How We Use Your Data
VitalWhy collects and analyzes anonymized health data to continuously improve our detection algorithms and feedback systems. Here's what this means:
- We collect anonymized biometric patterns to improve shift detection accuracy
- Aggregated data from all users helps us refine correlation algorithms
- Your personal identity is never linked to the data we analyze
- This collective learning benefits all users with better insights over time
- You can opt out of data sharing in the app settings
What We Collect
To improve our algorithms, we collect:
- Anonymized biometric patterns (HRV, heart rate, temperature, SpO2 trends)
- Event-to-outcome correlation patterns (without personal identifiers)
- Aggregated detection accuracy metrics
- App usage patterns to improve the user experience
We do NOT collect your name, email, location, or any personally identifiable information unless you provide it for support purposes.
Health Connect Integration
VitalWhy reads biometric data through Android's Health Connect platform. Here's what you should know:
- You control which data VitalWhy can access through Health Connect permissions
- You can revoke access at any time through your device settings
- We only read data; we never write to or modify your Health Connect records
Permissions We Request
VitalWhy requests the following Health Connect read permissions:
- Heart Rate: To track resting and active heart rate patterns
- Heart Rate Variability: To monitor stress and recovery indicators
- Oxygen Saturation (SpO2): To track blood oxygen levels
- Respiratory Rate: To monitor breathing patterns
- Body Temperature: To detect temperature changes
- Sleep: To correlate events with sleep quality
- Steps: To factor activity into analysis
- Exercise: To track workout sessions
You can grant or deny any of these permissions individually. The app will function with whatever data you choose to share, though some features may be limited.
Data You Create
In addition to Health Connect data, VitalWhy stores information you create:
- Event logs: Activities and events you record
- Self-ratings: Daily subjective scores you enter
- A/B experiments: Personal experiments you set up
- Correlation results: Calculated patterns from your data
- App preferences: Your settings and configurations
This data is stored locally on your device and synced securely with our servers for algorithm improvement.
No Account Required
VitalWhy does not require you to create an account to use the core features. You can optionally create an account to sync your data across devices or access premium features.
No Third-Party Advertising
We do not include any third-party advertising SDKs or sell your data to advertisers. We do collect anonymized usage analytics to improve the app experience and detection algorithms.
Your Rights
You have full control over your data:
- Export: You can export your data at any time from within the app
- Delete: You can delete all your data through the app settings or by contacting us
- Opt-Out: You can opt out of anonymized data collection in the app settings
- Modify: You can edit or remove any logged events
- Revoke: You can revoke Health Connect permissions at any time
Data Security
Your data is protected by:
- End-to-end encryption for data transmission
- Android's built-in app sandboxing (other apps cannot access VitalWhy's data)
- Device encryption (if enabled on your phone)
- Health Connect's security model for biometric data
- Secure cloud infrastructure with industry-standard protections
Regulatory Compliance
HIPAA Compliance
VitalWhy follows the HIPAA Safe Harbor de-identification method. All 18 identifier categories defined by HIPAA are stripped from your data before any AI processing occurs:
- Names and contact information
- Geographic data (addresses, zip codes)
- Dates (except year)
- Phone and fax numbers
- Email addresses
- Social Security numbers
- Medical record and health plan numbers
- Account and license numbers
- Vehicle and device identifiers
- Web URLs and IP addresses
- Biometric identifiers and photographs
- Any other unique identifying numbers
The AI never sees your name, email, location, device IDs, or any other personally identifiable information. Your data is analyzed as anonymous health patterns only.
BIPA Compliance (Illinois)
For users in or near Illinois, VitalWhy provides enhanced privacy protections under the Illinois Biometric Information Privacy Act (BIPA):
- All AI processing for Illinois residents is performed exclusively in VitalWhy's private datacenter
- No biometric data from Illinois users is ever processed by third-party cloud AI services
- We apply a 10-mile buffer zone around Illinois state boundaries for conservative compliance
- If your location cannot be determined, we default to the more protective Illinois routing
Data Processing Locations
Where your AI-assisted analysis is processed depends on your location and the type of request:
| Service |
Illinois Residents |
Other Regions |
| Reports & Detailed Analysis |
VitalWhy Datacenter |
VitalWhy Datacenter |
| Chat Conversations |
VitalWhy Datacenter only |
Cloud AI (with full PII stripping) |
| Correlation Insights |
VitalWhy Datacenter |
VitalWhy Datacenter |
Important: No raw personal data ever leaves your device for AI processing. All data is anonymized on-device before transmission.
Children's Privacy
VitalWhy is not intended for children under 18. We do not knowingly collect data from children.
Changes to This Policy
If we make changes to this privacy policy, we will update the app and this page. We will notify users of significant changes.
Contact
If you have questions about this privacy policy, please contact us.
Last updated: February 2026