Your data stays yours

Privacy Policy

Effective 2 June 2026

Vitamo (“Vitamo”, “we”, “us”) is an AI health companion you talk to over WhatsApp or through an AI assistant of your choice. You connect your wearables once, and Vitamo answers questions and surfaces trends about your sleep, recovery, heart rate and activity. Because that means handling some of your most personal information, this policy explains exactly what we collect, why, who it’s shared with, and the control you have over it. Plain-English summaries sit alongside the detail.

The short version: we only use your data to provide the service you asked for. We never sell it, never use it for advertising, and never use your personal health data to train public AI models. You can disconnect any provider, export your data, or delete everything at any time.

1. Who we are & how to reach us

Vitamo is the data controller for the personal data described here. For any privacy question or to exercise your rights, email hello@vitamo.health. We aim to respond within 30 days.

2. Information we collect

We collect only what we need to run the service:

3. How we use your information

What we never do: we never sell or rent your personal data; we never use your health data for advertising, marketing profiling, or data mining; and we never use your personal data to train publicly available or third-party AI models.

Where the GDPR or UK GDPR applies, we rely on: your explicit consent to process health data (a special category of personal data), which you give when you connect a provider and may withdraw at any time; performance of a contract to provide the service you signed up for; and our legitimate interests in securing and improving the service, balanced against your rights.

5. How your data is shared

We do not sell your data. We share it only with the service providers (sub-processors) that make Vitamo work, each bound to use it solely on our instructions:

We may also disclose data if required by law, to protect our rights or users’ safety, or in connection with a corporate transaction (in which case this policy will continue to govern your data, or you will be notified of any change).

6. How your data is used with AI

To answer a question, Vitamo sends the relevant portion of your health data and your message to Anthropic’s API to generate a response. Anthropic processes this data as our service provider and, under its commercial API terms, does not use it to train its models and retains it only briefly for abuse-monitoring before deletion. We send only what is needed to answer you, and we do not use your data to train any model of our own that is exposed to other users.

7. Connected services & provider terms

Connecting a wearable is optional and entirely your choice; you can disconnect any provider at any time from your account or by asking Vitamo. When you disconnect, we stop syncing and delete the data we hold from that provider (subject to short backup-retention windows). The following provider-specific commitments apply:

Each provider also processes your data under its own privacy policy; we encourage you to review the policy of any service you connect.

8. Data retention

We keep your data only as long as your account is active or as needed to provide the service. When you disconnect a provider we delete the data synced from it; when you delete your account we delete your personal data, including health data and message history, typically within 30 days, except where we must retain limited records to meet legal obligations (e.g. billing records). Routine encrypted backups are purged on a rolling schedule.

9. Your rights & choices

Wherever you live, you can ask us to access, correct, export, or delete your data, and you can disconnect any provider or withdraw consent at any time. Depending on your location (e.g. the EU/UK under GDPR, or California under the CCPA/CPRA) you may also have rights to data portability, to object to or restrict processing, to non-discrimination for exercising your rights, and to lodge a complaint with your data protection authority. We do not sell or “share” personal information as those terms are defined under California law.

10. Security

Your data is encrypted in transit (TLS) and at rest. Access is restricted to the systems and personnel that need it, secrets are held in protected stores, and services are isolated and bound to private networks. No system is perfectly secure, but we work to protect your data using industry-standard safeguards and will notify you and the relevant authorities of a breach where the law requires.

11. International transfers

We and our service providers may process your data in countries other than your own. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (or equivalent mechanisms) to protect it.

12. Children

Vitamo is not intended for anyone under 16, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy as the service evolves. We’ll change the effective date above and, for material changes, give you reasonable notice (for example, in-app or by message) before they take effect.

14. Contact

Questions, requests, or concerns? Email hello@vitamo.health.

Vitamo provides wellness insights, not medical advice or diagnosis. Always talk to a qualified clinician about health decisions.