Legal

Privacy Policy

Effective date: May 1, 2026  ·  Last updated: May 2026  ·  Privacy questions: privacy@saludevitale.com

1. Who we are

Salude Vitale is a personal wellness journaling application developed and operated by Salude Vitale Inc. ("Vitale", "we", "us", or "our"). Our app helps you log your symptoms, mood, sleep, and food, and organize that information into summaries you can share with your healthcare team.

Registered address: To be added upon entity formation

Privacy contact: privacy@saludevitale.com

Website: saludevitale.com

2. What we collect and why

We only collect information that is necessary to provide the Vitale service. We do not collect information we do not need. Here is everything we collect, why we collect it, and how long we keep it.

2.1 Health and wellness data

This is the core data you log in the app. It includes:

2.2 Account information

We collect the minimum information needed to create and manage your account.

2.3 Usage and analytics data

We collect anonymized data about how the app is used so we can fix problems and improve the experience. This data is never linked to your identity or your health data.

2.4 Consent records

We record when you accepted this privacy policy and our terms of service, including the date, time, and version you accepted. This is a legal requirement under HIPAA and GDPR and protects both you and us.

2.5 What we do NOT collect

We want to be explicit about what we never collect:

3. How we protect your data

Your health data deserves the strongest protection available. Here is what we do:

3.1 Encryption

3.2 Infrastructure

3.3 Access controls

3.4 Sharing controls

4. Who we share your data with

We share data only with vendors who are necessary to operate Vitale. We never sell your data. We never share your data with advertisers. Every vendor who handles health data has signed a Business Associate Agreement (BAA) with us as required by HIPAA.

*RevenueCat, PostHog, and Stripe never receive health data. A BAA is not required for vendors who do not handle protected health information.

4.1 AI processing disclosure

When you use AI features in Vitale, your logged wellness data patterns are processed by Anthropic's Claude API to generate organized summaries and insights. Before any data is sent to Anthropic:

4.2 Legal disclosures

We may disclose your information if required by law, court order, or government regulation. If we are legally required to disclose your data, we will notify you unless we are legally prohibited from doing so. We will always disclose the minimum information required by the legal request and nothing more.

4.3 Business transfers

If Salude Vitale is acquired, merged, or its assets are transferred, your data may be transferred as part of that transaction. If this happens, we will notify you at least 30 days in advance by email and in-app notification. You will have the option to delete your account and all associated data before any transfer takes effect.

5. Your rights

You have meaningful control over your data. Here are your rights and exactly how to exercise them.

5.1 Account deletion

You can delete your account with a single tap in Settings > Account > Delete my account. When you delete your account:

If you prefer to request deletion by email, contact privacy@saludevitale.com. We will process your request within 5 business days and confirm when complete.

6. HIPAA compliance (United States)

For users in the United States, the health information you log in Vitale may constitute Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Salude Vitale operates on HIPAA-eligible infrastructure. We have implemented the following safeguards required by the HIPAA Security Rule:

You have the following rights with respect to your PHI:

To exercise any HIPAA rights, contact us at privacy@saludevitale.com. We will respond within 30 days as required by law.

7. GDPR compliance (European Union and UK)

For users in the European Union and United Kingdom, this section describes our compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.

7.1 Legal basis for processing

We process your personal data on the following legal bases:

7.2 Data transfers outside the EU

Some of our vendors process data in the United States. Where this involves transferring your personal data outside the European Economic Area, we ensure adequate protection through:

7.3 Data retention

We keep your personal data only for as long as necessary. Specific retention periods are documented in Section 2. When data is no longer needed, it is permanently and securely deleted. We do not retain data for speculative future purposes.

7.4 Automated decision-making

Vitale uses AI to organize and summarize your logged data. This processing does not constitute automated decision-making that produces legal effects or similarly significant effects on you. The AI organizes your data for your review — all decisions about your health remain entirely with you and your healthcare provider.

7.5 Your GDPR rights

In addition to the rights described in Section 5, GDPR gives you the following additional rights:

To contact your national data protection authority:

8. Children's privacy

Vitale is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. Users must be at least 13 years old to create an account.

If you are between 13 and 18, we encourage you to review this policy with a parent or guardian before creating an account. Depending on your country, your parent or guardian may need to provide consent on your behalf.

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information immediately. If you believe we may have collected information from a child under 13, please contact us at privacy@saludevitale.com.

9. Data breach notification

Despite our best efforts, no security system is impenetrable. If a data breach occurs that affects your personal information, we will:

We maintain a documented incident response plan that is tested regularly. Our goal is to detect, contain, and communicate any breach as quickly as possible.

10. Cookies and tracking

The Vitale mobile app does not use cookies. The Vitale website (saludevitale.com) uses the following:

You can control cookies through your browser settings. Disabling essential cookies may prevent you from accessing account features on the website.

11. Changes to this policy

We will update this policy when our practices change. Here is how we handle updates:

Previous versions of this policy are available by contacting privacy@saludevitale.com.

12. Contact us

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your data, please contact us:

Vitale notices trends. Your doctor makes the diagnosis.

"Vitale notices trends. Your doctor makes the diagnosis."