Vitality AI
VitalityAI

VITALITY AI – PRIVACY POLICY

Healthcare App

Effective Date: September 7, 2025
Date of Last Update: September 7, 2025

Vitality AI, LLC, a limited liability company organized under the laws of the State of Delaware, operates the website www.vitalityaihealth.com and a web-based platform (MVP) and other web and mobile applications (hereinafter collectively referred to as the “Platform”). The Platform currently operates as a business-to-consumer (B2C) application and may, in the future, engage in business-to-business (B2B) partnerships, including but not limited to collaborations with wellness providers and insurers.

Vitality AI, LLC is dedicated to protecting the privacy and security of Users’ Personal Data. This Privacy Policy sets forth how Personal Data provided on the Platform is collected, gathered, stored and used by Vitality AI, LLC. In addition, this Privacy Policy outlines the rights granted to Users in connection with their Personal Data.

DEFINITIONS

Any capitalized terms defined in this Privacy Policy shall have the meaning assigned to them in the Terms of Service applicable to the Platform, as published on the Platform.

  • “AI Coaching” shall refer to personalized recommendations, insights and feedback generated by AI Models in response to Users’ health data.
  • “AI Models” shall refer to the proprietary Artificial Intelligence (AI) models and tools used by Vitality AI for purposes of providing the Services.
  • “Non-Personal Data” shall refer to information that cannot be used to personally identify an individual person. Non-Personal Data may include anonymous usage data, demographic information, preferences selected and preferences generated based on data submitted and previous behavior.
  • “Personal Data” shall refer to personal and health data provided by or shared by Users on the Platform.
  • “Privacy Policy” shall refer to the latest version of Vitality AI’s Privacy Policy, as published on the Platform, and shall include updates and amendments made thereto from time to time.
  • “Services” shall refer to the aggregation of data generated from wearable devices and medical or health records, and the provision of AI Coaching based on such analysis.
  • “Terms of Service” shall refer to the latest version of Vitality AI’s Terms of Service, as published on the Platform.
  • “Third Party Services” shall refer to third-party websites, applications, services and resources that are referenced, integrated or otherwise linked on the Platform.
  • “User Account” shall refer to the individual user account created by a User on the Platform.
  • “Users” shall refer to users of the Platform collectively, and “User” shall refer to any one individual user of the Platform.
  • “Vitality AI” shall refer to Vitality AI, LLC, the limited liability Delaware company that manages and operates the Platform.

APPLICATION OF THIS PRIVACY POLICY

Upon accessing and using the Platform, Users agree to be bound by and subject to this Privacy Policy. By providing Personal Data on the Platform, Users understand and agree that Vitality AI shall collect, use, store, disclose and maintain such Personal Data in accordance with the terms of this Privacy Policy.

Users further agree that Vitality AI may send marketing emails and materials pursuant to the terms of this Privacy Policy.

This Privacy Policy explains how Vitality AI handles and treats Personal Data gathered from the Platform. This Privacy Policy shall apply only to the Platform, and not to any third-party websites, sites or applications.

LEGAL FRAMEWORK

The present Privacy Policy has been prepared based upon privacy and data protection laws applicable in the United States and Canada, including, without limitation, the Children's Online Privacy Protection Act (COPPA). This Privacy Policy also considers the applicable data protection and privacy laws in the United Kingdom, including, without limitation, the General Data Protection Regulation (Regulation (EU) 2016/679).

This Privacy Policy shall apply solely to Personal Data and Non-Personal Data submitted and collected in connection with the Platform, unless otherwise indicated.

The processing of Personal Data based in Canada shall be in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). Vitality AI shall process Personal Data of Users based in the United States in compliance with applicable laws, including, where applicable, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Users based in the European Union and the European Economic Area shall be subject to the protections granted by the GDPR.

COLLECTION OF PERSONAL DATA

Vitality AI may collect both Non-Personal Data and Personal Data from Users. Personal Data consists of information that can be used to personally identify a User, such as the User’s name, email address, and IP address, health information, and other sensitive information, without limitation.

Voluntarily Provided Personal Data

Vitality AI shall collect Personal Data that Users voluntarily provide on or in connection with the Platform.

Users may provide Personal Data to Vitality AI when creating a User Account on the Platform. Accordingly, Users shall specify the following information, which is mandatory for User Account setup:

  • full name;
  • email address;
  • date of birth; and
  • gender.

User Accounts require login credentials, namely the email address and password.

Additional details are optional to provide as part of a User Account.

It shall be optional for Users to provide the following Personal Data as part of their User Accounts:

  • Health and medical data, including but not limited to heart rate, blood pressure, lab results, medications and symptoms;
  • Wearable data, including but not limited to sleep quality, exercise, nutrition, step count, and other metrics obtained from devices, such as Fitbit, Garmin and WHOOP;
  • AI Coaching data, including but not limited to chat inputs, wellness reports, emotional assessments, and feedback generated by the AI Models.

By submitting Personal Data on the Platform, Users:

  • agree to the collection, use, and processing of their information in compliance with this Privacy Policy and Terms of Service, and
  • consent to the verification and storage of their personal details for (a) identity verification, (b) the provision of the Services, and (c) any other purposes outlined in the Platform's Terms of Service.

COLLECTION OF NON-PERSONAL DATA

Vitality AI may obtain Non-Personal Data regarding Users, such as the type of browser used, the device used, and the date and time at which Users used the Platform. This Non-Personal Data does not allow Users to be identified.

Vitality AI may, periodically, conduct surveys in connection with the Platform. Participation in surveys shall be voluntary and information provided as part of the survey shall remain anonymous and not allow for identification.

USAGE OF PERSONAL DATA

Users acknowledge and agree that Vitality AI shall use Personal Data to fulfill the purpose for which it was collected. Vitality AI may use Personal Data to personalize Users’ experience and improve the Platform. Vitality AI’s usage thereof shall be based on this Privacy Policy.

Consent, Communication and Support

Vitality AI may use Personal Data to fulfill the purpose for which the Users provided the same. As such, Vitality AI may use Users’ Personal Data to respond to their questions, support requests and other inquiries with respect to the Platform.

Accordingly, Vitality AI may use Users’ Personal Data to satisfy their requests in the manner and as authorized by such Users.

Vitality AI may use Users’ Personal Data to communicate with them regarding the Platform, any applicable updates, modifications and other matters in connection with the Platform.

Marketing and Promotional Purposes

Vitality AI may use Personal Data, particularly Users’ email addresses, to send marketing materials, a newsletter and other promotional communications. Users shall have the option of unsubscribing from Vitality AI’s marketing newsletter or promotional communications by clicking the unsubscribe link in the email or emailing Vitality AI directly to opt out.

Service Provision and Account Management

Vitality AI may use Personal Data for purposes of account management and to deliver the Services offered on the Platform. As such, Personal Data may be used for purposes of registering and managing User Accounts.

Personal Data may also be used for purposes of providing Services and AI Coaching on the Platform to the requesting Users.

Legal Purposes

Vitality AI’s use of Users’ Personal Data shall be limited to the extent required by Vitality AI’s legitimate business interests, and in accordance with the requirements set forth by applicable data privacy laws. Accordingly, Vitality AI may disclose Users’ Personal Data if required to do so by law. Users’ Personal Data may be used to comply with a binding court order, legal obligation or applicable legislation.

Further, Vitality AI may use Users’ Personal Data if Vitality AI finds that such Users violated or attempted to violate any of Vitality AI’s policies in effect, including but not limited to the Terms of Service.

In compliance with applicable legislation, Vitality AI shall not use Personal Data for purposes beyond those specified in this Privacy Policy, unless Users provided their prior written consent or with prior written notice.

Improvements and Efficiency

Vitality AI may use Non-Personal Data to improve the Platform and provide customized experiences. Vitality AI may also aggregate Non-Personal Data to establish patterns of usage with respect to the Platform to monitor usage information.

