Privacy Policy

Last Updated: July 2, 2026

Summary: What You Should Know

  • Your conversations with Ginger are sent to Anthropic's Claude AI for processing
  • We store your health data (allergies, dietary preferences, health goals) to personalize your experience
  • With your permission, we read health & fitness data from Health Connect (Android) or Apple Health (iOS); it is never sold or used for advertising, and you can revoke access anytime
  • You can delete your conversations or entire account at any time
  • You can export all your data in JSON/CSV format
  • Your passwords are encrypted and we use HTTPS for all communications
  • We will never sell your personal information to third parties
  • Your messages and sensitive health details (conditions, medications, and allergies) are encrypted at rest with AES-256; all other data is protected by encrypted database infrastructure and strict access controls
  • Documents you upload (such as lab reports and test results) are kept in private, access-controlled storage that is never publicly accessible
  • Personal identifiers are removed before AI processing (de-identification)
  • We follow HIPAA-aligned security practices for health data protection

Introduction

Welcome to Vedalife. VEDALIFE INC. is committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy explains our data practices when you use our AI-powered health coaching platform.

By creating an account, you consent to the collection and use of your information as described in this policy.

1. Information We Collect

Account Information

  • Name
  • Email address
  • Password (encrypted)

Health & Wellness Information

  • Dietary preferences and restrictions
  • Food allergies
  • Health goals and conditions
  • Location and timezone (for meal planning)
  • Conversations with Ginger, our AI health coach
  • Documents and files you choose to upload (such as lab reports, test results, and related images or PDFs)

Connected Health & Fitness Data (Health Connect & Apple Health)

If you choose to connect Vedalife to Health Connect (on Android) or Apple Health (on iOS), and only after you grant permission, we read health and fitness data from those services to personalize your insights and coaching. This may include:

  • Steps, distance, floors climbed, and active calories burned
  • Exercise and workout sessions
  • Heart rate, resting heart rate, and heart rate variability
  • Blood oxygen saturation and respiratory rate
  • Blood pressure, blood glucose, and body temperature
  • Sleep
  • Weight, height, and body fat

This access is read-only and entirely optional. We request access only to the data types relevant to features you use, and you can revoke access at any time in your device's Health Connect or Apple Health settings, or by disconnecting the integration in Vedalife's settings. Where Vedalife reads data in the background, it does so only to keep your insights current and only while you have granted the relevant permission.

How connected health data is used and shared: Data obtained from Health Connect and Apple Health is used solely to provide and personalize Vedalife's wellness features (such as displaying trends and generating coaching insights). We do not sell this data, do not use it for advertising or marketing, and do not transfer it to third parties except service providers acting on our behalf to operate the app. When connected health data informs AI coaching, it is subject to the same de-identification safeguards described in Section 2 before being sent to Anthropic. Our use of Health Connect data complies with the Health Connect Permissions policy, and our use of Apple Health data complies with Apple's HealthKit requirements, including the restriction against using health data for advertising or sharing it with third parties for marketing.

Usage Information

  • Messages sent and received
  • Conversation timestamps
  • Feature usage patterns

2. Third-Party Services (IMPORTANT)

Your conversations are processed by external AI services

To provide personalized health coaching, we transmit your conversations and health profile to third-party AI providers. Please read this section carefully.

Anthropic (Claude AI)

We use Anthropic's Claude AI to power Ginger, our health coaching assistant. When you send a message, the following information is transmitted to Anthropic's servers:

  • Your complete conversation history
  • Your dietary restrictions and allergies (marked as critical)
  • Your health goals and conditions
  • Your food preferences
  • Your location and timezone
  • Conversation summaries we generate for personalization

How We Protect Your Data During AI Processing

Before your information is sent to Anthropic for processing, we apply a de-identification layer to minimize personal data exposure:

  • Your name is removed or replaced with a pseudonym
  • Specific locations are generalized to region level only
  • Exact birth dates are converted to age ranges
  • Other direct identifiers like email addresses are stripped

Anthropic's Commitment: API inputs are not used for model training. Data is retained for up to 30 days for trust and safety purposes only, then deleted. For more information, see Anthropic's Privacy Policy.

