Your conversations with Ginger are sent to Anthropic's Claude AI for processing
We store your health data (allergies, dietary preferences, health goals) to personalize your experience
You can delete your conversations or entire account at any time
You can export all your data in JSON/CSV format
Your passwords are encrypted and we use HTTPS for all communications
We will never sell your personal information to third parties
Your health data and messages are encrypted at rest using AES-256 encryption
Personal identifiers are removed before AI processing (de-identification)
We follow HIPAA-aligned security practices for health data protection
Introduction
Welcome to Vedalife. VEDALIFE INC. is committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy explains our data practices when you use our AI-powered health coaching platform.
By creating an account, you consent to the collection and use of your information as described in this policy.
1. Information We Collect
Account Information
Name
Email address
Password (encrypted)
Health & Wellness Information
Dietary preferences and restrictions
Food allergies
Health goals and conditions
Location and timezone (for meal planning)
Conversations with Ginger, our AI health coach
Usage Information
Messages sent and received
Conversation timestamps
Feature usage patterns
2. Third-Party Services (IMPORTANT)
Your conversations are processed by external AI services
To provide personalized health coaching, we transmit your conversations and health profile to third-party AI providers. Please read this section carefully.
Anthropic (Claude AI)
We use Anthropic's Claude AI to power Ginger, our health coaching assistant. When you send a message, the following information is transmitted to Anthropic's servers:
Your complete conversation history
Your dietary restrictions and allergies (marked as critical)
Your health goals and conditions
Your food preferences
Your location and timezone
Conversation summaries we generate for personalization
How We Protect Your Data During AI Processing
Before your information is sent to Anthropic for processing, we apply a de-identification layer to minimize personal data exposure:
Your name is removed or replaced with a pseudonym
Specific locations are generalized to region level only
Exact birth dates are converted to age ranges
Other direct identifiers like email addresses are stripped
Anthropic's Commitment: API inputs are not used for model training. Data is retained for up to 30 days for trust and safety purposes only, then deleted. For more information, see Anthropic's Privacy Policy.
Resend (Email Service)
We use Resend to send transactional emails (verification, password reset). Resend processes:
Your email address
Your name
Email metadata (delivery status, open rates)
3. How We Use Your Information
Personalized Health Coaching: To provide tailored meal plans, nutrition advice, and health guidance through Ginger
Safety: To ensure we never recommend foods you're allergic to
Account Management: To verify your email, reset passwords, and manage your account
Service Improvement: To improve our AI coaching quality and add new features (aggregated, non-identifiable data only)
Communication: To send important updates about your account or our services
4. How We Protect Your Data
We implement comprehensive security measures to protect your personal and health information. For detailed information about our security practices, visit our Security Practices page.
Encryption Standards
Encryption at Rest: All health data and conversations stored in our systems are encrypted using AES-256 encryption, the same standard used by financial institutions and government agencies
Encryption in Transit: All data transmitted between your device and our servers is protected using TLS 1.3, the latest and most secure transport protocol available
Password Security: Passwords are hashed using bcrypt with secure salting before storage - we cannot see or recover your password
Access Controls
User Data Isolation: Your data is strictly isolated from other users at the database level - no user can access another user's information
Role-Based Access: Internal access to systems is restricted based on job function with comprehensive audit logging
Audit Logging: All access to sensitive data is logged and retained for 6 years to ensure accountability and enable security audits
Third-Party Security
Data Processing Agreements: All third-party processors have signed comprehensive Data Processing Agreements (DPAs) ensuring contractual data protection obligations
Vendor Security Review: We evaluate the security practices of all service providers before integration
5. Your Privacy Rights
You have the following rights regarding your personal information:
Right to Access: View all data we store about you through your account settings
Right to Rectification: Update or correct your profile information at any time
Right to Deletion: Delete individual conversations or your entire account permanently
Right to Data Portability: Export all your data in a machine-readable format (JSON/CSV)
Right to Withdraw Consent: Delete your account at any time to stop data processing
To exercise these rights, visit your Account Settings or contact us at hello@vedalife.ai.
6. Data Retention
Account Data: Retained until you delete your account
Conversations: Retained indefinitely unless you delete them manually
Conversation Summaries: One summary per user, updated weekly
Verification Tokens: Automatically deleted after 24 hours or after use
Password Reset Tokens: Expire after 1 hour
Deleted Accounts: Permanently removed within 30 days of deletion request
7. Our Compliance Approach
Vedalife follows industry best practices for protecting health-related information:
GDPR Compliant: We respect the data protection rights of users in the European Union, including rights to access, rectification, erasure, and data portability
CCPA Compliant: California residents have the right to know, delete, and opt-out of the sale of personal information (we do not sell personal information)
HIPAA-Aligned Practices: While Vedalife is a wellness platform and not a covered entity under HIPAA, we voluntarily follow HIPAA-aligned security practices as a demonstration of our commitment to protecting your health-related information
For more details about our security measures, visit our Security Practices page.
8. Children's Privacy
Vedalife is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@vedalife.ai.
9. International Data Transfers
VEDALIFE INC. is based in the United States. By using our service, you consent to your data being transferred to and processed in the United States and by our service providers (Anthropic, Resend), which may be located in other countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Your continued use of Vedalife after changes become effective constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: