Consumer Health Data Privacy Policy
This Consumer Health Data Privacy Policy is provided in compliance with the Washington My Health My Data Act (RCW 19.373), Nevada Senate Bill 370, and similar state consumer health data privacy laws. This policy applies to Consumer Health Data as defined by applicable law.
This is a separate policy from our general Privacy Policy. For comprehensive information about all of our data practices, please see our Privacy Policy.
- Categories of Consumer Health Data We Collect
- Purposes for Which Consumer Health Data Is Collected and Used
- Sources of Consumer Health Data
- Categories of Consumer Health Data Shared
- Third Parties and Affiliates with Whom Consumer Health Data Is Shared
- Your Rights
- How to Exercise Your Rights
- Geofencing and Workout Location Tracking
- Contact Us
1. Categories of Consumer Health Data We Collect
We collect the following categories of Consumer Health Data:
Individual Health Conditions, Treatment, and Diagnosis
- Health conditions and diagnoses you report during onboarding or through the Service (e.g., diabetes, hypertension, thyroid disorders)
- Treatment information you provide, including medications, supplements, dosages, and adherence records
Clinical and Laboratory Data
- Laboratory blood work results and biomarker values you upload to the Service
- Biomarker names, values, units, reference ranges, and laboratory identifiers contained in uploaded reports
- Provider documents you upload (clinical notes, medical records)
Medication and Supplement Data
- Prescription medication names, dosages, frequencies, schedules, and supply levels
- Over-the-counter medication and supplement names, dosages, and protocols
- Drug interaction analysis results
- Medication photos uploaded for AI identification
Biometric and Physiological Data
- Heart rate and heart rate variability from connected wearable devices
- Sleep duration and sleep stage data from connected wearable devices
- Step count and physical activity data from connected wearable devices
- Blood glucose readings from connected wearable devices (where available)
Workout Location Data (optional feature — requires explicit consent)
- Gym location coordinates (latitude/longitude) you register for the Workout Tracking feature
- Geofence configuration (radius around your gym location)
- Workout session records (start time, end time, duration) detected via geofence entry/exit
- Geofencing consent records (consent version, date, platform)
Symptom and Wellness Data
- Journal entries describing symptoms, moods, and health observations
- Voice check-in transcripts (speech-to-text processed on your device; audio is not stored)
- Quick log entries including mood, energy, stress, sleep quality, digestive status, cognitive function, soreness, and fasting status
Health Assessments and Scores
- Date of birth (used for age verification at account creation and as a required input for biological age calculation algorithms, including PhenoAge, the Klemera-Doubal Method, and Homeostatic Dysregulation scoring)
- Biological age calculations derived from your biomarker data
- Health scores and projected health scores
- Correlation insights identifying patterns across your health data
- AI-generated biomarker interpretations and personalized health analysis
- Daily health briefings
Health-Related Inferences
- AI-generated interpretations of your laboratory results
- Patterns and correlations detected across your health data by our AI and algorithmic systems
- Engagement and personalization classifications derived from your use of health features
2. Purposes for Which Consumer Health Data Is Collected and Used
We collect and use your Consumer Health Data for the following purposes:
- To provide the health analytics services you requested: Processing and analyzing your uploaded lab reports, generating biomarker interpretations, calculating biological age and health scores, tracking medications and supplements, syncing wearable health data, generating daily briefings and correlation insights, powering the AI Health Companion, and (if you have enabled and consented to Workout Tracking) detecting workout sessions via geofencing and incorporating workout data into your recovery and health context
- To personalize your experience: Tailoring health insights based on your conditions, medications, history, and prior results; generating contextual follow-up questions about your biomarkers; re-analyzing results when your health context changes
- To ensure safety: Detecting wellness concerns in journal entries to display appropriate crisis and support resources (this is fully automated and handled with strict privacy protections — flagged content is excluded from all AI processing and analytics)
- To improve the Service: Analyzing de-identified, aggregated data to identify emerging health topics and improve our AI systems; quality assurance auditing of AI-generated outputs
- To communicate with you about the Service: Sending report completion notifications, medication reminders, health check-in reminders, daily briefings, and subscription status updates
We do not collect or use your Consumer Health Data for advertising, marketing, or any purpose unrelated to providing and improving the Service.
