Privacy Policy

1. Who We Are

Vitanzo ("we," "our," or "us") is the developer of the Vitanzo iOS application.

Data Controller: Christian Koch, Säntisstraße 43a, 81825 München, Germany. Email: hello@vitanzo.com

For privacy enquiries, contact us at privacy@vitanzo.app.

2. What Data We Collect

2a. Beta registration email

When you register for beta access, you are taken to a Google Form where you may submit your email address. We receive and store the email address you provide there. This is the only personal data we collect through the website.

• Purpose: To notify you when beta access opens and to send you a TestFlight invitation.
• Legal basis (GDPR): Consent. You voluntarily provide your email and agree to these terms.
• Legal basis (CCPA): The provision of a service you have requested.
• Processor used for collection: Google Forms, which is provided by Google. When you open or submit the form, information such as your IP address and any data you enter may be processed by Google under Google's own terms and privacy policy.

2b. Health and profile data — server-side storage

The Vitanzo app reads health and biometric data from Apple Health, Oura Ring, and Whoop (via Apple Health passthrough). Since the migration to server-side storage, the following data is stored on Vitanzo's EU server (IONOS, Germany) for your account:

• User profile — name, birth year, biological sex, health goals
• Medical history survey — conditions, medications, allergies, family history
• App settings
• AI companion memory entries — persistent notes the companion retains between sessions
• AI companion chat history — the full conversation thread with your companion
• Day entries — daily notes, analyses, and completed status
• AI call logs — request metadata used for rate limiting and quality monitoring (no message content)
• Device push tokens — used to deliver notifications to your device

Some of this data (medical history, health profile) is special category health data under GDPR Article 9. See Section 3 for the legal basis and full details of how this data is processed.

When you actively use the AI analysis or companion chat features, a snapshot of your health data is also transmitted to OpenAI for processing. The data forwarded to OpenAI may include:

• Daily notes and journal entries
• Apple HealthKit data: steps, active energy, VO2 max, heart rate, sleep, workouts
• Health profile and medical history (as above)
• Personal and activity baselines
• Body weight
• Companion memory entries

2c. Crash reports and diagnostics (optional)

If you opt in to Apple's standard crash reporting through iOS settings, anonymised crash data may be shared with us via Apple's TestFlight or App Store infrastructure. This does not include any health or biometric data.

2d. Website analytics data

We use Google Analytics on the Vitanzo website to understand aggregate traffic patterns and how visitors use our pages. Google Analytics may process technical information such as your IP address, browser and device information, referral data, and page interactions, and may use cookies or similar technologies to support these measurements.

3. Server-Side Data Storage and AI Processing

3a. Server-side storage — legal basis and consent

The data categories listed in Section 2b are stored on Vitanzo's EU server (IONOS SE, Frankfurt am Main, Germany) to provide the core app experience, including personalised AI analysis, companion chat continuity, and notifications.

Legal basis (GDPR): Article 6(1)(b) (contract performance) for account identifier, authentication, push tokens, app settings, and AI call logs (rate limiting — necessary for the service). Day entries and companion chat history: Art. 6(1)(a) GDPR — you give explicit consent via the in-app consent screen before this data is stored server-side. Article 9(2)(a) (explicit consent for special category health data) for medical history and health profile. Consent for health data is captured in-app via a dedicated consent screen before any health data is processed. You can withdraw consent at any time by deleting your account in the app (Settings → Delete Account).

3b. AI Health Analysis

When you run an AI health analysis, the Vitanzo app sends the data categories listed in Section 2b to Vitanzo's EU server (hosted by IONOS SE in Frankfurt am Main, Germany). The server forwards the request to OpenAI's API and returns the response to your device. Some of this data is health-sensitive personal data under GDPR Article 9.

Legal basis (GDPR): Explicit consent under Article 6(1)(a) and Article 9(2)(a). You give this consent by tapping the confirmation button on the consent screen shown before your first AI analysis. You can withdraw consent at any time by disabling the AI feature in app Settings.

3c. Companion Chat

When you send a message in the companion chat, the message is bundled with relevant health data context (HRV, sleep, resting heart rate, activity data, your daily notes and survey answers, and your medical history profile). This bundle is sent from your device to Vitanzo's EU server, which forwards it to OpenAI and returns the response to your device. Your full conversation history is stored on the server (see Section 2b) so that the companion retains context across sessions.

Legal basis (GDPR): Explicit consent under Article 6(1)(a) and Article 9(2)(a). You give this consent by tapping the confirmation button on the consent screen shown before your first use of the companion chat. You can withdraw consent at any time by disabling the chat feature in app Settings. Withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal.

Your rights over chat data: You can delete your entire account and all associated data at any time via Settings → Delete Account in the app. This fulfils your rights under GDPR Article 17 (erasure). Export is available through the app's data export feature (Article 20, portability).

Vitanzo's EU server and OpenAI

Vitanzo's server is hosted by IONOS SE in Frankfurt am Main, Germany — within the European Economic Area. No third-country transfer occurs between your device and our server.

OpenAI (OpenAI, L.L.C., San Francisco, USA) receives requests forwarded from our server. OpenAI acts as a data processor under GDPR Article 28. The transfer to the USA is covered by OpenAI's API Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR.

Vitanzo as data controller: Vitanzo designs both features and determines what data is included in each request. Vitanzo is therefore the data controller for this processing.

OpenAI's policies: Data processed by OpenAI is also subject to OpenAI's privacy policy. We encourage you to review it.

4. How We Use Your Data

We use your email address solely to:

• Send you a TestFlight beta invitation when access opens.
• Communicate essential product updates related to your beta participation.
• Notify you of the public launch of Vitanzo.

