Privacy Policy
Last updated: March 2025 · Effective for VitalLog v1.0 and above
VitalLog is a health tracking app. We take privacy seriously. This policy explains exactly what data we collect, why, and what we never do with it.
1. Who We Are
VitalLog is an Android application that helps individuals and families track health device readings (blood pressure, SpO₂, blood glucose, weight). The application is operated by the VitalLog development team ("we", "us", "our").
Contact: vitallog.support@gmail.com
2. What We Collect
Account information
- Phone number — used for sign-in and account identification
- Display name — shown in the app UI and shared reports
- Google account email — if you choose Google sign-in
Health data (the core of the app)
- Blood pressure readings (systolic, diastolic, pulse)
- SpO₂ / blood oxygen readings
- Blood glucose readings (fasting and post-meal)
- Weight measurements
- Timestamps and optional notes for each reading
Profile information
- Birth year and age (for personalised thresholds)
- Height in cm (for BMI calculation)
- Gender (for age/gender-adjusted health thresholds)
- Medical conditions and medications (optional, for doctor reports)
Usage data
- App events (scan started, report shared) — anonymous, for improving the app
- Firebase Analytics device identifiers
3. What We Do NOT Collect
- Location data
- Camera footage (images are processed locally and discarded immediately)
- Contacts (you choose which contacts to share with, we don't access your contact list)
- Financial information of any kind
- Biometric data (fingerprint used only for device unlock, never sent to us)
4. How We Use Your Data
- Health readings — stored in your account, shown in the app, used for trend analysis and AI insights
- Doctor sharing — you explicitly generate a share link or PDF. We don't share your data with anyone without your action
- Hospital access — hospitals can request access only through a formal consent flow. You can approve, decline, or revoke at any time
- AI analysis — health analysis runs on our servers using your own readings only. Results are returned to you and not stored separately
5. Data Storage and Security
All data is stored on Google Firebase (Cloud Firestore and Firebase Authentication), hosted in data centres compliant with ISO 27001, SOC 2, and regional data protection regulations.
- All data is encrypted in transit using TLS 1.3
- Firebase Firestore encrypts data at rest by default
- Firestore security rules restrict access so users can only read their own data
- Firebase Authentication manages identity — we never store passwords
6. Doctor and Hospital Access
When you share a doctor link, you generate a time-limited token (72 hours by default). The recipient can view your readings through a secure web page. No account is required on their end.
Hospital access requires your explicit consent through an in-app approval flow. You can revoke hospital access at any time from the Hospital Access section in the app. Revoking access immediately prevents further viewing.
7. Your Rights (DPDPA 2023)
Under the Digital Personal Data Protection Act 2023 (India), you have the right to:
- Access — view all data we hold about you (it's all visible in the app)
- Correction — edit your profile and readings from within the app
- Erasure — delete your account and all associated data from Profile → Delete Account. Deletion is permanent and processed within 30 days
- Portability — export your readings as PDF from the Share screen
- Grievance — contact us at vitallog.support@gmail.com. We respond within 48 hours
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, all associated data (readings, profiles, medical info, doctor access tokens) is permanently deleted within 30 days.
Firebase Authentication data is deleted upon account deletion.
9. Third-Party Services
- Google Firebase — authentication, database, cloud messaging
- Anthropic Claude API — AI health analysis (your readings are sent for analysis and not retained by Anthropic per their API data policy)
- Google Fonts — typography (no personal data shared)
10. Children
VitalLog is designed for users aged 18 and above. We do not knowingly collect data from children under 18. If you believe a child has created an account, please contact us at vitallog.support@gmail.com.
11. Changes to This Policy
We may update this policy when the app adds new features or when regulations change. Significant changes will be notified in-app. Continued use after changes constitutes acceptance.
12. Contact
For any privacy questions or requests: vitallog.support@gmail.com