Your conversations with Ginger are sent to Anthropic's Claude AI for processing
We store your health data (allergies, dietary preferences, health goals) to personalize your experience
With your permission, we read health & fitness data from Health Connect (Android) or Apple Health (iOS); it is never sold or used for advertising, and you can revoke access anytime
You can delete your conversations or entire account at any time
You can export all your data in JSON/CSV format
Your passwords are encrypted and we use HTTPS for all communications
We will never sell your personal information to third parties
Your messages and sensitive health details (conditions, medications, and allergies) are encrypted at rest with AES-256; all other data is protected by encrypted database infrastructure and strict access controls
Documents you upload (such as lab reports and test results) are kept in private, access-controlled storage that is never publicly accessible
Personal identifiers are removed before AI processing (de-identification)
We follow HIPAA-aligned security practices for health data protection
Introduction
Welcome to Vedalife. VEDALIFE INC. is committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy explains our data practices when you use our AI-powered health coaching platform.
By creating an account, you consent to the collection and use of your information as described in this policy.
1. Information We Collect
Account Information
Name
Email address
Password (encrypted)
Health & Wellness Information
Dietary preferences and restrictions
Food allergies
Health goals and conditions
Location and timezone (for meal planning)
Conversations with Ginger, our AI health coach
Documents and files you choose to upload (such as lab reports, test results, and related images or PDFs)
Connected Health & Fitness Data (Health Connect & Apple Health)
If you choose to connect Vedalife to Health Connect (on Android) or Apple Health (on iOS), and only after you grant permission, we read health and fitness data from those services to personalize your insights and coaching. This may include:
Steps, distance, floors climbed, and active calories burned
Exercise and workout sessions
Heart rate, resting heart rate, and heart rate variability
Blood oxygen saturation and respiratory rate
Blood pressure, blood glucose, and body temperature
Sleep
Weight, height, and body fat
This access is read-only and entirely optional. We request access only to the data types relevant to features you use, and you can revoke access at any time in your device's Health Connect or Apple Health settings, or by disconnecting the integration in Vedalife's settings. Where Vedalife reads data in the background, it does so only to keep your insights current and only while you have granted the relevant permission.
How connected health data is used and shared: Data obtained from Health Connect and Apple Health is used solely to provide and personalize Vedalife's wellness features (such as displaying trends and generating coaching insights). We do not sell this data, do not use it for advertising or marketing, and do not transfer it to third parties except service providers acting on our behalf to operate the app. When connected health data informs AI coaching, it is subject to the same de-identification safeguards described in Section 2 before being sent to Anthropic. Our use of Health Connect data complies with the Health Connect Permissions policy, and our use of Apple Health data complies with Apple's HealthKit requirements, including the restriction against using health data for advertising or sharing it with third parties for marketing.
Usage Information
Messages sent and received
Conversation timestamps
Feature usage patterns
2. Third-Party Services (IMPORTANT)
Your conversations are processed by external AI services
To provide personalized health coaching, we transmit your conversations and health profile to third-party AI providers. Please read this section carefully.
Anthropic (Claude AI)
We use Anthropic's Claude AI to power Ginger, our health coaching assistant. When you send a message, the following information is transmitted to Anthropic's servers:
Your complete conversation history
Your dietary restrictions and allergies (marked as critical)
Your health goals and conditions
Your food preferences
Your location and timezone
Conversation summaries we generate for personalization
How We Protect Your Data During AI Processing
Before your information is sent to Anthropic for processing, we apply a de-identification layer to minimize personal data exposure:
Your name is removed or replaced with a pseudonym
Specific locations are generalized to region level only
Exact birth dates are converted to age ranges
Other direct identifiers like email addresses are stripped
Anthropic's Commitment: API inputs are not used for model training. Data is retained for up to 30 days for trust and safety purposes only, then deleted. For more information, see Anthropic's Privacy Policy.