Vitality AI may analyze and interpret data to improve the Platform’s functionality, User experience and efficiency.

Vitality AI may also use information gathered from surveys and reviews to identify User needs and improve the Platform.

Analytical and Statistical Purposes

Vitality AI may use Non-Personal Data for analytical and statistical purposes, and more particularly, to:

  • analyze performance data and statistics relating to Users;
  • assess the effectiveness of the Platform, its features, the Services and other relevant data;
  • improve the Services;
  • refine the AI Coaching;
  • perform research and development in compliance with HIPAA and privacy laws, where applicable; and
  • determine aggregated health trends.

Vitality AI may also use such Non-Personal Data to assist with optimizing the Platform by understanding how Users interact with the Platform.

To mitigate privacy risks and safeguard security, Personal Data shall be de-identified or aggregated before being used for statistical purposes.

Third Party Providers

Vitality AI shall not sell, trade, rent or otherwise share Personal Data with third parties except with Users’ prior consent. Notwithstanding the foregoing, Vitality AI may share Personal Data with third-party providers who perform services for Vitality AI in connection with the Platform. The vendors and third-party providers Vitality AI uses shall only collect, use and disclose Personal Data to the extent necessary to allow them to perform the services they provide in connection with the Platform.

Vitality AI reserves the right to share Personal and Non-Personal Data with authorized third-party providers and processors, including, without limitation, OpenAI, Stripe, and Google OAuth for the following purposes;

  • Facilitating AI Models inference;
  • Payment processing;
  • Providing authentication services; and
  • Enabling integrations with device application programming interfaces (APIs), such as Fitbit and Garmin.

All third parties who receive Personal and Non-Personal Data from Vitality AI shall be bound by strict confidentiality obligations no less stringent than those set forth in this Privacy Policy and subject to an agreement in place with Vitality AI. All such third parties shall use such data solely on a need-to-know basis and exclusively for the purposes of performing the services on behalf of Vitality AI. All third parties who receive Personal and Non-Personal Data from Vitality AI shall be required to comply with applicable laws and regulations, including HIPAA and GDPR.

PROTECTION OF PERSONAL DATA

Vitality AI has implemented safeguarding measures to protect Personal Data against unauthorized access and disclosure, damages or other breaches. Security audits shall be conducted on a regular basis to ensure data safety.

Personal Data shall be stored in Vitality AI’s secure servers and secure third-party servers. To safeguard Personal Data, Vitality AI utilizes the following encryption: AES-256 for storage and TLS for transmission.

Vitality AI has established access controls, ensuring that only authorized personnel may access Personal Data. To maintain privacy and comply with applicable laws and regulations, Vitality AI shall engage in audit logging, whereby access to Personal Data is logged and subject to review.

While these safeguarding and protective methods comply with industry best practices, these measures do not guarantee that Personal Data shall not be unlawfully accessed, disclosed, altered or destroyed. Unfortunately, the transmission of Personal Data over the Internet is never fully secure.

USER RIGHTS

Right to be Informed

Users shall have the right to be informed of Vitality AI’s collection and usage of their Personal Data, namely Users’ names, email addresses, health data, wearable data, and User Account details.

Right to Rectification

If Users find or believe that the Personal Data contained in their User Accounts is erroneous or false, Users may request the rectification or correction of the information. If Users determine that the Personal Data Vitality AI holds is incomplete or erroneous, Users may request additions or supplements to such information. All correction requests shall be transmitted to Vitality AI by email.

Users may also make the necessary corrections directly through their User Accounts.

Right to be Forgotten

Users may delete their User Accounts on the Platform at any time. Users may proceed with the deletion of their User Accounts via the Platform’s settings or by emailing Vitality AI’s support team.

The deletion shall result in the removal of User Account data and health records from Vitality AI’s systems.

