Privacy Policy

Last updated: May 2026

1. Introduction

VitalStack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services.

2. Information We Collect

Personal Information

  • Name and email address
  • Date of birth and biological sex
  • Physical measurements (height, weight, body composition)
  • Health and fitness data (vitals, lab results, bloodwork panels)
  • Workout and nutrition logs
  • Supplement and medication information
  • Medical history, allergies, and injury records you choose to enter
  • Training goals and performance preferences

Usage Data

  • App usage patterns and preferences
  • Device information and identifiers
  • IP address and browser type

Pro Analysis Data

  • Queries you submit to Pro Analysis features
  • AI-generated responses and recommendations
  • Health and performance context used to personalise AI responses (see §7 for the full list)

3. How We Use Your Information

  • Provide personalised recommendations and Pro Analysis health insights
  • Generate AI analysis of your bloodwork, nutrition, training, and vitals
  • Track and analyse your fitness progress
  • Send notifications and reminders
  • Improve our services and user experience
  • Process payments and manage subscriptions
  • Communicate with you about updates and features

4. Data Security

We implement industry-standard security measures to protect your data, including:

  • End-to-end encryption for data transmission (TLS 1.3)
  • Encrypted data storage (AES-256) for sensitive health records
  • Regular security audits and updates
  • Secure authentication mechanisms

5. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

  • Access: Request a copy of your personal data
  • Correction: Request corrections to inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Opt-out of Pro Analysis features: You may decline Pro Analysis data sharing at any time via Settings → Pro analysis. Other features remain fully available.
  • Opt-out of marketing: Unsubscribe from marketing communications at any time

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time through the app settings or by contacting us.

7. Third-Party Services & AI Data Sharing

We use the following third-party services:

  • Stripe: Payment processing
  • PostHog: Anonymised usage analytics
  • OpenRouter / OpenAI: AI coach and Pro Analysis features — see “Pro Analysis Features” section below for full details of what data is sent

Pro Analysis Features — Data Processing

VitalStack sends certain data to a specifically trained proprietary large language model to generate personalised insights. When you use any Pro Analysis feature (Daily Insight, Pro food logging, training plan generation, or bloodwork analysis), the following categories of personal health data may be included:

  • Identity & demographics: First name, age, biological sex, height
  • Body composition: Weight, body-fat percentage
  • Bloodwork & lab panels: Hormone markers (e.g. testosterone, estradiol), metabolic markers (e.g. glucose, HbA1c), lipid panel, CBC, kidney/liver function, and other biomarkers you have entered
  • Vitals: Blood pressure, resting heart rate, heart-rate variability, glucose readings
  • Training data: Workout logs (exercises, sets, reps, weight), cardio logs, training plan and season goals
  • Nutrition data: Recent food logs (meal descriptions, macros), nutrition targets
  • Supplement stack: Active supplements (name, dose, timing)
  • Health history: Medical history, allergies, medications, and injuries you have entered
  • Check-in data: Sleep hours, mood, energy, compliance scores

What is NOT sent: Your email address, account passwords, payment information, and internal database identifiers are never included in AI requests.

Data retention: Your data is not used to train AI models and is not stored beyond the immediate request/response cycle.

Your consent: Pro Analysis features are opt-in. You are asked for explicit permission before any health data is sent for Pro Analysis processing. You may withdraw this consent at any time via Settings → Account → Pro analysis. Withdrawing consent does not affect your access to other features.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

[email protected]

GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR. We process your data based on legitimate interest and consent. You may withdraw consent at any time and lodge complaints with your local data protection authority.