Resend (Email Service)
We use Resend to send transactional emails (verification, password reset). Resend processes:
Your email address
Your name
Email metadata (delivery status, open rates)
Payments (Stripe, Apple, and Google)
We use Stripe to process web subscription payments, and Apple and Google to process in-app purchases and subscriptions on their mobile platforms. These providers handle your billing and transaction details; we do not store your full payment card numbers. They process:
Billing and transaction information
Subscription and purchase status
Analytics and Reliability (PostHog and Sentry)
We use PostHog for product analytics and Sentry for error monitoring, which help us understand how features are used and diagnose problems. These services may process:
Usage events, feature interactions, and device or browser information
Diagnostic and error data, which may incidentally include information you entered
Hosting and Infrastructure
We rely on trusted infrastructure providers to host our application, database, and file storage on our behalf, including cloud hosting and file storage (Vercel) and our managed database (Neon). These providers process the data described in this policy only as needed to operate the service and under contractual data-protection obligations.
3. How We Use Your Information
Personalized Health Coaching: To provide tailored meal plans, nutrition advice, and health guidance through Ginger
Safety: To ensure we never recommend foods you're allergic to
Account Management: To verify your email, reset passwords, and manage your account
Service Improvement: To improve our AI coaching quality and add new features (aggregated, non-identifiable data only)
Communication: To send important updates about your account or our services
4. How We Protect Your Data
We implement comprehensive security measures to protect your personal and health information. For detailed information about our security practices, visit our Security Practices page.
Encryption Standards
Encryption at Rest: Your messages and the most sensitive fields in your health profile — including health conditions, medications, and allergies — are encrypted at the application level using AES-256-GCM, the same class of encryption used by financial institutions and government agencies. All remaining data is stored on encrypted database infrastructure and protected by strict access controls
Encryption in Transit: All data transmitted between your device and our servers is protected using TLS 1.3, the latest and most secure transport protocol available
Password Security: Passwords are hashed using bcrypt with secure salting before storage - we cannot see or recover your password
Document & File Storage
Documents and files you upload — such as lab reports, test results, and related images or PDFs — are stored in private, access-controlled storage. These files have no public URL and cannot be retrieved through an anonymous link; they are served only through authenticated requests tied to your account. This keeps any protected health information contained in your uploads isolated from public access.
Access Controls
User Data Isolation: Your data is strictly isolated from other users at the database level - no user can access another user's information
Role-Based Access: Internal access to systems is restricted based on job function with comprehensive audit logging
Audit Logging: All access to sensitive data is logged and retained for 6 years to ensure accountability and enable security audits
Third-Party Security
Data Processing Agreements: All third-party processors have signed comprehensive Data Processing Agreements (DPAs) ensuring contractual data protection obligations
Vendor Security Review: We evaluate the security practices of all service providers before integration
5. Your Privacy Rights
You have the following rights regarding your personal information:
Right to Access: View all data we store about you through your account settings
Right to Rectification: Update or correct your profile information at any time
Right to Deletion: Delete individual conversations or your entire account permanently
Right to Data Portability: Export all your data in a machine-readable format (JSON/CSV)
Right to Withdraw Consent: Delete your account at any time to stop data processing
To exercise these rights, visit your Account Settings or contact us at hello@vedalife.ai.
6. Data Retention
Account Data: Retained until you delete your account
Conversations: Retained indefinitely unless you delete them manually
Conversation Summaries: One summary per user, updated weekly
Verification Tokens: Automatically deleted after 24 hours or after use
Password Reset Tokens: Expire after 1 hour
Deleted Accounts: Permanently removed within 30 days of deletion request
7. Our Compliance Approach
Vedalife follows industry best practices for protecting health-related information:
GDPR Compliant: We respect the data protection rights of users in the European Union, including rights to access, rectification, erasure, and data portability
CCPA Compliant: California residents have the right to know, delete, and opt-out of the sale of personal information (we do not sell personal information)
HIPAA-Aligned Practices: While Vedalife is a wellness platform and not a covered entity under HIPAA, we voluntarily follow HIPAA-aligned security practices as a demonstration of our commitment to protecting your health-related information
For more details about our security measures, visit our Security Practices page.
8. Children's Privacy
Vedalife is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@vedalife.ai.
9. International Data Transfers
VEDALIFE INC. is based in the United States. By using our service, you consent to your data being transferred to and processed in the United States and by our service providers (such as those described above), which may be located in other countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Your continued use of Vedalife after changes become effective constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: