VitalyticsVitalytics

Privacy Policy

Your privacy matters. Here's how we handle your data.

Last updated: February 2026

Vitalytics ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our health analytics platform.

By using Vitalytics, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

Data We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials through Google OAuth.

Health & Fitness Data

We sync data from connected services including workout logs (Hevy), sleep and readiness data (Oura), activity metrics (Google Fit), and body composition data. This data is only accessed with your explicit authorization.

Usage Data

With your consent, we use Umami — a privacy-focused, self-hosted analytics tool — to collect anonymous page view data such as pages visited and referrer information. Umami does not use cookies, does not collect personally identifiable information, and all data is stored on our own infrastructure. You can opt in or out at any time via the cookie consent banner.

How We Use Your Data

Analytics & Insights

Your health data is processed to generate personalized analytics, trends, and insights displayed on your dashboard.

Adaptiv Coaching

Premium users’ workout data is analyzed to generate adaptive training programs, progression recommendations, and periodization plans.

Service Improvement

Aggregated, anonymized data may be used to improve our algorithms and platform features. Your individual data is never shared.

Data Storage & Security

Encryption

All data is encrypted in transit using TLS and at rest using industry-standard encryption. Authentication tokens are securely stored and regularly rotated.

Access Controls

Access to user data is strictly limited to authorized systems and personnel. We follow the principle of least privilege for all data access.

Infrastructure

Our services run on secure, monitored infrastructure with regular security audits and updates.

Third-Party Integrations

Data Sources

We connect to third-party services (Google Fit, Oura, Hevy, Polar, Garmin) only with your explicit OAuth authorization. We only access the data scopes you approve.

Authentication

We use Google OAuth for account authentication. Google receives only the minimum information needed to authenticate you.

No Data Selling

We never sell, rent, or trade your personal or health data to third parties. Your data is yours.

Data Retention

Active Accounts

Your data is retained for as long as your account is active. Health and fitness data is kept to provide historical analytics and trend analysis.

Account Deletion

When you delete your account, all personal data and health records are permanently removed within 30 days. Anonymized, aggregated data may be retained.

Backups

Backup copies of data are retained for up to 90 days for disaster recovery purposes and are then permanently deleted.

Your Rights

Access & Export

You have the right to access all data we hold about you and export it in a machine-readable format at any time.

Correction & Deletion

You can request correction of inaccurate data or deletion of your account and all associated data.

Consent Withdrawal

You can disconnect third-party integrations or revoke data access permissions at any time through your profile settings.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at privacy@vitalytics.com