Privacy Policy

VitalizeHQ ("we," "us," or "our") is a health and safety information platform. Our registered business address is on file with our payment processor. For privacy inquiries, contact us at privacy@vitalizehq.com.

Account information: When you create an account, we collect your email address and the name you choose to provide. We use Clerk for authentication — your password is never stored by VitalizeHQ directly.

Health profile: Allergens and dietary preferences you add to your profile. This data is entirely optional and can be deleted at any time. It is stored encrypted in our database and never shared with third parties.

Scan history: Products you search for or scan are saved to your history to provide cross-device sync and your personal dashboard. You can clear your history at any time.

Usage data: We collect standard server logs (page visits, API calls, error logs) to maintain and improve the service. These logs do not include the contents of your health profile.

Payment data: Payments are processed by Stripe. We never see or store your full card number. Stripe's privacy policy governs payment data.

We use your information to:

• Provide and personalise the VitalizeHQ service
• Sync your health profile and scan history across devices
• Flag products that match allergens or dietary preferences you've set
• Process subscription payments via Stripe
• Send transactional emails (receipts, password resets) — not marketing
• Monitor for abuse and maintain service security

We do not use your health profile data to train AI models, sell to advertisers, or share with third parties for any commercial purpose.

We share your data only in the following limited circumstances:

• Service providers: Supabase (database hosting), Clerk (authentication), Stripe (payments), Vercel (hosting). Each operates under a data processing agreement with strict confidentiality requirements.
• Legal requirements: If required by law, court order, or to protect the safety of our users or the public.
• Business transfers: If VitalizeHQ is acquired or merges, your data would transfer to the new entity, which would be bound by this policy.

We do not sell your personal data. Period.

We retain your account data for as long as your account is active. You can delete your account at any time by contacting us at privacy@vitalizehq.com, which will delete all associated data within 30 days, except where retention is required by law (e.g., financial records for 7 years).

Server logs are retained for 90 days and then automatically purged.

Depending on your location, you may have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request that we limit how we process your data

To exercise any of these rights, email privacy@vitalizehq.com. We will respond within 30 days.

We use minimal cookies. Session cookies are required for authentication. We do not use tracking or advertising cookies. See our Cookie Policy for full details.

VitalizeHQ is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has created an account, contact us immediately and we will delete the account.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your health profile is stored in a separate, access-controlled table. We conduct regular security reviews and apply security patches promptly.

We may update this policy as the service evolves. We will notify you by email of any material changes at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance.

For privacy questions or to exercise your rights: privacy@vitalizehq.com