EasyVitals Privacy Policy
Effective date: June 19, 2026
This Privacy Policy describes how EasyVitals ("EasyVitals," "we," "us," or "our") collects, uses, discloses, and otherwise processes information in connection with the EasyVitals mobile application, related widgets, websites, and associated services (collectively, the "Service").
For legal and operational purposes, the controller and operator of the Service is the individual or legal entity identified in the app listing, website, or other official EasyVitals notice in effect at the time of your use of the Service ("Operator"). As of the effective date above, questions about this Privacy Policy may be sent to privacy@easyvitals.app.
By using the Service, you acknowledge the practices described in this Privacy Policy.
1. Scope
This Privacy Policy applies to information processed through the Service, including when you:
- create or use an EasyVitals account through Sign in with Apple;
- log meals, workouts, notes, preferences, and related content;
- connect the Service to Apple Health;
- use AI-assisted analysis features;
- enable weekly recap notifications, widgets, shortcuts, or related app features; or
- contact us or send feedback.
This Privacy Policy does not govern the practices of Apple, Anthropic, Open Food Facts, Vercel, Upstash, or other third parties except as expressly described here. Those parties maintain their own terms and privacy disclosures.
Unless otherwise expressly stated, the Service is primarily intended for users in the United States.
2. Information We Collect
We collect the following categories of information.
A. Account and identity information
When you sign in using Sign in with Apple, we may receive and store:
- your Apple account user identifier;
- your sign-in timestamp;
- your email address, if provided by Apple; and
- your display name, if provided by Apple.
We use this information to authenticate you, restore your account state, secure access to certain features, and support syncing across your devices.
Except where expressly stated otherwise in this Privacy Policy, Sign in with Apple account identifiers and related account state are stored on-device or within Apple-managed systems used to provide the Service, rather than in a standalone EasyVitals user-account database controlled by us.
B. Content you create in the app
Depending on how you use the Service, we may collect and store:
- meal entries, favorites, ingredients, calories, macros, and fiber values;
- food photos and thumbnails;
- workout entries and related activity details;
- day notes and other free-text logs;
- personalization details such as age, biological sex, height, weight, goals, and unit preferences;
- weekly recap and observation artifacts generated for you; and
- feedback you choose to submit.
For clarity, most core app content such as meals, notes, favorites, photos, personalization, and related synced records is stored on your device and, where enabled, in your own Apple-managed iCloud / CloudKit storage. As described below, the principal identifiable dataset EasyVitals directly controls as controller is feedback you submit through the in-app feedback flow.
C. Health and fitness information
If you grant permission, EasyVitals may read selected HealthKit / Apple Health data and write certain nutrition data back to Apple Health. Depending on your permissions and device data, this may include categories such as:
- weight;
- workouts and exercise minutes;
- calories burned;
- sleep data;
- steps;
- resting heart rate;
- nutrition-related entries; and
- State of Mind or similar wellness context where supported.
EasyVitals uses only the categories you authorize. You may revoke Health access at any time in the Apple Health app or iOS Settings.
C-1. Apple Health / HealthKit detail
Based on the current Service design, the app may read categories such as:
- body mass / weight;
- active energy burned;
- workouts;
- exercise minutes;
- sleep analysis;
- steps;
- resting heart rate;
- dietary energy, protein, carbohydrates, fat, and fiber; and
- State of Mind or related wellness context where supported by Apple and authorized by you.
Based on the current Service design, the app may write categories such as:
- dietary energy;
- protein;
- carbohydrates;
- fat; and
- fiber,
when generated from your logged meals.
Turning off Health permissions stops future reads and writes through the Service but does not automatically remove data already stored in Apple Health. EasyVitals can generally delete only HealthKit samples the app itself authored, and not samples created by Apple or other apps.
D. AI analysis inputs
If you use AI-assisted logging or analysis features, we may process:
- meal photos you submit;
- free-text food or workout descriptions;
- voice-derived text after transcription;
- related structured data needed to fulfill your request, such as estimated calories, macros, or workout metadata; and
- limited personalization context, such as age, sex, height, or weight, when used to improve a workout estimate or other analysis result.
E. Device, diagnostics, and usage information
We and our service providers may process limited technical and usage information such as:
- app version and build number;
- device type and operating system version;
- feature usage events, such as app opens, settings opens, barcode scans, or logging entry points;
- coarse timestamps associated with those events;
- notification preference state and recap interaction state;
- diagnostic or security information needed to operate and protect the Service; and
- pseudonymous service metrics recorded by our servers when you use analysis features: a one-way-hashed (irreversible) identifier and the calendar dates of use, kept in aggregate form to measure overall adoption, retention, and service load. These records contain no health data and no content of what you logged, and we cannot reverse them to identify your Apple account; and
- aggregate, cookieless metrics for visits to our website (
easyvitals.app): page views, a one-way hash of your IP address and browser type used only to count unique visits (we do not store the raw values), the website or app you arrived from (the referring domain only), and whether you clicked a link to the App Store. We use no cookies, set no cross-site identifiers, and do not track you across other sites or over time beyond these aggregate counts.
EasyVitals does not use third-party advertising or analytics SDKs and does not use analytics for cross-app behavioral advertising. Other than the aggregate, pseudonymous service and website metrics described above, EasyVitals does not collect product or usage analytics.
F. Feedback information
If you send feedback through the Service, we may process:
- your star rating;
- your comment;
- your app version, build, operating system, and device information; and
- if available in your account state, your user identifier, email, and display name.
Please do not submit sensitive medical, health, or other confidential information through free-form feedback fields unless we expressly request it for support purposes.
3. How We Use Information
We use information for the following business and commercial purposes:
- to provide, maintain, and improve the Service;
- to authenticate you and manage account state;
- to sync your content across your devices using iCloud / CloudKit;
- to read and write the Apple Health data you have authorized;
- to analyze meal photos, meal descriptions, and workout descriptions at your request;
- to generate recaps, insights, summaries, and personalized observations;
- to support export, recovery, and restoration functions;
- to send local, device-based reminders or recap notifications if you enable them;
- to detect, investigate, prevent, or address abuse, misuse, fraud, security incidents, and technical issues;
- to respond to support inquiries and feedback; and
- to comply with applicable law, lawful process, and contractual obligations.
We may also use de-identified or aggregated information for debugging and service improvement where permitted by law.
4. How Information Is Stored
EasyVitals uses a mix of local device storage and third-party infrastructure.
A. On your device
Certain app data may be stored locally on your device using technologies such as SwiftData, UserDefaults, caches, and the iOS Keychain.
For example:
- your local app content may be stored on-device for app functionality and offline use;
- your proxy session token is stored in the iOS Keychain; and
- app preferences and certain feature-state flags may be stored in UserDefaults or iCloud key-value storage.
B. In iCloud / CloudKit
EasyVitals uses CloudKit to sync certain app data. Some data is stored in private CloudKit databases associated with your iCloud account. Those private-database records are part of your Apple-managed storage, not a general-purpose EasyVitals application server that we independently host.
Feedback submitted through the in-app feedback flow may be stored in CloudKit infrastructure designated by Apple as part of the app's public database environment and administered by EasyVitals for service operations. Such data is not intended to be publicly displayed to end users, but it is stored in third-party cloud infrastructure and should be treated accordingly.
C. In Apple Health
If you authorize Apple Health access, certain nutrition entries or related data may be written to the Health app, and certain health or fitness categories may be read from the Health app. Health data belongs to you, and Apple provides its own privacy controls for that data.
D. Through our backend and security infrastructure
EasyVitals uses a backend proxy and related infrastructure to authenticate AI requests, apply rate limits, and route requests securely. This may involve service providers such as Vercel and Upstash.
E. Through third-party AI providers
EasyVitals currently uses Anthropic for certain AI analysis functions. We may change providers over time and update this Privacy Policy accordingly.
5. Third-Party Services and Data Sharing
We do not sell your personal information, and we do not share your personal information for third-party cross-context behavioral advertising.
