Privacy Policy

Effective: 1 January 2026  ·  Version 1.0  ·  Vitantra · vitantra.ai

Vitantra is built on a foundation of trust. Your health data is personal, sensitive, and yours. This Privacy Policy explains exactly what we collect, why we collect it, and how you can control it — clearly and completely.

1. Who We Are

Vitantra (“we”, “us”, “our”) is an AI-powered holistic wellness platform available at vitantra.ai. We are the data controller responsible for your personal information.

2. What Data We Collect

We collect the following categories of information:

• Account data: Name, email address, date of birth, language preference.
• Health and wellness data: Goals, body measurements, activity level, food preferences, allergens, dietary restrictions.
• Usage data: AI plan interactions, habit completions, streak data, XP and badge achievements, wellness scores.
• Food log data (Advanced and above): Meals logged, macro and nutritional data, barcode scans.
• Device and technical data: Device type, operating system, IP address, browser type.
• Wearable data (Advanced+ and Premium): Health metrics synced from Apple Health, Android Health Connect, Oura Ring, Whoop, and Hume AI (with your explicit permission).

3. How We Use Your Data

We use your data exclusively to:

• Generate and personalise your daily Workout, Nutrition, Hydration, and Habits plans.
• Power your AI companion and provide contextual, warm guidance.
• Track your progress, streaks, XP, and achievements.
• Deliver push notifications and in-app messages (with your consent).
• Process subscription payments securely via Stripe.
• Improve Vitantra’s AI models and product features (using anonymised, aggregated data only).
• Comply with our legal obligations.

We never use your data for advertising, never sell your data to third parties, and never use your personal health data to train external AI models without your explicit consent.

4. Legal Basis for Processing

We process your data under the following legal bases (GDPR Article 6 and Article 9):

• Contract performance: Processing necessary to deliver the Vitantra service you subscribe to.
• Legitimate interests: Improving platform reliability, detecting fraud, and ensuring security.
• Explicit consent: For health data (a special category under GDPR), wearable integrations, and marketing communications — always opt-in, always revocable.
• Legal obligation: Where we are required to retain or share data by law.

5. Data Sharing

We share your data only with:

• Stripe: For secure payment processing. Stripe is PCI-DSS Level 1 certified.
• Cloud infrastructure providers: For hosting and data storage (AWS/Supabase), under data processing agreements.
• Wearable platforms: Apple Health, Google Health Connect, Oura, Whoop, and Hume AI — only with your explicit permission, and only the data you choose to sync.
• Legal authorities: Where required by applicable law.

We never share your data with advertisers, data brokers, or any third party for commercial purposes.

6. Data Retention

We retain your account and health data for as long as your account is active. If you delete your account or submit a deletion request, we remove your personal data within 30 days from all production systems and within 90 days from backup systems. Aggregated, anonymised usage data may be retained indefinitely as it cannot identify you.

7. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”) — available on all tiers, including free, at any time.
• Restrict how we process your data in certain circumstances.
• Data portability — receive your data in a machine-readable format.
• Object to processing based on legitimate interests.
• Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact privacy@vitantra.ai or use the Data Settings within the app. We respond to all requests within 30 days.

8. Children’s Privacy

Vitantra is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with their data, please contact us immediately and we will delete it promptly.

9. Security

We employ industry-standard security measures including data encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, regular security audits, and breach notification procedures compliant with GDPR Article 33.

10. Changes to This Policy

We will notify you of material changes to this Privacy Policy by email (for registered users) and by posting a prominent notice on vitantra.ai at least 30 days before the change takes effect. Your continued use of Vitantra after that date constitutes acceptance of the updated policy.

Contact & Questions

For any questions about this document, please contact us at legal@vitantra.ai or visit our Contact page. We respond to all enquiries within 5 business days.