Legal

Privacy Policy

This privacy policy applies to MyVitalWare, a web-based application (including PWA installations on iOS and Android) together with any related services operated by Gatis Jansons ("we", "us", "our"). It explains what we collect, why, and what rights you have over your data.

Effective: 18 June 2026

The short version

We collect only what we need to make the app useful to you. We store health and fitness data because the app is built around it. We do not sell your data, ever. We do not use it for advertising. You can export a copy or permanently remove everything at any time from inside the app — Settings → Manage my data → Export and download my data, or Permanently remove my data.

Who we are

The data controller is Gatis Jansons, operating MyVitalWare as a sole proprietor based in Sweden, EU. Contact: info@myvitalware.com.

What we collect

Account information

  • Email address and authentication credentials
  • User ID assigned to your account
  • Display name, if you provide one

Health and fitness data (special-category data)

The app is built around this information and treats it as sensitive. It is private to your account.

  • Profile data: age, gender, height, weight, goals
  • Workout data: plans, exercises, sets, reps, weights, session notes, personal bests
  • Nutrition data: meals logged, macros, calories, food photos (if uploaded), barcode scans
  • Supplement data: items in your stack, doses, timing
  • Body measurements: weight history, body composition (where entered)
  • Subjective check-ins: energy, sleep, soreness, training readiness
  • AI coach conversation content

Device and usage data

The app itself does not log or store IP addresses. Rate limiting and access control are based on your authenticated session, not on your network identity.

What the app does process:

  • Device type, operating system and app version
  • Pages visited, time and date of visits, time spent on the app
  • Anonymous crash and error reports

Separately, our hosting and content-delivery providers may write IP addresses into standard server access logs for short retention periods, as part of normal operation and abuse prevention. We do not query or analyse these logs except where strictly necessary to investigate an incident. The website (myvitalware.com landing pages) also uses Google Analytics, which receives IP-derived geolocation information — see "Cookies and analytics" below.

Legal basis for processing (GDPR)

Under the EU General Data Protection Regulation, we rely on the following lawful bases:

  • Contract — to deliver the features you've signed up for (plans, tracking, AI coach, account management).
  • Explicit consent — for processing health and fitness data (special-category data under Art. 9 GDPR). You give this consent by creating an account and entering the data. You may withdraw it at any time by deleting your data or your account.
  • Legitimate interests — for security, fraud prevention, anonymous analytics, and improving the app, provided these do not override your rights and freedoms.
  • Legal obligation — where we are required by law to retain or disclose certain information.

How we use your data

  • To run the features you've signed up for (plans, logging, progress charts, AI coach).
  • To generate personalised recommendations through the AI coach — see "Artificial intelligence" below.
  • To improve the app based on aggregated, anonymous usage patterns.
  • To contact you about important account or service updates. We do not send marketing communications without your explicit consent.

Artificial intelligence

The AI coach is powered by two third-party model providers: Groq and Google Gemini. We send them the slice of your data needed to fulfil the specific request you've made — never your whole history.

The AI coach is used for:

  • Finding and presenting information (e.g. supplement, nutrition or exercise questions)
  • Suggesting meals, supplements, and exercise alternatives
  • Estimating the calories and macros of meals you describe or photograph
  • Interpreting pasted data (e.g. workout plans or past measurements) and entering it for you

Your data is not used to train AI models. Both providers process the data only to return the response and are contractually bound not to retain it for training purposes. The processing may occur on infrastructure outside the EU (see "International data transfers" below).

Cookies and analytics

Website (myvitalware.com and app.myvitalware.com landing pages): we use Google Analytics to understand which pages people visit. This involves cookies. Where required by applicable law (EU/EEA/UK), we will request your consent before non-essential analytics cookies are set.

Inside the app: the app itself does not use third-party analytics SDKs, advertising SDKs, or tracking pixels. Only the cookies strictly necessary to keep you logged in are used.

Third-party access

We share data only with the trusted service providers we rely on to operate the app — currently the AI providers named above, our hosting provider, and email infrastructure. These providers act on our instructions, have no independent right to use your data, and have agreed to the protections set out here.

Beyond these processors, we share data only:

  • as required by law (e.g. to comply with a subpoena or similar legal process)
  • where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or respond to a government request
  • in aggregated, anonymized form that no longer identifies you

We do not sell or share your data for advertising

We do not sell your personal information. We do not "share" it for cross-context behavioural advertising (as those terms are defined under the California CPRA). We do not run advertising in the app or on the website.