We may disclose information to the following categories of recipients:
A. Service providers
We use vendors and processors to operate the Service, including providers for hosting, infrastructure, authentication support, AI inference, and sync-related functionality. Based on the current Service design, these may include:
- Apple, including Sign in with Apple, iCloud / CloudKit, Apple Health / HealthKit, notifications, widgets, and related operating system services;
- Anthropic, for AI analysis features;
- Vercel, for backend hosting and related infrastructure; and
- Upstash, for rate-limiting and related infrastructure support.
By category, current disclosures may include:
- Apple: account identifiers, sync metadata, app content you store through CloudKit, HealthKit-authorized reads/writes, and device-managed notification/widget interactions;
- Anthropic: AI-request payloads such as meal photos, meal or workout text, and limited personalization context when needed for the feature you requested;
- Vercel and Upstash: authentication, request routing, anti-abuse, session, and rate-limiting metadata associated with AI feature requests; and
- Open Food Facts: barcode lookup queries and related product-resolution requests.
At present, the principal identifiable dataset EasyVitals directly controls in its own controller capacity is the feedback dataset described above. Other product data may be held primarily in Apple-managed user storage, on-device, or in processor systems used to provide a requested feature.
B. Open Food Facts
If you use barcode-related features, the Service may query data from Open Food Facts, a collaborative third-party food database. Barcode results may be incomplete, outdated, or inaccurate, and EasyVitals does not control the underlying third-party database.
C. Legal, compliance, and safety disclosures
We may disclose information if we believe in good faith that doing so is necessary to:
- comply with applicable law, regulation, legal process, or lawful governmental request;
- enforce our terms, policies, or contracts;
- protect the security, integrity, or operation of the Service;
- protect our rights, property, or safety or those of our users or others; or
- investigate suspected fraud, abuse, or violations of law.
D. Business transfers
If we are involved in a merger, acquisition, restructuring, financing, asset sale, or similar transaction, information may be transferred as part of that transaction, subject to applicable law.
6. AI Processing Disclosure
When you choose to use AI-assisted features, your submitted content is processed to return a result you requested. This may include meal photos, food descriptions, workout descriptions, and limited personalization context used to improve estimates.
EasyVitals currently routes these requests through its own backend and then to Anthropic's commercial API.
Data sent for AI processing is handled under the third-party provider agreements, service configurations, and retention settings in effect at the time of processing. Those provider practices may change over time, and EasyVitals may change AI providers or routing architecture.
Except where we expressly commit otherwise in a separate written notice, you should assume that third-party AI providers may temporarily retain submitted content for security, abuse prevention, legal compliance, debugging, or service-operation purposes as permitted by their terms and applicable law.
AI features are probabilistic and may be incomplete, inaccurate, or inappropriate for your situation. You remain responsible for reviewing any AI-generated output before relying on it.
7. Analytics
EasyVitals does not use first-party product or usage analytics. The app does not include a third-party analytics SDK, does not send product-usage telemetry to an analytics provider, and does not use any advertising ID or third-party ad-tracking SDK.
8. Notifications, Widgets, and Shortcuts
If you enable notifications, EasyVitals may schedule local notifications on your device, such as a weekly recap reminder. These notifications are controlled by iOS and your device settings.
If you use widgets, App Intents, or shortcuts, certain limited information may be exposed on your device surfaces according to your device configuration and Apple's operating system behavior. You are responsible for managing device-level privacy settings, including lock-screen visibility.
9. Retention
We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with law, resolve disputes, enforce agreements, and protect the Service.
Retention may vary by category:
- local app content may remain on your device until you delete it, sign out, uninstall the app, or clear device storage;
- iCloud / CloudKit content may remain until deleted from the applicable storage location or account;
- Keychain session credentials may remain until they expire or are cleared by sign-out or app logic;
- feedback records may remain until deleted or no longer needed for support, quality, or product review purposes; and
- AI provider retention may be subject to the provider's then-current commercial retention practices.
Short-lived anti-abuse or rate-limit data may persist temporarily according to processor TTLs and may expire automatically rather than being actively deleted during account deletion.
The current in-app export feature is limited and may include only selected categories of app content, such as certain meals, notes, favorites, and stored photos. It may not include every category of settings data, workout history, Apple Health data, feedback records, derived recap artifacts, or processor-side records.
At present, EasyVitals includes export and sign-out controls. Depending on the app version in use, an in-app deletion flow may not be available, may be limited in scope, or may require supplemental manual handling by EasyVitals.
Deletion requests may not result in immediate removal from every storage location. For example:
- deletion from Apple-controlled systems such as iCloud / CloudKit or Apple Health may depend on Apple's propagation and storage behavior;
- certain third-party processor logs, security records, and backup copies may persist for a limited period;
- records needed for security, fraud prevention, legal compliance, dispute resolution, or accounting may be retained as permitted by law; and
- certain deletion operations may be processed on a best-effort basis where immediate or synchronous erasure is not technically possible.
In current versions of the Service, deletion of feedback records stored in the EasyVitals-controlled CloudKit public database may also depend on technical and operational prerequisites in that environment. Until those prerequisites are fully in place, feedback-related identifiable data may persist even after an account deletion request, and EasyVitals should not be understood to guarantee immediate or universal deletion of that dataset in every environment.
If you wish to request deletion assistance, contact us at privacy@easyvitals.app.
10. Your Choices and Rights
Subject to applicable law and the technical design of the Service, you may have the ability to:
- review and update certain profile and preference information in the app;
- export certain app content using the app's export feature;
- revoke Apple Health permissions through Apple Health or iOS Settings;
- disable local notifications in the app or through iOS Settings;
- sign out of Sign in with Apple within the app;
- request access to, correction of, or deletion of certain personal information; and
- request information about how your information is processed.
Some requests may be limited by legal obligations, security requirements, identity-verification requirements, technical feasibility, or our need to maintain the Service for legitimate business purposes.
If you are an Apple Health user, you can also manage Health permissions directly through Apple's controls.
11. International Processing
Your information may be processed in countries other than the country in which you reside, including where our service providers operate. Those countries may have data protection laws different from those in your jurisdiction.
Where required, we take reasonable steps intended to require appropriate safeguards for such transfers. However, no transfer mechanism can eliminate all risk.
12. U.S. State Privacy and Consumer Health Data Disclosures
Certain U.S. state laws may provide additional rights or impose additional disclosure obligations relating to personal information or consumer health data. To the extent those laws apply to EasyVitals, this Privacy Policy is intended to describe the categories of consumer health-related data we collect, the sources of that data, the purposes for which we use it, the categories of third parties with whom it may be shared or disclosed, and the methods by which you may exercise applicable rights.
Depending on your jurisdiction and our legal obligations there, you may have additional rights to:
- confirm whether we collect, share, or sell certain categories of personal information or consumer health data;
- withdraw consent for certain processing activities where consent is required by law;
- request deletion of consumer health data, subject to legal exceptions and technical limitations;
- appeal a denial of a rights request where required by law; and
- obtain a list of categories of affiliates, processors, or third parties with whom certain covered information has been shared.
If you believe a state-specific consumer privacy or consumer health data law applies to your request, say so when contacting us so we can route the request appropriately.
13. Children's Privacy
EasyVitals is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the Service. If you believe a child has provided personal information in violation of this section, contact us and we will take appropriate steps to investigate and address the issue.
If local law in your jurisdiction sets a different age threshold for digital consent, that local threshold applies.
14. Security
We use administrative, technical, and organizational measures designed to protect information against unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
You are responsible for maintaining the security of your device, passcode, Apple account, and any other credentials used with the Service.
If we become aware of a security incident affecting personal information or consumer health data, we may notify affected users, regulators, law enforcement, or other parties as required by applicable law.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by updating the effective date, posting the revised policy, or using other appropriate means. Your continued use of the Service after the revised Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.
16. Contact
Questions, requests, or privacy-related concerns may be directed to:
EasyVitalsprivacy@easyvitals.app