Privacy Policy

Last updated: 16 May 2026

Who we are

VitSync is operated by VitSync Ltd, registered in the United Kingdom. When we say "we", "us", or "VitSync" in this policy, we mean VitSync Ltd.

VitSync Ltd is registered as a data controller with the UK Information Commissioner's Office (ICO).

For questions about this policy or your data, contact us at hello@vitsync.com.

Where you are

VitSync is available on the App Store in the United Kingdom, across the European Economic Area (EEA), Canada, and Australia. The same privacy practices apply to all users. This policy is written to satisfy UK GDPR, the EU General Data Protection Regulation (Regulation 2016/679), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act 1988.

Our processing of your personal data is intentionally minimal:

• Apple Health data, blood test results, and your supplement plan are processed on your device. They are never transmitted to our servers or any third party.
• Account information, plan summaries, and chat messages are processed by service providers in the United Kingdom and the European Union (Firebase / Google Cloud, region eur3 covering Belgium and the Netherlands; Anthropic in the United States).
• Transfers to the United States (Anthropic for chat processing) rely on the EU-US Data Privacy Framework and the UK Extension to the DPF, with Anthropic's Standard Contractual Clauses as a backup safeguard. Anthropic retains chat data for up to 30 days for safety and abuse-prevention purposes only and does not train models on it.

What data we collect

VitSync collects the following categories of data to build and adapt your supplement plan:

• Apple Health data, sleep duration, sleep quality, heart rate variability (HRV), resting heart rate, exercise minutes, step count, and nutrition data (if you log food in apps like MyFitnessPal). This data is read from Apple Health with your permission and processed on your device.
• Profile information, age, height, weight, gender, health goal, dietary habits, and safety screening answers (medications, conditions, allergies). You provide this during onboarding.
• Blood test results, if you choose to enter them. These are optional and stored exclusively on your device. They are never persisted on our servers. When the VitSync engine generates a weekly plan they are transmitted in a single API request, used in memory to build the engine's reasoning, and discarded as soon as the response returns. See "How your data is processed" below for the full data flow.
• Chat conversations, messages you send to the VitSync assistant. These are processed by the VitSync engine, which is powered by an Anthropic API. We send your current plan data and conversation context to generate relevant answers.
• Account information, if you sign in with Apple, we receive your Apple ID and optionally your name and email. We use Firebase Authentication to manage your account.
• Purchase records, when you confirm a supplement purchase through VitSync, we store the ingredient, date, and estimated bottle size locally to track your supply levels.

How your data is processed

Your supplement plan is built by the VitSync engine using your Apple Health data, profile answers, and any blood results you have entered.

The engine has two parts: an on-device rules layer (which always runs) and a server-side reasoning layer hosted in our Cloud Functions and powered by an Anthropic API. When the server-side layer runs, it receives a single request from your device containing the data needed to build that plan, generates the plan, and returns it. Critically:

• Blood test results are sent in this request only when needed and are never persisted on our servers. They live in memory for the duration of the plan-generation call and are discarded when the response returns.
• Your generated plan (ingredient names, doses, explanations) is stored under your authenticated Firestore account so it persists across devices and so the next week's plan can reference what was recommended last week. Plan storage does not include any blood biomarker numbers.
• Apple Health data is read on-device, used to compute summary signals (sleep average, HRV average, active minutes), and only those summary signals are sent to the server. Raw HealthKit samples are not transmitted.

When you use the VitSync chat, your message and relevant plan context are processed by the VitSync engine. The Anthropic API processes this data under their privacy policy, retains it for up to 30 days for safety and abuse-prevention purposes only, then deletes it. We do not use your chat data to train AI models, and the Anthropic API does not train on data sent through it.

Your account profile, plan history, and chat transcripts are also stored in Firebase (Google Cloud) so they persist across devices. This data is encrypted in transit and at rest, and is only accessible to your authenticated account.

What we don't do

• We don't sell your personal data to anyone.
• We don't share your data with advertisers.
• We don't use your health data for targeted advertising.
• We don't store your Apple Health data on our servers.
• We don't access your data without your explicit permission.