Notwithstanding the foregoing, even following the deletion of their User Accounts, certain Personal Data may remain retained by Vitality AI subject to the terms of this Privacy Policy. Vitality AI’s retention of Users’ Personal Data following the deletion of their User Accounts may be necessary to fulfill legal, regulatory, or contractual obligations, including but not limited to, compliance with financial regulations, regulatory matters, tax purposes and dispute resolution. However, such Personal Data shall be anonymized if so retained following the User Account deletion.

Exercise of Rights

To exercise any rights granted by this Privacy Policy or applicable laws, Users shall send Vitality AI’s support team a request by email. For the request to be valid, it must clearly identify the User, allowing for the validation of the User’s identity. The request must also include supporting details.

All requests shall be handled based on the timeframes set by applicable data privacy laws and regulations. Vitality AI shall promptly fulfill all valid requests. Vitality AI may process Personal Data to validate Users’ identity and satisfy the request. Vitality AI reserves the right to refuse to fulfill a request if it is unfounded or does not comply with the terms of this Privacy Policy.

PERSONAL DATA OF CHILDREN

The Platform is not intended for Users who are under the age of eighteen (18). Vitality AI does not knowingly target children or collect Personal Data from children. Minor Users may only use the Platform with the consent of their parent or legal guardian and solely under the supervision of their parent or legal guardian.

If Vitality AI learns that a child under the age of eighteen (18) has provided Personal Data on the Platform, Vitality AI shall delete the child’s Personal Data as soon as reasonably possible. If Users have reason to believe a child provided Personal Data on the Platform, such Users are invited to notify Vitality AI by sending an email or a written notice on the Platform.

RETENTION AND STORAGE OF PERSONAL DATA

Vitality AI shall maintain and store Users’ Personal Data for the duration during which the Users have an active Account, or for the duration required by Vitality AI to provide the Services, as applicable. As such, Vitality AI shall retain Users’ Personal Data until the Users’ User Accounts become dormant.

Vitality AI shall retain Personal Data on secure third-party cloud servers. All Personal Data shall be encrypted both in transit and at rest. After a reasonable time, the Personal Data shall either be securely deleted or anonymized, in compliance with applicable laws and Vitality AI’s data retention policies.

Vitality AI may retain Users’ Personal Data for a longer period to comply with legal and financial obligations. In addition, Vitality AI may hold Personal Data in Vitality AI’s servers for payment purposes until all funds owed have been paid or to resolve disputes.

Once a User Account is deleted, the Personal Data shall be retained for a limited period for backup and security purposes. After which, the Personal Data shall be anonymized or destroyed.

Further, Vitality AI reserves the right to store and maintain Personal Data on file for a longer duration if permitted by applicable laws and regulations. Once Vitality AI has de-identified or aggregated the data, such data may be retained indefinitely, for analytical and research purposes.

DESTRUCTION OF PERSONAL DATA

Vitality AI may destroy or anonymize Personal Data after the retention period, or sooner if the Personal Data is no longer required for the purposes for which it was collected. Personal Data shall be securely deleted or irreversibly anonymized once the applicable retention period has expired or the data is no longer required. Individual notices of data destruction are not routinely provided to Users, unless such notification is expressly required under applicable law.

LINKS TO THIRD PARTY WEBSITES AND APPLICATIONS

This Privacy Policy shall apply solely to the Platform and Personal and Non-Personal Data collected from the Platform and in connection therewith. This Privacy Policy shall not apply to Third Party Services. Any links or references to Third Party Services on the Platform are provided for reference or convenience purposes.

Any Personal Data submitted via a Third Party Service shall be governed by the Third Party Services’ privacy policy, and not by the present Privacy Policy. Users are encouraged to thoroughly review the Third Party Services’ privacy practices. Vitality AI shall not be responsible for the use and collection of Users’ Personal Data by Third Party Services. The submission of Users’ Personal Data to such Third Party Services shall be at Users’ risk.

