isn't a policy choice - it's how we built the system.
Data That Never Leaves Your Device
The following information is stored exclusively on your device in local databases and is NEVER transmitted to
our servers:
- All nutrition logs and macro tracking
- Your personal profile (age, weight, height, gender, goals)
- Food diaries and meal history
- Custom foods and recipes you create
- Health metrics and body composition data
- Progress photos and food images
- Personal notes and meal timing
- All calculations and nutritional analysis
We cannot access, retrieve, or recover this data - even in an emergency. If you delete the app, this
data is permanently gone.
The Only Information Our Server Receives
Our server receives minimal anonymous information:
- Anonymous Device Identifier: A random UUID generated when you first install the app (like
"a4b5c6d7-e8f9-...")
- Anonymous Usage Events: Basic actions like "app opened" or "food logged" - with NO personal
details
- Community Food Database Sync: You receive updates to the shared food database (USDA foods,
etc.)
- Error Reports: If the app crashes, we get technical details but no personal information
We cannot connect this anonymous device ID to you as a person.
How Payments Work Without User Accounts
When you subscribe to VitalOS Pro:
- Your email and payment information go directly to our payment processor (Cube)
- Cube tells us that anonymous device ID has an active subscription
- We never receive or store your email address or payment details
- We cannot look up your subscription by name or email - only by device ID
Important: If you delete the app without canceling your subscription first, we cannot help you
cancel it because we don't know who you are. You would need to contact your payment provider directly with your
payment information.
The Privacy Trade-offs
Our privacy-first architecture means:
- No Account Recovery: If you delete the app, your data is gone forever
- No Cross-Device Sync: Your data stays on your device only
- Fresh Start on New Devices: Getting a new phone means starting over (unless you manually
backup)
- Limited Support: We can't help you recover lost data because we never had it
- Subscription Management: You must cancel before deleting the app or contact your payment
provider
These aren't bugs - they're features of true privacy protection.
Data You Can Choose to Share
You have optional features that share limited data:
- Community Food Contributions: If you submit a food to the community database, that food data
(not linked to you) becomes public
- Future Backup Feature: We may offer optional encrypted backup where you control the encryption
key
Third-Party Services
We use minimal third-party services:
- Cube/Stripe: Payment processing (they receive your payment info, we don't)
- Apple/Google: App distribution and crash reporting (anonymous)
- Railway: Hosts our server that manages the food database and subscriptions
These services have their own privacy policies and may collect data according to their terms.
No Data Mining or Analytics
We do not:
- Track your location
- Access your contacts
- Create advertising profiles
- Sell or share data with advertisers
- Use your health data for research
- Build behavioral profiles
We can't do these things even if we wanted to - we don't have the data.
Data Security
Your data security is inherent in our architecture:
- Health data never transmits over the internet
- No cloud storage of personal information
- No central database to breach
- Your device's built-in security protects your data
- If someone hacks our servers, they get anonymous device IDs, not health data
Your Rights
With VitalOS, you have absolute control:
- Deletion: Delete the app and all data is instantly gone
- Access: All your data is on your device - you have 100% access
- Portability: Export features let you save your data locally
- Correction: Edit anything directly in the app
- No Consent Needed: We never see your data, so no consent required
Children's Privacy
VitalOS is designed for users 13 and older. Since we don't collect personal information or have user accounts, we
cannot verify ages. Parents should supervise their children's app usage.
International Users
Your data stays on your device regardless of your location. The only international transfer is the anonymous device
ID to our US-based servers for subscription verification. No personal or health data ever leaves your device's
country.
GDPR, CCPA, and Privacy Laws
We are compliant with privacy regulations by design:
- We don't collect personal data covered by GDPR
- We can't sell data we don't have (CCPA)
- No cross-border data transfers of personal information
- No data retention issues - your device manages retention
Changes to This Policy
If we change how the app works, we'll update this policy. Since we can't email you (we don't have your email),
updates will be shown in the app. The architecture preventing data collection cannot be changed without rebuilding
the entire system.
The Bottom Line
Other health apps say they respect your privacy while uploading your data to their servers. VitalOS is different: we
built the app so that your health data CAN'T leave your device. Your nutrition logs, weight tracking, and health
goals are yours alone. We measure our success by helping you get healthier, not by harvesting your data.
Revision History
- September 20, 2025: Updated contact emails to vitalos.app domain
- September 1, 2025: Initial privacy policy created