Privacy Policy

Effective date: June 12, 2026

VitaSync ("we", "us") helps you, and the people you care for, stay on top of a supplement and medication routine. This policy explains what personal information we handle, why we handle it, and the choices you have. It is written in plain language on purpose. If anything here is unclear, email us at support@vitasync.app.

Who we are and what this covers

VitaSync is a supplement and medication adherence app. This policy covers:

Our mobile apps for iPhone and Android.
Our web app.
Our marketing website at the VitaSync domain, including the waitlist.

When this policy says "the service", it means all of the above together. The service is offered first to people in the United States, and your information is processed in the United States. See "International users" below.

Information you provide

You give us information when you create an account and use the service.

Account details. Your email address and a password. We use Supabase Auth to store and manage your login. Passwords are handled by that authentication system and are not stored by us in readable form.
Care profiles. A profile has a name or label and a relationship (for example, "Mom" or "Dad"). A profile can describe you, or it can describe another person you care for. You choose what to enter. Please only enter another person's information if you are allowed to. See "Caregivers and shared data" below.
Plans and logs. The supplements and medications you add, their schedules, the doses you log as taken or missed, your adherence statistics, and inventory counts you keep.
Photos and barcodes. If you choose to add a product by photo, you can take or pick a photo of its label. If you choose to add a product by barcode, the app reads the barcode. How we handle each of these is described under "How label scanning and barcode lookup work" below.
Messages you send us. If you email us, join the waitlist, or contact support, we receive what you send, including your email address and the contents of your message.

Information collected automatically

We keep this short and honest, because there is not much.

Basic device and service logs. Our infrastructure providers (the companies that run our database, hosting, and payments, listed below) generate ordinary technical records when the app talks to their systems. These can include things like an IP address, device or operating system basics, timestamps, and error logs. We use these to run the service, keep it secure, and fix problems.
No analytics. We do not use a third-party analytics SDK in the app today.
No advertising or tracking. We do not run ads, and we do not use advertising or cross-site tracking technology.
No location data. The app never asks for your location and we do not collect it.
No cookies on the marketing website. The marketing site is static and sets no cookies, no analytics, and no embedded third-party trackers.

If this ever changes, we will update this policy before the change takes effect. See "What we do not do".

How we use information

We use the information above to:

Provide the service. Build and show your routine, profiles, plans, logs, and statistics.
Send reminders and alerts. Deliver dose reminders to you and missed-dose alerts to caregivers, when those features are turned on.
Run subscriptions. Start, renew, and manage the paid Pro subscription through the app stores and our payments provider.
Provide support. Answer your questions and help with your account.
Keep the service secure. Detect, prevent, and respond to fraud, abuse, security incidents, and technical problems.
Meet legal obligations. Comply with applicable law and respond to lawful requests.

How label scanning and barcode lookup work

These features are optional. You only use them if you choose to add a product this way.

Label photos. When you take or pick a label photo, the photo is sent from your device to our backend and analyzed by an AI vision model to read the supplement facts from the label. The company that provides that vision model, Anthropic, processes the image for us as a service provider. The extracted details are shown to you so you can confirm or correct them before they are saved to your plan. Photos are used for this extraction step. They are not used for advertising and are not sold.
Barcode lookup. When you scan a barcode, only the barcode number is sent to OpenFoodFacts, an open product database, to look up the product. We do not send your photos, account, or profile information in a barcode lookup.

Caregivers and shared data

VitaSync is built so you can help care for someone else, such as a parent. This section explains how that works and what your responsibilities are.

What a caregiver sees. If you create or manage a profile for another person, you can see that profile's plans, schedules, doses, adherence, and alerts, the same way you see your own. The paid caregiver suite adds a Watching dashboard, missed-dose alerts, multiple care profiles, and doctor-ready exports.
What share links expose. A read-only share link creates a view of a plan that anyone with the link can open. A share link is read-only: the person opening it can see the plan, but cannot change it. Treat a share link like a key. Only send it to people you trust, such as a doctor or a family member, and you can stop sharing at any time.
Your duty to have permission. When you enter or manage information about another person, you are responsible for having that person's permission to do so, unless you are their legal guardian or otherwise legally allowed. You should also tell that person that their information is in VitaSync.
How that person can request deletion. If you are described in someone else's VitaSync profile and you want that information removed, email us at support@vitasync.app and we will work with you to handle the request. The account holder can also delete the profile, or their whole account, at any time.

All users must be 18 or older. See "Age requirement".

Service providers

We use a small set of service providers to run VitaSync. We share only what each one needs to do its job. We do not sell your information to any of them.

Provider	What it receives	Why
Supabase	Your account login, care profiles, plans, schedules, dose logs, statistics, and inventory.	Database, authentication, and backend functions that store and run the service.
Anthropic	Label photos you submit for scanning.	An AI vision model reads the supplement facts from the label so you can confirm them.
OpenFoodFacts	The barcode number you scan, and nothing else.	Looks up a product by its barcode.
RevenueCat	Subscription and purchase events, and an app-specific identifier.	Manages your Pro subscription status across platforms.
Apple	Your purchase and subscription details if you buy through the App Store.	Processes payment and runs auto-renewing billing. We never see full card numbers.
Google	Your purchase and subscription details if you buy through Google Play.	Processes payment and runs auto-renewing billing. We never see full card numbers.
Hosting and content delivery provider	Network requests needed to load the website and web app, including an IP address.	Serves the static marketing site and the web app.