International data transfers

Our third-party providers may process personal data outside your country of residence, including outside the European Economic Area (EEA) — for example, AI processing on Groq and Google Gemini infrastructure in the United States. Where applicable law requires safeguards for international transfers, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions or other legally recognised transfer mechanisms
  • Your consent, where required and legally permitted

Data protection laws in other countries may differ from those in your jurisdiction. Where required by law, we will apply appropriate safeguards and obtain any consent required for the transfer.

Your rights (GDPR & UK GDPR)

If you are in the EU/EEA or UK, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data (the "right to be forgotten") — exercisable directly from Settings → Manage my data → Permanently remove my data, or by emailing us
  • Port your data — receive a copy in a structured, machine-readable format, downloadable directly from Settings → Manage my data → Export and download my data
  • Restrict or object to certain processing
  • Withdraw consent where processing is based on consent, without affecting prior lawful processing
  • Lodge a complaint with your local supervisory authority (in Sweden, the Swedish Authority for Privacy Protection — Integritetsskyddsmyndigheten / IMY)

To exercise any of these rights, contact us at info@myvitalware.com.

Your California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose about you
  • Delete personal information we have collected from you
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioural advertising
  • Limit the use of sensitive personal information — see below
  • Non-discrimination for exercising any of these rights

Categories of personal information collected (CPRA): identifiers (email, user ID), internet/network activity (page visits, device data), commercial information (subscription status), sensitive personal information (health and fitness data you enter), inferences drawn from your data to power AI-coach recommendations.

Use of sensitive personal information: we use the health and fitness information you enter solely to operate the app's features and to generate personalised AI-coach content for you. We do not use it for any purpose beyond providing the service you've asked for, and we do not sell it.

To exercise these rights, contact info@myvitalware.com.

Data retention

  • User-provided data (workouts, meals, supplements, measurements, AI coach conversations): retained for the duration of your account, plus 12 months thereafter, unless longer retention is required by law.
  • Automatically collected data (IP, device, usage): retained for up to 24 months from collection, unless longer retention is required for legal compliance.
  • Aggregated and anonymised data: retained indefinitely as it no longer identifies you.
  • Data required for legal compliance: retained as long as required by applicable law.

You may request earlier deletion at any time, subject to any legal obligation to retain it. Note that some user-provided data may be required for the app to function — deleting it may close your account.

Opt-out and data deletion

You can stop further collection of information from your device by ceasing to use the app. Ceasing to use will stop further data collection, but does not automatically delete information already transmitted to us or our processors.

You can permanently remove all of your data yourself, at any time — open the app and go to Settings → Manage my data → Permanently remove my data. This wipes your account and all associated personal and health data from our systems. The action is irreversible.

If you'd rather, or if you can no longer access your account, email us at info@myvitalware.com and we'll process the deletion for you. You may also withdraw consent for any specific processing through the same address.

Children

The app is not intended for children under 16 years of age, or such higher age as required by applicable law. We do not knowingly solicit data from children or market the app to them.

We encourage parents and legal guardians to monitor their children's internet usage. If you have reason to believe that a child has provided personal information to us, please contact info@myvitalware.com and we will take the necessary action. If you are under 16, your parent or guardian must provide consent on your behalf where permitted by law.

Security

We use industry-standard physical, electronic, and procedural safeguards to protect the information we process. No system is perfectly secure, but we treat your health and fitness data with the seriousness it deserves.

Data breach notification

If a data breach occurs that affects your personal data, we will notify you in accordance with applicable legal requirements — including, where required, providing information about the nature of the breach and the steps being taken to address it. Under GDPR, where a breach is likely to result in a high risk to your rights, we will notify you without undue delay.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the app and, where appropriate, by email, before they take effect. Where required by law, we will seek your consent to material changes. Previous versions are kept and available on request.

Your consent

Where processing is based on consent, you give that consent by affirmatively opting in to the relevant feature or action (e.g. creating an account, entering health data, or asking the AI coach a question). You may withdraw consent at any time without affecting processing carried out before withdrawal. Processing based on other lawful bases continues as described above.

Contact us

Any questions about this policy, our practices, or your rights — please email info@myvitalware.com.