Privacy Policy

Vivytal ("we", "us", "our") operates vivytal.com. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

We collect the following information:

• Account information: first name, last name, email address, and a hashed PIN for authentication
• Health data: health metrics you enter (e.g., blood pressure, cholesterol, glucose, weight) and profile information (gender, date of birth, height)
• AI-generated content: nutrition plans, exercise recommendations, and health summaries generated based on your data
• Payment information: processed securely by Stripe. We store only your Stripe customer ID — we never store credit card numbers
• Usage data: login timestamps and AI feature usage counts

2. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Generate personalized AI health recommendations
• Process payments for Pro subscriptions
• Send transactional emails (verification codes, PIN resets)
• Improve the Service

3. Data Security

We take the security of your health data seriously:

• All health record values are encrypted at rest using AES-256-CBC encryption
• PINs are stored as one-way hashes and cannot be recovered
• All data is transmitted over HTTPS
• Payment processing is handled entirely by Stripe, a PCI-compliant provider

4. Data Sharing

We do not sell, rent, or share your personal health data with third parties. We share limited data only with:

• OpenAI: anonymized health metrics are sent to generate AI recommendations. No personally identifiable information (name, email) is included in AI requests
• Stripe: email and customer ID for payment processing
• Resend: email address for transactional emails only

5. Data Retention

Your data is retained as long as your account is active. If you request account deletion, we will permanently delete all your data, including health records, AI-generated content, and account information within 30 days.

6. Your Rights

You have the right to:

• Access all health data stored in your account
• Correct inaccurate data through the Records and Settings pages
• Delete individual records or request full account deletion
• Cancel your subscription at any time

7. Cookies

We use a single session cookie (health_sess) for authentication. We also store your theme preference (light/dark mode) in your browser's local storage. We do not use tracking cookies or third-party analytics.

8. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page.

10. Contact

Questions about this Privacy Policy? Contact us at support@vivytal.com.