Privacy Policy

• Account credentials: email address and password (stored as a salted hash — we cannot see the plaintext). Future releases will offer Sign in with Apple and Google Sign-In as optional authentication methods; when you use one of these, we receive the identifier and email returned by that provider (see Section 6).
• Profile: display name, date of birth, gender, avatar image, and health goals. All fields are optional and editable anytime in "Profile".
• Avatar image: compressed on-device to a 256-pixel JPEG and stored directly in the database as a base64 data URL (not in object storage).

When you choose to connect an external data source, the App will, on your behalf, retrieve the data you have authorized:

• WHOOP (via OAuth 2.0): daily cycles, sleep stages, workouts, recovery score, HRV, resting heart rate, blood oxygen, respiratory rate, and skin temperature. After authorization we sync the most recent 3 days hourly. You can revoke our access from your WHOOP account at any time.
• Apple Health (HealthKit): the iOS app reads your Apple Health data through HealthKit. Reads only happen after you explicitly grant permission via the iOS system prompt; each data type can be approved or denied individually. See Section 5 for the specific types. HealthKit read access will coexist with the legacy "Apple Health Auto Export push" channel during the transition period and will eventually fully replace it.

• Device and session: session tokens, device model, OS version (for diagnostics and session continuity).
• Usage records: questions and answers from your chats with the AI insight feature (saved into "Memory" so you can review them), photographed meals you log, journal entries you write. These are content you actively create.

We do not integrate any third-party analytics, advertising, or behavioral-tracking SDK (no Google Analytics, no Sentry, no Facebook SDK, etc.).

Vita uses HealthKit to read health data you authorize. All reads go through Apple's HKHealthStore API and are gated by iOS system-level permission. You can review and revoke authorization per data type at any time in Settings → Health → Data Access & Devices → Vita.

HKObjectType read permissions we plan to request:

• Activity: stepCount, distanceWalkingRunning, distanceCycling, distanceSwimming, flightsClimbed, activeEnergyBurned, basalEnergyBurned, appleExerciseTime, appleStandTime.
• Cardio: heartRate, restingHeartRate, heartRateVariabilitySDNN, oxygenSaturation, respiratoryRate, vo2Max, bloodPressureSystolic / Diastolic.
• Body measurements: bodyMass, bodyMassIndex, bodyFatPercentage, height, bodyTemperature, appleSleepingWristTemperature.
• Sleep: sleepAnalysis (with stages), sleepDurationGoal.
• Nutrition: dietaryEnergyConsumed, dietaryProtein, dietaryFatTotal, dietaryCarbohydrates, dietaryFiber, dietarySugar, dietaryWater.
• Reproductive health: menstrualFlow, cervicalMucusQuality, ovulationTestResult.
• Workouts: HKWorkoutType (sport_name, duration, heart rate, energy, distance).

Write permissions we plan to request: dietaryEnergyConsumed and dietaryWater only — written back when you log food via Vita's nutrition feature. No other types are written.

The authoritative permission list at any point in time is the NSHealthShareUsageDescription / NSHealthUpdateUsageDescription in Info.plist of the released build. We follow the principle of least privilege: we only request the types we display or analyze.

Once you connect WHOOP, a Vercel Cron job pulls the most recent 3 days of data from the WHOOP API every hour and stores it in our database. The data is used solely to power your in-app visualizations and personalized analysis.

Users who already use the third-party Apple Health Auto Export app to push data to 100old.app may continue doing so during the transition. That app is maintained by a third party outside of the Vita team; its source, push frequency, and field scope are configured by you within that app — please consult its own privacy policy. Once direct HealthKit read access is fully rolled out, we will stop accepting new pushes via that channel.

• Purpose: user authentication and database hosting.
• Data location: Supabase Inc. (United States); the PostgreSQL instance is hosted in the Northeast Asia (Tokyo) region.
• Data scope: account email, password hash, profile fields, and all health data.
• Link: supabase.com/privacy

• Purpose: serverless hosting for the web frontend and API routes.
• Data location: Vercel Inc. (United States).
• Data scope: HTTP request metadata (IP, User-Agent). Vercel does not see application-level health data in plaintext.
• Link: vercel.com/legal/privacy-policy

• Purpose: after your OAuth authorization, read the WHOOP data within scope.
• Data location: WHOOP, Inc. (United States).
• Scopes: recovery, cycles, sleep, workout, profile, body measurement, offline (token refresh).
• Link: whoop.com/legal/privacy

• Purpose: forwards prompts via an OpenAI-compatible API. Text analysis uses DeepSeek (deepseek-v4-flash primary / minimax-m2.7 fallback); nutrition photo recognition uses OpenAI (gpt-5.4-mini, gpt-4o fallback).
• Data flow: routed via the Shengsuanyun (mainland China) API gateway to the third-party model providers DeepSeek and OpenAI.
• Scope of data sent: your display name, year of birth (for age), gender, health goals, and the slice of health data relevant to the prompt (e.g. last 7 days of daily_cycles, the photographed meal). We never transmit your email, password, device identifiers, or the full database.
• Use limits: this data is used only to generate your results in real time and is never used to train models, never sold, and never used for advertising. We send data to these providers only after you explicitly consent in-app; the providers are bound by their terms to give your data protection equal to or comparable with this policy.
• Link: router.shengsuanyun.com

• Purpose: iOS app distribution and optional authentication (Sign in with Apple).
• Data location: Apple Inc. (United States).
• Data collected: when you choose Sign in with Apple, we receive a stable Apple ID user identifier and your email address (you may choose to hide it using Apple's relay email) plus the name you elect to share.
• Link: apple.com/legal/privacy

• Purpose: optional authentication using a Google account.
• Data location: Google LLC (United States).
• Data collected: Google account email, display name, avatar URL, and stable Google user ID. We do not read your Gmail content, contacts, calendar, or any other scope.
• Link: policies.google.com/privacy

• Access: view all profile data we hold inside the in-app Profile screen.
• Correct: edit name, gender, DOB, goals, and avatar directly in the app.
• Export: email us via Section 14 and we'll deliver a machine-readable (JSON) export of your account data within 30 days.
• Delete: use the in-app "Sign out + Delete account" flow, or request deletion by email.
• Withdraw consent: disconnect WHOOP or Apple Health at any time.

• Rights of access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, objection.
• The right to lodge a complaint with your local EU member state supervisory authority.

• Right to know, right to delete, right to non-discrimination.
• We do not sell or share your personal information for cross-context behavioral advertising, so the "Do Not Sell or Share My Personal Information" option is not applicable by default.

• Health data qualifies as "sensitive personal information" under PIPL. The app presents a one-time consent on first launch; declining does not block basic features but disables certain insight analyses.
• You have the right to access, copy, correct, and delete your personal information, and to withdraw consent.
• You may lodge a complaint with the Cyberspace Administration of China (CAC) or other relevant authorities.