EasyVitals Privacy Policy

Effective date: June 19, 2026

This Privacy Policy describes how EasyVitals ("EasyVitals," "we," "us," or "our") collects, uses, discloses, and otherwise processes information in connection with the EasyVitals mobile application, related widgets, websites, and associated services (collectively, the "Service").

For legal and operational purposes, the controller and operator of the Service is the individual or legal entity identified in the app listing, website, or other official EasyVitals notice in effect at the time of your use of the Service ("Operator"). As of the effective date above, questions about this Privacy Policy may be sent to privacy@easyvitals.app.

By using the Service, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to information processed through the Service, including when you:

This Privacy Policy does not govern the practices of Apple, Anthropic, Open Food Facts, Vercel, Upstash, or other third parties except as expressly described here. Those parties maintain their own terms and privacy disclosures.

Unless otherwise expressly stated, the Service is primarily intended for users in the United States.

2. Information We Collect

We collect the following categories of information.

A. Account and identity information

When you sign in using Sign in with Apple, we may receive and store:

We use this information to authenticate you, restore your account state, secure access to certain features, and support syncing across your devices.

Except where expressly stated otherwise in this Privacy Policy, Sign in with Apple account identifiers and related account state are stored on-device or within Apple-managed systems used to provide the Service, rather than in a standalone EasyVitals user-account database controlled by us.

B. Content you create in the app

Depending on how you use the Service, we may collect and store:

For clarity, most core app content such as meals, notes, favorites, photos, personalization, and related synced records is stored on your device and, where enabled, in your own Apple-managed iCloud / CloudKit storage. As described below, the principal identifiable dataset EasyVitals directly controls as controller is feedback you submit through the in-app feedback flow.

C. Health and fitness information

If you grant permission, EasyVitals may read selected HealthKit / Apple Health data and write certain nutrition data back to Apple Health. Depending on your permissions and device data, this may include categories such as:

EasyVitals uses only the categories you authorize. You may revoke Health access at any time in the Apple Health app or iOS Settings.

C-1. Apple Health / HealthKit detail

Based on the current Service design, the app may read categories such as:

Based on the current Service design, the app may write categories such as:

when generated from your logged meals.

Turning off Health permissions stops future reads and writes through the Service but does not automatically remove data already stored in Apple Health. EasyVitals can generally delete only HealthKit samples the app itself authored, and not samples created by Apple or other apps.

D. AI analysis inputs

If you use AI-assisted logging or analysis features, we may process:

E. Device, diagnostics, and usage information

We and our service providers may process limited technical and usage information such as:

EasyVitals does not use third-party advertising or analytics SDKs and does not use analytics for cross-app behavioral advertising. Other than the aggregate, pseudonymous service and website metrics described above, EasyVitals does not collect product or usage analytics.

F. Feedback information

If you send feedback through the Service, we may process:

Please do not submit sensitive medical, health, or other confidential information through free-form feedback fields unless we expressly request it for support purposes.

3. How We Use Information

We use information for the following business and commercial purposes:

We may also use de-identified or aggregated information for debugging and service improvement where permitted by law.

4. How Information Is Stored

EasyVitals uses a mix of local device storage and third-party infrastructure.

A. On your device

Certain app data may be stored locally on your device using technologies such as SwiftData, UserDefaults, caches, and the iOS Keychain.

For example:

B. In iCloud / CloudKit

EasyVitals uses CloudKit to sync certain app data. Some data is stored in private CloudKit databases associated with your iCloud account. Those private-database records are part of your Apple-managed storage, not a general-purpose EasyVitals application server that we independently host.

Feedback submitted through the in-app feedback flow may be stored in CloudKit infrastructure designated by Apple as part of the app's public database environment and administered by EasyVitals for service operations. Such data is not intended to be publicly displayed to end users, but it is stored in third-party cloud infrastructure and should be treated accordingly.

C. In Apple Health

If you authorize Apple Health access, certain nutrition entries or related data may be written to the Health app, and certain health or fitness categories may be read from the Health app. Health data belongs to you, and Apple provides its own privacy controls for that data.

D. Through our backend and security infrastructure

EasyVitals uses a backend proxy and related infrastructure to authenticate AI requests, apply rate limits, and route requests securely. This may involve service providers such as Vercel and Upstash.

E. Through third-party AI providers

EasyVitals currently uses Anthropic for certain AI analysis functions. We may change providers over time and update this Privacy Policy accordingly.

5. Third-Party Services and Data Sharing

We do not sell your personal information, and we do not share your personal information for third-party cross-context behavioral advertising.

We may disclose information to the following categories of recipients:

A. Service providers

We use vendors and processors to operate the Service, including providers for hosting, infrastructure, authentication support, AI inference, and sync-related functionality. Based on the current Service design, these may include:

By category, current disclosures may include:

At present, the principal identifiable dataset EasyVitals directly controls in its own controller capacity is the feedback dataset described above. Other product data may be held primarily in Apple-managed user storage, on-device, or in processor systems used to provide a requested feature.

