Privacy Policy

Vitalstat is designed with a privacy-first approach. The majority of your health, fitness, and nutrition data stays on your device. We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties for marketing purposes.

Some features require limited data exchange with external services to function. Each case is described in detail below.

Vitalstat uses Firebase Anonymous Authentication to generate a unique identifier for each installation. This is required to securely access backend services such as Garmin data sync and leaderboard features. No personal information (name, email, phone number) is required to use the app.

We record the anonymous identifier and the date of first sign-up in Firebase Firestore for aggregate usage statistics (e.g. total user count, signups per week). These statistics are count-based and do not contain any personal or health data.

You may optionally provide your email address to help us verify and restore your subscription status in case of issues. This email is stored in Firebase Firestore alongside your subscription status. It is never shared, sold, or used for marketing.

Vitalstat retrieves health and fitness data from the source you choose during onboarding. You may switch sources at any time in Settings. Data from each source is used solely to display insights, trends, and coaching within the app.

Polar

Connects via OAuth 2.0 to the official Polar AccessLink API. After you authorize access through Polar Flow, the app retrieves exercises, daily activity, sleep, nightly recharge, heart rate samples, training load, and physical info. OAuth tokens are stored in your device's Keychain (encrypted, device-locked). Health data is cached locally on your device.

Apple Health

Connects via Apple's HealthKit framework. You choose exactly which data types to share through the standard iOS permissions dialog. The app may read workouts, heart rate, HRV, sleep, blood pressure, blood glucose, respiratory rate, oxygen saturation, body metrics, activity rings, and other types you authorize. It may write mindfulness sessions and body mass if you grant permission. All HealthKit data stays on your device and is never uploaded to any server.

Oura

Connects via OAuth 2.0 to the Oura API v2. After you authorize access through Oura, the app retrieves sleep sessions, readiness scores, daily activity, workouts, heart rate, HRV, VO2Max, SpO2, stress, and resilience data. OAuth tokens are stored in your device's Keychain (encrypted, device-locked). Health data is cached locally on your device.

Garmin

Connects via OAuth 2.0 through the Vitalstat website. Your Garmin OAuth tokens are stored securely in Firebase Firestore (server-side), not on your device. Garmin uses a push-based model: health data (dailies, sleep, activities, HRV, body battery, pulse ox, respiration) is sent by Garmin to our server via webhooks and stored in Firebase Firestore under your anonymous user ID. The app reads this data from Firestore. You can disconnect Garmin at any time, which removes your stored tokens and stops data flow.

Food log entries (product name, brand, barcode, amounts, calories, macros, and optional micronutrients), liquid intake, your nutrition profile (weight, height, age, sex, activity level, goals), recent products, and custom liquids are all stored exclusively on your device. None of this data is sent to our servers.

The following external services are used for food features:

• Open Food Facts — receives your barcode scans and search queries to return product data. No login is required.
• Edamam — receives food search queries and barcode scans to return nutrition data.
• Spoonacular — receives recipe search queries and ingredient lookups.
• USDA FoodData Central — receives nutrition database queries.

These services receive only the search terms or barcodes you enter. No personal, health, or account data is sent to them.

Vitalstat includes AI-powered features. Before using food tracking for the first time, you are shown a privacy consent screen explaining what data is shared externally.

AI Food Analysis

When you use AI food analysis, the text description you enter and/or the photo you take is sent to OpenAI to estimate nutritional content. Photos are scaled down before transmission. Image analyses are limited to 6 per day; text analyses are unlimited. We do not store these descriptions or photos on our servers.

AI Recipes

When you generate AI recipes, your remaining calorie and macro budget, dietary preferences, cuisine, cooking time, difficulty, servings, and any ingredients or taste preferences you enter are sent to OpenAI. Generated recipes are stored locally on your device.

AI Health Coach

The AI coaching feature processes your health data (sleep, HRV, recovery, activity metrics, journal entries) entirely on your device. No health data is sent to external servers for this feature.

OpenAI's use of data sent to them is governed by their privacy policy. We do not use data sent to OpenAI to train our own models.

On-Device Storage

The following data is stored locally on your device only and is removed when you delete the app:

• Health data from all sources (Polar, Apple Health, Oura, Garmin cache)
• Food log entries, liquid log, and nutrition profile
• Journal entries and habit tracking data
• User preferences, settings, and notification history
• AI-generated recipes
• Personalized baselines and metric configurations

Keychain (Encrypted)

OAuth tokens for Polar and Oura are stored in your device's encrypted Keychain, accessible only when the device is unlocked and only on the device where they were created.