GENERAL DATA PROTECTION REGULATION (GDPR)

Residents of the European Union (EU) and the European Economic Area (EEA) benefit from the protections provided in the GDPR. The GDPR governs the collection, usage and transfer of Personal Data. The GDPR grants its data subjects additional rights regarding the use, collection and handling of their Personal Data.

To exercise any of the rights granted to Users under this Privacy Policy or by applicable laws, Users may send Vitality AI a written request by email. For the request to be valid, it must identify the User in a clear manner, thereby allowing Vitality AI to validate the User’s identity. Additionally, the request must specify the Personal Data requested and the reason for such request. Vitality AI shall fulfill all valid requests.

COOKIE POLICY

The Platform reserves the right to use cookies, which may consist of essential, functional, performance, and/or analytical cookies. Vitality AI uses cookies primarily for session management purposes and to optimize user experiences on the Platform.

Non-Personal Data Obtained Through Cookies

Vitality AI may obtain Non-Personal Data through cookies or small text files, which may include an anonymous unique identifier. Cookies may be sent to Users’ browsers from Vitality AI’s servers, where they are stored on Users’ hard drives or devices.

Cookies enable Vitality AI to collect Non-Personal Data about Users, allowing Vitality AI to remember the User’s preferences, both on an individual and aggregate basis.

Essential Cookies

Essential cookies help ensure the proper functioning of the Platform. Essential cookies allow Users to access certain secure sections of the Platform, where applicable. It is possible to remove or disable essential cookies, however, the disabling or removal thereof may result in certain portions of the Platform being inaccessible.

Functional Cookies

Functional cookies are designed to recall User preferences and settings. These cookies recognize Users’ devices, remembering User preferences, such as location and language. Functional cookies retain information to facilitate Users’ subsequent access and usage of the Platform.

Performance Cookies

Performance cookies, also known as analytical cookies, collect information regarding the Platform’s visitors, the use of the Platform by Users, the time spent by each User on a webpage, the pages viewed and other information regarding the usage of the Platform.

Removing or Disabling Cookies

Users may remove or disable cookies by activating certain browser settings, adjusting cookie settings or turning off cookies. Certain browser software may allow for the acceptance or rejection of cookies on a particular Platform.

Users acknowledge that certain parts of the Platform may be unavailable or inaccessible if cookies are disabled or removed. Moreover, the Platform may not function optimally if cookies are disabled or otherwise removed.

BREACH NOTIFICATION

In the event of a data breach involving Personal Data, Vitality AI shall comply with all applicable breach notification obligations, such as providing timely notice to affected Users without undue delay and, where possible, no more than seventy-two (72) hours after becoming aware of the breach, in accordance with the GDPR, and within sixty (60) days in accordance with HIPAA and, where required, to relevant regulatory authorities within the timeframes mandated by applicable laws and regulations. Notifications shall include, to the extent required, information regarding the nature of the breach, the steps taken to mitigate potential harm, and protective measures.

UPDATES TO THIS PRIVACY POLICY

Vitality AI may update this Privacy Policy, at any time, at Vitality AI’s convenience or for compliance purposes if any laws or industry standards change. If Vitality AI were to update this Privacy Policy, the updated Privacy Policy shall be published on the Platform.

Any updates to this Privacy Policy shall be effective as of the date indicated in the header of this Privacy Policy. As Vitality AI may not notify Users of certain changes to this Privacy Policy, it is the responsibility of Users to review this Privacy Policy periodically to remain aware of the latest version.

Any use of the Platform by Users following the publication of the updated Privacy Policy signifies agreement with the updated Privacy Policy. If Users do not agree with any updates made to this Privacy Policy, Users’ sole and exclusive recourse shall be to cease using the Platform.

QUESTIONS AND COMMENTS

If Users have any questions regarding this Privacy Policy, or wish to withdraw consent for the continued collection, use or disclosure of their Personal Data, Users are invited to contact Vitality AI in writing. Any requests in connection with the present Privacy Policy should be sent to Vitality AI by email to support@vitalityaihealth.com.