Privacy Policy

Last Updated: February 3, 2026 | Version: 1.0

SECTION I – General Provisions

This Privacy Policy describes how Vitarego (“we”, “our”, or “us”), registration number 030187, located in Riga, Latvia, collects, uses, stores, and protects your personal data when you use the Vitarego Health mobile application (“App”) and related services.

We are committed to protecting your privacy and handling your health data with the highest standards of security, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Latvian data protection laws.

Data Controller: Vitarego, Riga, Latvia
Contact: privacy@vitarego.app

SECTION II – Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Health Data: Personal data related to physical or mental health, including lab results, vital signs, symptoms, medications, and medical conditions.
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
  • Data Subject: The individual whose personal data is being processed (you, the user).
  • Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing.

SECTION III – Principles of Data Processing

We process your data in accordance with GDPR principles:

  • Lawfulness, fairness, transparency: We process data only with valid legal basis and inform you clearly about how your data is used.
  • Purpose limitation: Data is collected for specific, explicit, and legitimate purposes.
  • Data minimization: We collect only what is necessary for the stated purposes.
  • Accuracy: We take reasonable steps to ensure data is accurate and up to date.
  • Storage limitation: Data is kept only as long as necessary.
  • Integrity and confidentiality: We implement appropriate security measures.

SECTION IV – What Data We Collect

Account Data

  • Email address, name (optional)
  • Authentication credentials (hashed passwords, OAuth tokens)
  • Device identifiers for security

Health Data (with your explicit consent)

  • Lab test results and biomarker values
  • Vital signs (blood pressure, heart rate, weight, sleep, steps)
  • Medications and supplements
  • Symptoms and conditions
  • Medical inspections and checkups
  • Health profile (age, gender, allergies, risk factors)

Usage Data

  • App interactions and feature usage (anonymized)
  • Device type, OS version, app version
  • Push notification tokens

SECTION V – How We Use Your Data

  • Providing health tracking and analysis features
  • Generating personalized health insights and recommendations
  • AI-powered lab result analysis and health scoring
  • Medication reminders and adherence tracking
  • Syncing with Apple Health and Health Connect
  • Account management and customer support
  • Improving our services (using anonymized, aggregated data)

SECTION VI – Data Sharing and Disclosure

We do not sell your personal data. We share data only in these limited circumstances:

  • AI Processing: Health data may be sent to AI providers (Google Gemini, Anthropic Claude) for analysis. Data is sent without your name or email.
  • Cloud Infrastructure: Data is stored on secure servers (Hetzner, Germany) within the EU.
  • Legal Requirements: When required by applicable law or court order.
  • With Your Consent: When you explicitly choose to export or share your health data.

SECTION VII – Data Retention

  • Active Account: Data is retained for the duration of your account.
  • Account Deletion: All personal and health data is permanently deleted within 30 days of deletion request.
  • Inactive Accounts: Accounts inactive for 24+ months may be flagged for deletion with prior notification.
  • Legal Obligations: Some data may be retained longer if required by law.

SECTION VIII – Your Rights Under GDPR

As a data subject, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“right to be forgotten”).
  • Restriction: Request limitation of processing.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time.

To exercise your rights: privacy@vitarego.app

You may also lodge a complaint with the Latvian Data State Inspectorate (www.dvi.gov.lv).

SECTION IX – Security Measures

  • All data encrypted in transit (TLS 1.2+) and at rest
  • Auth tokens in hardware-backed secure storage (Keychain/Keystore)
  • Local app data encrypted with 256-bit AES
  • JWT authentication with device binding
  • Rate limiting and input sanitization on all API endpoints
  • Regular security audits and dependency updates

SECTION X – Children’s Privacy

Vitarego is not intended for individuals under 16. We do not knowingly collect data from children under 16. If we discover such data, it will be deleted promptly.

SECTION XI – Medical Disclaimer

Vitarego is a health tracking tool. It is not a medical device and does not provide medical diagnoses or replace professional medical advice. Always consult a qualified healthcare provider.

SECTION XII – Changes to This Policy

We may update this policy. Significant changes will be communicated through the App or via email. Continued use constitutes acceptance.

SECTION XIII – Contact Us

Privacy: privacy@vitarego.app
Support: support@vitarego.app
Company: Vitarego, Riga, Latvia, Reg. 030187