← Back

Privacy Policy

Last updated: 2026-05-16

This is a pre-launch draft of our privacy policy. We update it before our public launch following review by counsel. If you have questions, email privacy@vectorvitals.com.

What this is

Vector Vitals ("we", "us") is a wellness-tracking and analytics service. You connect a wearable (Whoop, Oura, Apple Health, Garmin, etc.) and log the supplements and medications you take. We analyze the combination to surface observational patterns between what you log and your biometric data.

This policy explains what data we collect, how we use it, who we share it with, and what your rights are.

What we collect

  • Account data: email address, sign-in identity (Apple, Google, or email magic link), display name if you provide one.
  • Self-reported medication data: the medications and supplements you tell us you take, with dose, schedule, and start date. You enter this. We don't receive prescription data from any pharmacy.
  • Biometric data from connected wearables: heart rate variability (HRV), resting heart rate, sleep stages and duration, recovery scores, weight, body composition, steps, blood oxygen, when synced through Rook, Terra, or Apple HealthKit. We receive only what you authorize at connection time.
  • App usage telemetry: screens visited, actions taken, errors encountered. We use this to debug and improve. We do not track you across other apps or websites.
  • Subscription data: if you subscribe, Stripe handles payment processing. We receive your subscription status (active / canceled / past due) and never your card number.

What we do NOT collect

  • Prescription records from your physician. We are not your healthcare provider. We have no access to clinical records, lab results from labs we're not integrated with, or insurance claims.
  • Identifying information from your wearable that goes beyond the metrics above. Heart rate at 3:47 AM is metric data; your name and address from your wearable account are not data we ingest.
  • Location data, unless explicitly granted for a specific feature (none today).

How we use your data

  • To run the product. We display your dose log and biometric trends in the app.
  • To produce insights. Our inference engine analyzes your log alongside your biometric trends to surface observational patterns. Insights are informational, not medical advice.
  • To facilitate optional telehealth consultations. If you choose to start a consultation through the Store, we share intake information with our licensed telehealth and pharmacy partners so they can evaluate whether a prescription is clinically appropriate. We do not prescribe medications and we do not promise any outcome from a consultation.
  • To improve the product. Aggregated, de-identified usage data informs which features we build next.

We do not sell your data. We do not share your data with advertisers. We do not use your data to target ads at you on other platforms.

Who we share data with

  • Our infrastructure providers: Supabase (database + auth), Vercel (web hosting), Anthropic and Google (AI model inference). These providers process data on our behalf under contractual data-processing agreements. They do not have independent rights to your data.
  • Wearable aggregators (Rook, Terra): when you connect a wearable, you authorize the aggregator to send your biometric data to us. The aggregator handles its own data-processing relationship with the wearable manufacturer.
  • Telehealth and pharmacy partners: when you check out an item that requires a prescription, we share the intake information you provide (profile, shipping address, basket contents, and health questions you answer) with the licensed telehealth provider performing your clinical evaluation and, if approved, with the licensed US pharmacy compounding or dispensing your prescription. Vector Vitals is the seller of record; our partners act under contract to provide clinical and fulfillment services. Partner identities are listed in our Terms and updated when relationships change.
  • Stripe: handles subscription payment processing. We never see your card number.
  • Legal requests: we may disclose data when compelled by law. We will notify you when we are legally allowed to do so.

HIPAA, state health-privacy laws, and what we promise

Vector Vitals is not a HIPAA Covered Entity. The data you give us — self-reported medication logs and wearable biometric data — is health-related but is not Protected Health Information under HIPAA's definition because no Covered Entity created it during your care.

State privacy laws (Washington's My Health My Data Act, California's Confidentiality of Medical Information Act, Colorado/Connecticut/Texas data privacy laws) may still apply to some of our processing. We treat your health-related data with the same internal protections we would apply to PHI: encryption in transit and at rest, Row-Level Security in our database, audit logs, and the principle of minimum necessary access.

How long we keep your data

We retain your data for as long as your account exists. If you delete your account, we delete your personal data within 30 days, except for anonymized usage metrics that we may retain for product improvement.

You can export or delete your data anytime by emailing privacy@vectorvitals.com or via the in-app Profile screen.

Your rights

  • Access the data we have about you.
  • Correct it if it is wrong.
  • Export it in a portable format.
  • Delete it.
  • Opt out of any non-essential processing.

Email privacy@vectorvitals.com to exercise any of these. We respond within 30 days.

Children

Vector Vitals is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe we have such data, email us and we will delete it.

Changes to this policy

We will update this page when we make material changes and email you if the change is significant. The "Last updated" date at the top reflects the current version.

Contact