Third-party services

VitSync uses the following third-party services:

• Anthropic API, powers the VitSync engine's reasoning for plan generation and chat responses. Receives your message + relevant context, returns a response. Privacy policy.
• Firebase (Google), authentication, data sync, and cloud functions. Privacy policy.
• Apple (HealthKit, StoreKit, WeatherKit), health data access, subscription management, weather data. Privacy policy.
• Amazon Associates, affiliate links for supplement purchases. When you tap a buy link, you leave VitSync and enter Amazon's platform. We receive a commission on qualifying purchases but do not receive your Amazon purchase history or payment details.

Data retention

Your profile, plan history, and chat transcripts are stored locally on your device using Apple's SwiftData framework. If you sign in and sync is enabled, a copy is stored in Firebase Firestore under your authenticated account.

You can delete all your data at any time by using the "Reset app" option in Profile (available in the app) or by deleting the app from your device. If you have synced data to Firebase, contact us at hello@vitsync.com to request deletion of your server-side data.

Children

VitSync is designed for adults aged 18 and over. If you are under 18, the app's safety gate will block all supplement recommendations and display a message directing you to consult a healthcare professional. We do not knowingly collect data from children under 18.

Your rights

Under UK GDPR (if you are in the United Kingdom) and EU GDPR (if you are in the European Economic Area), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability, receive your data in a machine-readable format
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with a supervisory authority (see below)

To exercise any of these rights, email hello@vitsync.com. We will respond within one calendar month, as required by GDPR Article 12.

Canadian users

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access, correct, and challenge the accuracy of your personal information held by VitSync. You may also withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. To make a request, email hello@vitsync.com.

Australian users

Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to access and correct the personal information we hold about you. You may also make a complaint if you believe we have breached an APP. To make a request or lodge a complaint, email hello@vitsync.com.

Supervisory authorities

If you believe we have not handled your personal data in line with the law, you have the right to complain to your local data protection authority. You can also contact us first at hello@vitsync.com and we will try to resolve your concern.

• United Kingdom: Information Commissioner's Office (ICO), ico.org.uk
• Republic of Ireland: Data Protection Commission, dataprotection.ie
• Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), bfdi.bund.de, and your state-level (Land) authority
• France: Commission Nationale de l'Informatique et des Libertés (CNIL), cnil.fr
• Italy: Garante per la protezione dei dati personali, garanteprivacy.it
• Spain: Agencia Española de Protección de Datos (AEPD), aepd.es
• Netherlands: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl
• Other EEA countries: a list of national supervisory authorities is published by the European Data Protection Board at edpb.europa.eu
• Canada: Office of the Privacy Commissioner of Canada (OPC), priv.gc.ca
• Australia: Office of the Australian Information Commissioner (OAIC), oaic.gov.au

Cookies

vitsync.com uses two non-essential cookies set only after you accept on the consent banner: Google Analytics 4 (with IP anonymisation) for visitor counts, and the LinkedIn Insight Tag for ad-campaign measurement. Both default to denied; we do not set them until you click Accept. You can change your decision at any time using the link below.

Manage cookies

EU representative

VitSync Ltd processes a limited and clearly delimited set of personal data, and the special-category health data we handle (Apple Health, blood test results) is processed exclusively on your device and is not transmitted to us. On that basis, we currently rely on the exemption in Article 27(2)(a) of the EU GDPR for processing that is "occasional, does not include, on a large scale, processing of special categories of data... and is unlikely to result in a risk to the rights and freedoms of natural persons".

EEA residents who wish to raise a data-protection issue can contact us directly at hello@vitsync.com in any EEA official language, or contact the supervisory authority in their country (see above). If our processing scope expands beyond this exemption, we will appoint a designated EU representative and update this policy.

Changes to this policy

We may update this policy from time to time. If we make material changes, we'll notify you through the app or by email. The "last updated" date at the top of this page reflects the most recent revision.

Contact

If you have questions about this privacy policy or how VitSync handles your data:

Email: hello@vitsync.com
Website: vitsync.com