Resend (Email Service)

We use Resend to send transactional emails (verification, password reset). Resend processes:

  • Your email address
  • Your name
  • Email metadata (delivery status, open rates)

Payments (Stripe, Apple, and Google)

We use Stripe to process web subscription payments, and Apple and Google to process in-app purchases and subscriptions on their mobile platforms. These providers handle your billing and transaction details; we do not store your full payment card numbers. They process:

  • Billing and transaction information
  • Subscription and purchase status

Analytics and Reliability (PostHog and Sentry)

We use PostHog for product analytics and Sentry for error monitoring, which help us understand how features are used and diagnose problems. These services may process:

  • Usage events, feature interactions, and device or browser information
  • Diagnostic and error data, which may incidentally include information you entered

Hosting and Infrastructure

We rely on trusted infrastructure providers to host our application, database, and file storage on our behalf, including cloud hosting and file storage (Vercel) and our managed database (Neon). These providers process the data described in this policy only as needed to operate the service and under contractual data-protection obligations.

3. How We Use Your Information

  • Personalized Health Coaching: To provide tailored meal plans, nutrition advice, and health guidance through Ginger
  • Safety: To ensure we never recommend foods you're allergic to
  • Account Management: To verify your email, reset passwords, and manage your account
  • Service Improvement: To improve our AI coaching quality and add new features (aggregated, non-identifiable data only)
  • Communication: To send important updates about your account or our services

4. How We Protect Your Data

We implement comprehensive security measures to protect your personal and health information. For detailed information about our security practices, visit our Security Practices page.

Encryption Standards

  • Encryption at Rest: Your messages and the most sensitive fields in your health profile — including health conditions, medications, and allergies — are encrypted at the application level using AES-256-GCM, the same class of encryption used by financial institutions and government agencies. All remaining data is stored on encrypted database infrastructure and protected by strict access controls
  • Encryption in Transit: All data transmitted between your device and our servers is protected using TLS 1.3, the latest and most secure transport protocol available
  • Password Security: Passwords are hashed using bcrypt with secure salting before storage - we cannot see or recover your password

Document & File Storage

Documents and files you upload — such as lab reports, test results, and related images or PDFs — are stored in private, access-controlled storage. These files have no public URL and cannot be retrieved through an anonymous link; they are served only through authenticated requests tied to your account. This keeps any protected health information contained in your uploads isolated from public access.

Access Controls

  • User Data Isolation: Your data is strictly isolated from other users at the database level - no user can access another user's information
  • Role-Based Access: Internal access to systems is restricted based on job function with comprehensive audit logging
  • Audit Logging: All access to sensitive data is logged and retained for 6 years to ensure accountability and enable security audits

Third-Party Security

  • Data Processing Agreements: All third-party processors have signed comprehensive Data Processing Agreements (DPAs) ensuring contractual data protection obligations
  • Vendor Security Review: We evaluate the security practices of all service providers before integration

5. Your Privacy Rights

You have the following rights regarding your personal information:

  • Right to Access: View all data we store about you through your account settings
  • Right to Rectification: Update or correct your profile information at any time
  • Right to Deletion: Delete individual conversations or your entire account permanently
  • Right to Data Portability: Export all your data in a machine-readable format (JSON/CSV)
  • Right to Withdraw Consent: Delete your account at any time to stop data processing

To exercise these rights, visit your Account Settings or contact us at hello@vedalife.ai.

6. Data Retention

  • Account Data: Retained until you delete your account
  • Conversations: Retained indefinitely unless you delete them manually
  • Conversation Summaries: One summary per user, updated weekly
  • Verification Tokens: Automatically deleted after 24 hours or after use
  • Password Reset Tokens: Expire after 1 hour
  • Deleted Accounts: Permanently removed within 30 days of deletion request

7. Our Compliance Approach

Vedalife follows industry best practices for protecting health-related information:

  • GDPR Compliant: We respect the data protection rights of users in the European Union, including rights to access, rectification, erasure, and data portability
  • CCPA Compliant: California residents have the right to know, delete, and opt-out of the sale of personal information (we do not sell personal information)
  • HIPAA-Aligned Practices: While Vedalife is a wellness platform and not a covered entity under HIPAA, we voluntarily follow HIPAA-aligned security practices as a demonstration of our commitment to protecting your health-related information

For more details about our security measures, visit our Security Practices page.

8. Children's Privacy

Vedalife is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@vedalife.ai.

9. International Data Transfers

VEDALIFE INC. is based in the United States. By using our service, you consent to your data being transferred to and processed in the United States and by our service providers (such as those described above), which may be located in other countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Your continued use of Vedalife after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: hello@vedalife.ai

Mail:
VEDALIFE INC.
1630 Chicago Avenue STE 1301
Evanston, IL 60201

For information about how we use Vedalife for wellness purposes and our medical disclaimer, please see our Terms of Service.