Privacy Policy

Vitalizey ("we", "our", or "us") operates the Vitalizey website and mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

• Account Information: Email address and authentication credentials when you create an account (directly or via Google/Apple Sign-In).
• Health Profile Data: Age group, biological sex, and health goals you voluntarily provide to personalise your experience.
• Supplement Cabinet Data: Products you scan or manually add, including serving amounts and daily intake logs.
• Symptom Tracking Data: Symptoms you select for personalised supplement associations.
• Device Information: Device type, operating system version, and app version for crash reporting and compatibility.
• Waitlist Email: If you join our early-access waitlist, we collect only your email address.

• To provide personalised supplement recommendations and gap analysis based on your health profile and cabinet.
• To display relevant expert protocols matched to your profile.
• To check your daily intake against established upper limits (NIH/IOM data) for safety warnings.
• To improve our services through aggregated, anonymised usage analytics.
• To communicate important updates about the app or your account.

Your data is stored securely on Supabase infrastructure with PostgreSQL databases protected by Row Level Security (RLS). Only you can access your personal data through authenticated API calls.

We use industry-standard encryption (TLS/SSL) for data in transit and encryption at rest for stored data. However, no method of electronic transmission or storage is 100% secure.

• Supabase: Database hosting and authentication (see Supabase Privacy Policy).
• NIH DSLD / UPC Item DB / Open Food Facts: Product barcode lookups — only the barcode number is sent, no personal data.
• Google / Apple Sign-In: If you use social authentication, their respective privacy policies apply to the authentication process.

Depending on your location, you may have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Update or correct inaccurate data via your Profile screen.
• Right to Erasure: Delete your account and all associated data via Profile → Delete Account.
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Opt-Out of Sale: We do not sell your personal data.

To exercise any of these rights, use the in-app account deletion feature or contact us at privacy@vitalizey.com.

We retain your personal data for as long as your account is active. If you delete your account, all personal data (profile, cabinet, symptoms, tracking history) is permanently deleted within 30 days. Anonymised, aggregated data may be retained for analytics purposes.

Our services are not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn we have collected data from a child under 16, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your personal data, please contact us at: privacy@vitalizey.com