We will not send marketing emails unrelated to Vitanzo. We will not add you to third-party marketing lists.

5. Data Sharing and Third Parties

We do not sell your personal data. We do not share your data with advertisers or data brokers. We do not share your data with any third party except:

• IONOS SE (server infrastructure): Our server is hosted by IONOS SE in Frankfurt am Main, Germany. IONOS acts as a data processor under GDPR Article 28 and does not process data for its own purposes.
• OpenAI (AI processing): When you use the AI analysis or companion chat features, our server forwards the request to OpenAI (USA). OpenAI acts as a sub-processor; the transfer is covered by Standard Contractual Clauses. See Section 3 for details.
• Google Forms: We use Google Forms to collect beta-registration details. Data you submit through the form is processed by Google on our behalf in order to collect your request.
• Google Analytics: We use Google Analytics to measure website traffic and page usage. Google may process technical and usage data in connection with providing these analytics services.
• Email delivery service: We use a transactional email provider to deliver beta invitations. Your email address is shared with this provider solely for the purpose of delivery. This provider is contractually bound to process your data only as instructed.
• Legal compliance: If required to do so by applicable law, court order, or lawful authority, we may disclose data in our possession.

6. Data Retention

Email address: We retain your email address for as long as needed to fulfill the purpose for which it was collected. Specifically, we keep it until the beta period ends and we have sent you the relevant invitation or launch notification. After that, we will delete your email address from our records within 90 days, unless you have become a registered app user.

Clinical and health records (medical history, medications, conditions, allergies, family history, health profile): These records are retained for the full lifetime of your account. They are not subject to any shorter automatic expiry. This is intentional — your long-term health picture is what makes Vitanzo useful over time, and you should be able to review and build on your history for as long as you use the app. These records are permanently deleted only when you delete your account.

Versioned health data (profiles, medical history, settings, companion memory): These records are versioned for audit and recovery purposes. Previous versions (older snapshots) are retained for 90 days before being permanently deleted. The current (live) version is retained for the lifetime of the account, as described above.

Day entries and companion chat history: Retained for the lifetime of the account. You can delete individual entries within the app at any time.

AI call logs (rate limiting and quality): Automatically deleted after 90 days. These logs contain only request metadata — no message content, no health data.

Device push tokens: Retained while your account is active. Removed when you delete your account or when the token is invalidated by the operating system.

Account deletion: When you delete your account via Settings → Delete Account in the app, all data associated with your account is permanently deleted from our server. This is the primary way to exercise your right to erasure under GDPR Article 17.

You may also request deletion by email at any time (see Section 8).

7. International Transfers

Vitanzo server (IONOS, Germany): Our server is located in Frankfurt am Main, Germany — within the EEA. No third-country transfer occurs between your device and our server for AI analysis or companion chat.

OpenAI (USA): When you use the AI analysis or companion chat features, data is forwarded from our EU server to OpenAI in the USA. This transfer is covered by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c), incorporated in OpenAI's API Data Processing Addendum.

Other processors: Your email address and website analytics data may be processed by our email delivery provider and Google on servers outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Your Rights

Rights under GDPR (EEA residents)

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data ("right to be forgotten").
• Right to data portability: Request your data in a machine-readable format.
• Right to restriction of processing: You may request that we restrict the processing of your personal data in certain circumstances, for example while you contest its accuracy or while an objection is pending.
• Right to withdraw consent: Where processing is based on consent, you may withdraw at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, email privacy@vitanzo.app. We will respond within 30 days.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. In Germany, the competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, www.lda.bayern.de. You may also contact the supervisory authority in your EU member state of residence or workplace.

Rights under CCPA (California residents)

California residents have the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

To submit a request, email privacy@vitanzo.app.

9. Security

All data in transit between the app and our server, and between our server and OpenAI, is encrypted using TLS. Your most sensitive data — medical history and AI companion call logs stored on Vitanzo's server — is encrypted at the database layer using column-level encryption, meaning the data is unreadable without the application-layer key even if the underlying storage were accessed directly. Our server is hosted in a IONOS data centre in Germany and access is restricted to authorised personnel only. These measures are implemented in accordance with Article 32 of the GDPR.

10. Children's Privacy

Vitanzo is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@vitanzo.app and we will delete it promptly.

11. Cookies and Tracking

The Vitanzo website (vitanzo.app) uses Google Analytics to measure aggregate traffic and page usage. Google Analytics is consent-gated: it loads only after you actively click "Accept" on the cookie consent banner shown on your first visit. The banner offers only Accept and Reject. If you click "Reject", Google Analytics is never initialised and no tracking data is collected.

Legal basis (GDPR): Consent under Article 6(1)(a). Your consent is recorded in your browser's localStorage together with a timestamp and version number. You can withdraw or change your consent at any time by clicking Cookie Preferences in the footer of any page. Withdrawal does not affect the lawfulness of any processing that took place before you withdrew consent.

When active, Google Analytics may set cookies or use similar technologies and may process technical data such as your IP address, browser and device information, referral source, and page interactions according to Google's policies. We do not use third-party advertising pixels, and we self-host our fonts. If you choose to open the beta signup Google Form, you leave the main Vitanzo site and Google's own services may process data there according to Google's policies.

12. Changes to This Policy

We may update this privacy policy from time to time. We will indicate the date of the most recent revision at the top of this page. If we make material changes, we will notify beta registrants via email.

13. Contact

For any privacy-related questions or requests, contact us at:

Vitanzo
Email: privacy@vitanzo.app