B. Open Food Facts

If you use barcode-related features, the Service may query data from Open Food Facts, a collaborative third-party food database. Barcode results may be incomplete, outdated, or inaccurate, and EasyVitals does not control the underlying third-party database.

C. Legal, compliance, and safety disclosures

We may disclose information if we believe in good faith that doing so is necessary to:

D. Business transfers

If we are involved in a merger, acquisition, restructuring, financing, asset sale, or similar transaction, information may be transferred as part of that transaction, subject to applicable law.

6. AI Processing Disclosure

When you choose to use AI-assisted features, your submitted content is processed to return a result you requested. This may include meal photos, food descriptions, workout descriptions, and limited personalization context used to improve estimates.

EasyVitals currently routes these requests through its own backend and then to Anthropic's commercial API.

Data sent for AI processing is handled under the third-party provider agreements, service configurations, and retention settings in effect at the time of processing. Those provider practices may change over time, and EasyVitals may change AI providers or routing architecture.

Except where we expressly commit otherwise in a separate written notice, you should assume that third-party AI providers may temporarily retain submitted content for security, abuse prevention, legal compliance, debugging, or service-operation purposes as permitted by their terms and applicable law.

AI features are probabilistic and may be incomplete, inaccurate, or inappropriate for your situation. You remain responsible for reviewing any AI-generated output before relying on it.

7. Analytics

EasyVitals does not use first-party product or usage analytics. The app does not include a third-party analytics SDK, does not send product-usage telemetry to an analytics provider, and does not use any advertising ID or third-party ad-tracking SDK.

8. Notifications, Widgets, and Shortcuts

If you enable notifications, EasyVitals may schedule local notifications on your device, such as a weekly recap reminder. These notifications are controlled by iOS and your device settings.

If you use widgets, App Intents, or shortcuts, certain limited information may be exposed on your device surfaces according to your device configuration and Apple's operating system behavior. You are responsible for managing device-level privacy settings, including lock-screen visibility.

9. Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with law, resolve disputes, enforce agreements, and protect the Service.

Retention may vary by category:

Short-lived anti-abuse or rate-limit data may persist temporarily according to processor TTLs and may expire automatically rather than being actively deleted during account deletion.

The current in-app export feature is limited and may include only selected categories of app content, such as certain meals, notes, favorites, and stored photos. It may not include every category of settings data, workout history, Apple Health data, feedback records, derived recap artifacts, or processor-side records.

At present, EasyVitals includes export and sign-out controls. Depending on the app version in use, an in-app deletion flow may not be available, may be limited in scope, or may require supplemental manual handling by EasyVitals.

Deletion requests may not result in immediate removal from every storage location. For example:

In current versions of the Service, deletion of feedback records stored in the EasyVitals-controlled CloudKit public database may also depend on technical and operational prerequisites in that environment. Until those prerequisites are fully in place, feedback-related identifiable data may persist even after an account deletion request, and EasyVitals should not be understood to guarantee immediate or universal deletion of that dataset in every environment.

If you wish to request deletion assistance, contact us at privacy@easyvitals.app.

10. Your Choices and Rights

Subject to applicable law and the technical design of the Service, you may have the ability to:

Some requests may be limited by legal obligations, security requirements, identity-verification requirements, technical feasibility, or our need to maintain the Service for legitimate business purposes.

If you are an Apple Health user, you can also manage Health permissions directly through Apple's controls.

11. International Processing

Your information may be processed in countries other than the country in which you reside, including where our service providers operate. Those countries may have data protection laws different from those in your jurisdiction.

Where required, we take reasonable steps intended to require appropriate safeguards for such transfers. However, no transfer mechanism can eliminate all risk.

12. U.S. State Privacy and Consumer Health Data Disclosures

Certain U.S. state laws may provide additional rights or impose additional disclosure obligations relating to personal information or consumer health data. To the extent those laws apply to EasyVitals, this Privacy Policy is intended to describe the categories of consumer health-related data we collect, the sources of that data, the purposes for which we use it, the categories of third parties with whom it may be shared or disclosed, and the methods by which you may exercise applicable rights.

Depending on your jurisdiction and our legal obligations there, you may have additional rights to:

If you believe a state-specific consumer privacy or consumer health data law applies to your request, say so when contacting us so we can route the request appropriately.

13. Children's Privacy

EasyVitals is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the Service. If you believe a child has provided personal information in violation of this section, contact us and we will take appropriate steps to investigate and address the issue.

If local law in your jurisdiction sets a different age threshold for digital consent, that local threshold applies.

14. Security

We use administrative, technical, and organizational measures designed to protect information against unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the security of your device, passcode, Apple account, and any other credentials used with the Service.

If we become aware of a security incident affecting personal information or consumer health data, we may notify affected users, regulators, law enforcement, or other parties as required by applicable law.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by updating the effective date, posting the revised policy, or using other appropriate means. Your continued use of the Service after the revised Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

16. Contact

Questions, requests, or privacy-related concerns may be directed to:

EasyVitals
privacy@easyvitals.app