App Group (Shared On-Device)

Some data is shared between the main app, widget extension, and watch app via an on-device App Group container. This includes subscription status, selected health source, and health metric snapshots for widget display. This data never leaves your device.

Firebase Firestore (Cloud)

The following data is stored in Firebase Firestore:

• Anonymous user ID and signup date (aggregate statistics)
• Email address and subscription status (if you provide your email)
• Garmin OAuth tokens and Garmin health data (if you connect Garmin)
• Leaderboard group data: group name, members, display names, and shared metric scores (if you join a leaderboard)

The app interacts with the following external services:

• Polar AccessLink API — retrieves your authorized fitness and health data.
• Apple HealthKit — reads and writes health data you authorize via the iOS permissions system.
• Oura API — retrieves your authorized health and sleep data.
• Garmin Health API — receives your health data via webhooks; stored in Firebase Firestore.
• OpenAI — receives food descriptions, food photos, and recipe inputs for AI analysis (see section 5).
• Open Food Facts, Edamam, Spoonacular, USDA — receive food search queries and barcodes (see section 4).
• Firebase — used for anonymous authentication, Remote Config (API key delivery), and Firestore data storage as described in section 6.
• Apple StoreKit — processes in-app purchases and subscription management through the App Store.

We do not use any third-party analytics, crash reporting, advertising, or tracking SDKs. No data is shared with ad networks or data brokers.

Vitalstat may request the following device permissions. Each is optional and only requested when needed:

• HealthKit — to read and write health data when Apple Health is your selected source.
• Camera — to scan food barcodes and photograph meals for AI nutrition analysis.
• Photo Library — to select food photos for AI nutrition analysis.
• Bluetooth — to read your Polar device's battery level and display it on your dashboard.
• Notifications — to send journal reminders, daily health summaries, and personalized health tips based on your sleep, recovery, and activity data.
• Background App Refresh — to periodically sync new health data and update widgets while the app is in the background.

You can revoke any permission at any time through iOS Settings.

With Background App Refresh enabled, the app periodically fetches updated health data from your selected source (approximately every 15-30 minutes, as managed by iOS). This keeps your dashboard, widgets, and notifications current. All fetched data is stored locally on your device, except for Garmin data which is read from Firebase Firestore.

The widget extension and Apple Watch app display health metric summaries (sleep score, recovery, body battery, strain, etc.) using data shared via the on-device App Group. This data never leaves your device. The widget also checks your subscription status to determine which features to display.

Vitalstat offers optional leaderboard groups where you can compare health metrics with others. Before joining a group, you must provide explicit consent acknowledging that your selected metrics will be shared with group members.

Leaderboard data (group name, your display name, and shared metric scores) is stored in Firebase Firestore and visible to other members of the group. You can leave a group at any time to stop sharing.

We take reasonable measures to protect your data:

• OAuth tokens are stored in the iOS Keychain with device-locked encryption, accessible only when the device is unlocked.
• Garmin tokens and data are stored in Firebase Firestore, protected by Firebase security rules tied to your anonymous authentication.
• API keys are delivered via Firebase Remote Config and are never hardcoded in publicly accessible locations.
• All network communication uses HTTPS/TLS encryption.

We recommend enabling a passcode, Face ID, or Touch ID on your device and keeping your health service credentials private.

On-device data: All locally stored data (health data, food logs, journals, preferences) is automatically deleted when you uninstall the app.

Keychain: OAuth tokens stored in the Keychain are removed when you disconnect a health source or uninstall the app.

Cloud data: If you connected Garmin, your Garmin data and tokens are stored in Firebase Firestore. You can disconnect Garmin from Settings to stop new data from being stored. If you provided your email, it remains in Firestore for subscription verification. To request deletion of any cloud-stored data, contact us at the address below.

Vitalstat offers auto-renewing subscriptions that unlock premium features and insights.

Payment is charged to your Apple ID account upon purchase. Subscriptions renew automatically unless canceled at least twenty-four hours before the renewal date. You can manage or cancel your subscription at any time through App Store account settings.

You have the right to:

• Access — request a copy of any data we store about you.
• Deletion — request deletion of any cloud-stored data (email, Garmin data, leaderboard data).
• Revoke access — disconnect any health source at any time in Settings.
• Withdraw consent — revoke any device permission through iOS Settings.

To exercise any of these rights, contact us at the address below.