We may add or change providers as the service grows. If we add a provider that changes what we collect or how we use it, we will update this policy first.

What we do not do

We want to be direct about this.

We do not sell your personal information.
We do not share your personal information for cross-context behavioral advertising.
We do not run ads in the app or on the website.
We do not collect your location.
We do not use a third-party analytics SDK or a third-party crash-reporting SDK in the app today. The only crash information we may receive is the operating-system-level, opt-in crash reporting that Apple and Google offer to app developers, which you control in your device settings and which comes to us in aggregate.

If we decide to add any of the above in the future, we will update this policy before that change takes effect, and where the law requires it, we will ask for your consent.

Consumer health data

Some of the information in VitaSync is health information. This includes the supplements and medications on a plan, their schedules, the doses you log, your adherence statistics, label photos you submit for scanning, and the relationship label on a care profile. We collect this only to provide the features you ask for, we do not sell it, and we do not use it or share it for advertising.

Because some states treat this kind of information specially, we publish a separate Consumer Health Data Privacy Policy that covers it in full, including the categories we collect, why we collect them, who we share them with, and how you exercise your rights. That document is required by laws such as the Washington My Health My Data Act and Nevada SB 370, and it is linked in the site footer. Please read it for the complete detail on how we handle your consumer health data.

How long we keep information

We keep your information for as long as your account is active, so the service works for you. When you delete your account, we delete your account and associated data through a backend function, as described in the next section. We keep limited records longer only when we have to, for example to meet a legal obligation, resolve a dispute, or maintain security. Backups that contain your data cycle out on a rolling schedule after deletion, rather than disappearing instantly.

Deleting your account and data

You are in control. You can delete your account at any time.

In the app, on web or mobile:

Open VitaSync.
Go to Settings.
Tap or click Delete Account.
Confirm.

This runs a backend function that deletes your account and the data associated with it, including your profiles, plans, schedules, dose history, statistics, inventory, and shares.

By email: If you prefer, email support@vitasync.app from the address on your account and ask us to delete it. We will confirm and complete the request. Please allow up to 30 days.

Deleting data without deleting your account: You can also remove individual profiles, plans, or logs inside the app, or email us, without closing your whole account.

About backups: After deletion, copies of your data may remain in routine backups for a short time before those backups cycle out. We do not restore deleted data from backups except where the law requires it.

Security

We take reasonable steps to protect your information.

Your data is stored in a Postgres database with row-level security, which is designed so each account can only reach its own data.
Connections between the app and our backend use encryption in transit.
Passwords are managed by our authentication provider and are not stored by us in readable form.

No service can promise perfect security, and we do not. If we ever become aware of a security incident that affects your information, we will act on it and notify you where the law requires.

Your rights and choices

Wherever you live, you can ask us to:

Access the personal information we hold about you.
Correct information that is wrong.
Delete your information.
Get a copy of your information in a portable form.

To make a request, email support@vitasync.app. We will respond within the time the law allows. We will not charge you or deny you the service for making a request.

If you are in the European Economic Area, the United Kingdom, or Switzerland. Our legal bases for processing are: performing our contract with you (to provide the service you signed up for), your consent (for optional features like label scanning), our legitimate interests (to keep the service secure and working), and compliance with legal obligations. You also have the right to object to processing, to restrict it, and to lodge a complaint with your local data protection authority.

If you are in California or another US state with a privacy law. We provide the access, correction, deletion, and portability rights above to everyone. We do not sell personal information and we do not share it for cross-context behavioral advertising, so no opt-out of sale or sharing is needed. Where a state law sets a threshold that VitaSync does not yet meet, we are choosing to offer these rights to you anyway. You may use an authorized agent to make a request on your behalf, and we may need to verify your identity before we act.

International users

VitaSync is operated from the United States, and the information you give us is processed and stored in the United States. If you use the service from another country, you understand that your information will be handled in the United States, where privacy laws may differ from those where you live.

VitaSync is offered in the United States at launch. It is not directed to the European Economic Area or the United Kingdom at this time, and we do not target our service or our marketing to people there. If we expand availability to those regions, we will update this policy before the service becomes available there.

Age requirement and children

VitaSync is for adults. You must be 18 or older to create an account, and the signup screen asks you to confirm this. We do not direct the service to children, and we do not knowingly collect personal information from anyone under 18. This is also why VitaSync does not knowingly handle information covered by the US Children's Online Privacy Protection Act (COPPA). If you believe a child has given us information, email support@vitasync.app and we will delete it.

If you create a profile for a person who is a minor in your care, please keep in mind that VitaSync is designed for adult account holders managing a routine, and you are responsible for that information as described in "Caregivers and shared data".

Changes to this policy

We may update this policy as the service grows or the law changes. When we do, we will change the effective date at the top, and for meaningful changes we will give you reasonable notice, for example in the app or by email. As promised above, we will update this policy before we start doing anything it currently says we do not do.

Contact

Questions or requests about your privacy can be sent to:

support@vitasync.app