Privacy Notice

Last updated: 21 May 2026

1. Who we are

This app ("My Vitals Log", the "App") is operated by Vaise Patu ("we", "us", "our"), the seller and data controller responsible for your personal data. You can reach us at the contact details provided in the App or via the support links on this site.

2. Personal data we collect

• Account data: email address, display name, password hash, authentication provider IDs (e.g. Google sign-in).
• Health log data you enter: blood pressure, temperature, weight, notes, timestamps.
• Uploaded clinical reports: images you upload and the extracted text / AI-generated summaries.
• Subscription & order data: subscription status, plan, billing period (we do not see or store your card details).
• Technical data: IP address, device/browser identifiers, basic usage logs, error logs.

3. Purposes and legal bases

• Provide the App (account creation, storing your logs, generating summaries) — performance of a contract.
• Process payments and manage subscriptions — performance of a contract.
• Security, fraud prevention, and abuse detection — legitimate interests.
• Improve the App and fix bugs — legitimate interests.
• Comply with legal obligations (tax, accounting, lawful requests) — legal obligation.
• Marketing communications (only if you opt in) — consent.

4. How we store and secure your data

All data is stored encrypted at rest. Row-level security ensures only you can access your own records. Uploaded report images are stored in a private bucket and only accessible through short-lived signed URLs. We apply appropriate technical and organisational measures including encryption in transit (HTTPS), access controls, and audit logging.

5. AI processing

When you upload a report, the image is sent to a hosted AI provider acting as our processor for the sole purpose of text extraction and summarization. We do not use your data to train AI models.

6. Who we share your data with

• Paddle.com Market Limited ("Paddle") — our Merchant of Record. Paddle processes all payments, manages subscriptions, calculates and remits sales tax/VAT, and issues invoices and refunds. For order-related data, Paddle acts as an independent data controller under its own privacy policy: paddle.com/legal/privacy.
• Cloud hosting & database provider (processor) — stores your account and health data on our behalf.
• AI provider (processor) — performs text extraction and summarization on uploaded reports.
• Email/authentication providers (processors) — for sign-in, password reset, and transactional emails.
• Professional advisers (accountants, lawyers) where reasonably necessary.
• Authorities where required by law.

We do not sell your personal data.

7. International transfers

Some of our processors may be located outside your country of residence. Where this is the case, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, where applicable.

8. Data retention

We retain your account and health data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain certain records (e.g. transaction and tax records) for up to 7 years to comply with legal obligations. Backups are rotated on a 30-day cycle.

9. Your rights

Depending on where you live, you may have the right to: access your data, correct it, delete it, restrict or object to processing, request portability, and withdraw consent at any time. You can exercise most of these rights yourself from the Settings page (export as CSV, delete records, delete your account). For anything else, contact us. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies

We use only essential cookies and local storage required to keep you signed in and remember your language preference. We do not use advertising or third-party tracking cookies.

11. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated through the App or by email.