3. Sources of Consumer Health Data
We collect Consumer Health Data from the following sources:
Directly from you:
- Lab reports and provider documents you upload
- Health conditions, medications, and supplements you enter
- Journal entries and voice check-ins you create
- Quick log entries you submit
- Health questionnaire responses you provide during onboarding and personalization
- Health goals you set
From wearable devices and health platforms you connect (with your consent):
- Apple HealthKit (iOS)
- Google Health Connect (Android)
Generated by our systems based on data you provide:
- AI-generated biomarker interpretations and health insights
- Biological age calculations (algorithmic, based on your biomarker inputs)
- Health scores, trend analyses, and correlation insights
- Journal topic tags and sentiment analysis
- Daily health briefings
4. Categories of Consumer Health Data Shared
We share the following categories of Consumer Health Data with service providers strictly for the purpose of operating the Service:
Laboratory and biomarker data, medication and supplement data, health conditions, wearable health metrics, journal entries (excluding wellness-flagged content), and questionnaire responses — shared with our AI processing provider for the purpose of generating health analysis, interpretations, and companion responses.
All categories of Consumer Health Data listed in Section 1 — stored by our cloud infrastructure provider as part of operating the Service.
Uploaded provider documents — shared with our document processing provider for the purpose of optical character recognition (text extraction).
We do not sell your Consumer Health Data. We do not share your Consumer Health Data for advertising or marketing purposes.
5. Third Parties and Affiliates with Whom Consumer Health Data Is Shared
The following is a complete list of the categories of third parties and specific affiliates that receive Consumer Health Data:
Third-Party Service Providers
| Entity | Category | Purpose | Health Data Received |
|---|---|---|---|
| Anthropic, PBC (via Google Vertex AI) | AI Processing Provider | Biomarker extraction, interpretation, personalization, health companion, journal analysis, medication parsing | Lab report content, health context (medications, conditions, wearable data, journal entries — excluding wellness-flagged content), questionnaire responses |
| Google Cloud Platform / Firebase (Google LLC) | Cloud Infrastructure Provider | Data storage, computing, authentication, analytics, push notifications | All Consumer Health Data (stored encrypted at rest and in transit) |
| Google Document AI (Google LLC) | Document Processing Provider | Optical character recognition of uploaded documents | Uploaded lab reports and provider documents |
Third Parties That Do NOT Receive Consumer Health Data
The following service providers are used by Vital IQ but do not receive Consumer Health Data:
| Entity | Purpose | Data Received |
|---|---|---|
| RevenueCat, Inc. | Subscription management | User identifier and subscription status only |
| Stripe, Inc. | Payment processing | User identifier and payment amounts only |
| SendGrid (Twilio Inc.) | Email delivery | Email address and non-health notification content only |
| Better Stack, Inc. | System uptime monitoring | System status data only — no user data |
| OpenFDA (U.S. FDA) | Drug information lookup | Drug name queries only — no user identifiers |
| Google Places API | Health resource finder | Location and search terms only — no health data |
Affiliates
[ENTITY_NAME], LLC does not currently have any affiliates or subsidiary entities that receive Consumer Health Data.
6. Your Rights
You have the following rights regarding your Consumer Health Data:
6.1 Right to Know
You have the right to confirm whether we are collecting or sharing your Consumer Health Data and to know the specific Consumer Health Data we have collected about you.
How to exercise: Use the data export feature in the app (Settings > Privacy > Export My Data), or contact us at [PRIVACY_EMAIL].
6.2 Right to Access
You have the right to access your Consumer Health Data. Most of your data is viewable directly within the app. You may also request a comprehensive data export.
How to exercise: Use the data export feature in the app, or contact us at [PRIVACY_EMAIL].
6.3 Right to Delete
You have the right to request deletion of your Consumer Health Data. Upon receiving a verified deletion request:
- We will delete your Consumer Health Data within 30 days
- Deletion includes data stored in our primary database, file storage, and backups
- We will direct all third parties and service providers identified in Section 5 to delete your Consumer Health Data from their systems
- We will confirm completion of deletion to you
Certain data may be retained beyond 30 days only where required by applicable law (such as financial transaction records required for tax compliance).
How to exercise: Use the account deletion feature in the app (Settings > Privacy > Delete My Account), or contact us at [PRIVACY_EMAIL].
6.4 Right to Withdraw Consent
You have the right to withdraw your consent for the collection and/or sharing of your Consumer Health Data at any time.
- Withdrawing collection consent will stop the collection of new Consumer Health Data but will not automatically delete previously collected data. You may exercise your deletion right separately.
- Withdrawing sharing consent will stop the sharing of your Consumer Health Data with AI processing providers, which means features such as lab report interpretation, AI Health Companion, and daily briefings will cease to function.
Withdrawal of consent does not affect the lawfulness of any processing that occurred before your withdrawal.
How to exercise: Manage your consents in the app (Settings > Privacy > Manage Consents), or contact us at [PRIVACY_EMAIL].
