Privacy Policy

1. Who We Are

Vytal is a gamified chronic-care app developed by Vytal, Brunei. We help people with diabetes and hypertension build lasting health habits through quests, tracking, and community.

For privacy questions, contact us at: sai29.devs@gmail.com

2. What Data We Collect

Account Information

Email address (used for login and account recovery)
Display name and username
Age and country (used to personalise health recommendations)
Profile picture (optional, uploaded by you)

Health Data

Blood pressure readings (systolic / diastolic)
Blood sugar readings
Heart rate, step count, sleep hours, water intake
Weight, height, BMI (used to calculate your health risk score)
Chronic condition information (diabetes type, hypertension stage)

App Usage Data

Quest completion history
Streak and XP progress
In-app purchases (coins, diamonds, premium status)
Chat messages sent within the community feature

Device Data

Device type and OS version (for crash reporting)
Wearable data synced from Health Connect (Android) or HealthKit (iOS) — only with your explicit permission

3. How We Use Your Data

Health tracking — to display your readings, trends, and risk score
Personalisation — to tailor quest recommendations, AI chat context, and health reminders to your specific conditions
Gamification — to calculate XP, coins, streak, leaderboard rank, and badge progress
AI features — your today's health metrics are sent to our AI (via OpenAI) to power Pip, our health chatbot. No data is retained by OpenAI beyond the session.
Community — your username, avatar, and leaderboard rank are visible to other users

      We never sell your data. Your health information is never shared with advertisers, data brokers, or third parties for marketing purposes.
    

4. Data Storage and Security

All data is stored on Supabase (hosted on AWS), protected by Row Level Security — meaning your data is only accessible by your own account
All connections use HTTPS / TLS encryption in transit
Passwords are never stored — authentication is handled by Supabase Auth with OTP email verification
Chat images are stored in a private Supabase Storage bucket; only the sender and recipient can access them

5. Your Rights and Controls

Access — you can view all your health logs, quest history, and profile data inside the app at any time
Edit — update your profile, health conditions, and preferences from Profile → Settings
Delete — permanently delete your account and all associated data from Profile → Settings → Delete Account. This cannot be undone.
Privacy settings — control which achievements and stats are visible to other users
Wearable sync — you can revoke Health Connect / HealthKit permissions from your device settings at any time

6. Third-Party Services

Supabase — database, authentication, and file storage (their privacy policy)
OpenAI — AI chatbot processing. Health data sent is not used to train OpenAI models (their privacy policy)
Google AdMob — serves rewarded ads to free users. Google may collect device identifiers for ad personalisation. You can opt out via your device's ad settings. (Google's privacy policy)
Google Play Billing — handles premium subscription payments. We do not store payment card details.

7. Children's Privacy

Vytal is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at sai29.devs@gmail.com and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and notify users via the app if the changes are significant. Continued use of Vytal after any changes constitutes acceptance of the updated policy.

9. Contact Us

For any privacy-related questions, requests, or concerns:

Email: sai29.devs@gmail.com
Website: vytalquest.com

We aim to respond within 48 hours on business days.