6.5 Right to a List of Third Parties
You have the right to receive a list of all third parties and affiliates with whom we have shared your Consumer Health Data. The current list is provided in Section 5 above and will be updated whenever there are changes. You may also request this list directly.
How to exercise: Contact us at [PRIVACY_EMAIL].
6.6 Right to Appeal
If we deny your request to exercise any of the rights described above, you have the right to appeal our decision. We will respond to your appeal within 30 days.
How to appeal: Contact us at [PRIVACY_EMAIL] with the subject line "Privacy Rights Appeal."
7. How to Exercise Your Rights
You may exercise any of the rights described in Section 6 by:
- In-app: Settings > Privacy (for data export, deletion, and consent management)
- Email: [PRIVACY_EMAIL]
- Mail: [ENTITY_NAME], LLC, Attn: Privacy Officer, [ADDRESS_LINE_1], [CITY], Florida [ZIP]
Verification: We will verify your identity before processing any request. For requests submitted by email or mail, we may ask you to confirm information associated with your account. We will not require you to create a new account to exercise your rights.
Response time: We will acknowledge your request within 5 business days and complete your request within 30 days. If we require additional time (up to 45 additional days for complex requests), we will notify you of the extension and the reason.
No charge: We will not charge you a fee to exercise your rights.
No discrimination: We will not discriminate against you for exercising your rights. You will not receive different pricing, a different quality of service, or a different level of service.
8. Geofencing and Workout Location Tracking
8.1 How We Use Geofencing
Vital IQ offers an optional Workout Tracking feature that uses geofencing (GPS-based virtual boundaries) to automatically detect when you arrive at and leave a gym you have registered in the app. This allows the app to automatically log workout sessions for use in your recovery and health context without requiring manual entry.
This feature is entirely optional, requires your explicit consent before any location data is used, and can be disabled at any time.
8.2 What We Do NOT Use Geofencing For
We do not use geofencing technology:
- Within 2,000 feet (or any distance) of any mental health facility, reproductive health facility, substance abuse treatment facility, or any other healthcare facility for the purpose of identifying or tracking consumers, collecting Consumer Health Data, or sending notifications, alerts, or advertisements related to Consumer Health Data
- To infer health conditions, diagnoses, or treatment information from your location
- To share your location data with third parties for advertising, marketing, or profiling purposes
- To build location histories beyond what is necessary to detect gym arrivals and departures
8.3 What Location Data Is Collected and Retained
When you register a gym for Workout Tracking:
- We collect and store the latitude and longitude coordinates of your gym location (which you provide or confirm at registration)
- We store a geofence radius (the virtual boundary size you set)
- When a workout session is detected, we store the session start time, end time, and duration — not a continuous record of your GPS coordinates
- Geofence entry and exit events are logged for compliance and consent audit purposes, using server-side timestamps
Location data is processed on your device; continuous GPS coordinates are not transmitted to or stored on our servers.
8.4 Consent and Control
Before enabling the Workout Tracking feature, you will:
- Review a clear explanation of what the feature does and what location data is collected
- Grant explicit consent through a dedicated consent screen
- Separately grant location permission to the app at the iOS or Android system level
You may withdraw consent and disable the feature at any time through Settings. Withdrawing consent will immediately stop all geofence monitoring. You may also delete individual gym locations, which removes the associated geofence.
A record of your consent grant (including version, date, and platform) is maintained for compliance purposes and cannot be deleted separately from your account.
8.5 Geographic Availability
The Workout Tracking feature is subject to geographic restrictions based on applicable state law. States where geofencing-based consumer health data collection is restricted or requires additional legal compliance may have the feature restricted or unavailable.
If you move to a restricted state, the feature will be disabled and no new workout sessions will be tracked. Previously recorded workout data will remain accessible.
8.6 Deletion
If you request deletion of your account data, all workout location records (gym coordinates, geofence configurations) and workout session records will be deleted within 30 days, consistent with our deletion obligations under Section 6.3. Consent log records may be retained for the minimum period required by applicable law for compliance audit purposes.
9. Contact Us
If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact us:
[ENTITY_NAME], LLC
Attn: Privacy Officer
[ADDRESS_LINE_1]
[CITY], Florida [ZIP]
Email: [PRIVACY_EMAIL]
This Consumer Health Data Privacy Policy is maintained as a standalone document as required by applicable law. For comprehensive information about all of our data practices, please see our Privacy Policy. Our complete legal documentation also includes our Terms of Service, Medical Disclaimer, HIPAA Notice of Privacy Practices, and Cookie Policy.