Privacy Policy — Vita
1. Introduction
DREAMBIG AI INFOLABS PRIVATE LIMITED ("we," "us," or "our") operates Vita (the "Service"), a digital metabolic health programme platform designed to support clinician-supervised GLP-1 and related metabolic health therapies, care-team messaging, treatment adherence workflows, and optional integration with device health data where you grant permission.
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Service. By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
Contact: <thevitalifeco@gmail.com>
Postal address: 66 2nd floor 4th T Block, 27th Cross Road KV Layout, Jayanagar III Block, Bangalore South, Bangalore- 560011, Karnataka
2. Information we collect
2.1 Information you provide
- Account and profile information (e.g., name, email, phone where collected).
- Communications you send through the Service (e.g., messages to your care team).
- Content you upload (e.g., documents, images) where the Service allows it.
- Payment-related information processed by our payment partners (we do not store full card numbers on our servers).
2.2 Information collected automatically
- Device and usage data (e.g., app version, device type, log data, approximate diagnostics).
- Authentication tokens and session data needed to operate the Service securely.
2.3 Health and wellness information
Where you connect Google Fit, Health Connect (Android), or similar integrations and grant permission, we may process health and wellness metrics you choose to sync (for example, activity, metabolic markers, sleep, or nutrition-related data supported by the integration) to support your metabolic health programme and treatment-tracking experience in Vita. You can revoke permissions in your device or account settings.
Health data processed through the Service — including any data relating to GLP-1 therapy, metabolic markers, laboratory results, or clinical assessments — is treated as sensitive personal health data and afforded heightened protection. We do not sell, license, or use such data for advertising targeting or profiling.
2.4 Sign-in with Google (OAuth)
If you choose to sign in with Google:
- We request only the basic identity scopes
openid,email, andprofile— Vita does not request access to your Google Calendar, Google Meet, Gmail, Drive, or any other sensitive Google data. - Google's authentication service shares identifiers and profile information with us according to your Google account settings and the permissions you approve on Google's consent screen.
- Google's use of information is governed by Google's Privacy Policy: https://policies.google.com/privacy
We use this information to create and secure your account and to provide the Service. You can revoke Vita's access at any time from your Google Account's third-party permissions page.
3. How we use information
We use information to:
- Provide, maintain, and improve the Service.
- Authenticate users and prevent fraud or abuse.
- Communicate with you about the Service (e.g., service messages, security notices).
- Coordinate metabolic health programme features you engage with (e.g., treatment-adherence workflows, and communication with authorised clinicians or care staff, where applicable).
- Comply with law and enforce our Terms of Service.
We do not sell your personal information as "sale" is commonly defined in applicable privacy laws. We do not use your health data for targeted advertising, ad profiling, or cross-context behavioural advertising. We do not share health data with social media platforms or advertising networks.
4. Sensitive health data — additional protections
Information you share in connection with your metabolic health programme — including clinical assessments, GLP-1 prescriptions, laboratory results, symptom reports, and related health communications — constitutes sensitive personal health data. We apply the following additional safeguards to such data:
- Access is restricted to authorised personnel and licensed clinicians directly involved in your programme.
- Such data is never used for advertising purposes, never sold to third parties, and never shared with insurance companies or employers without your explicit consent or legal obligation.
- Where you ask us to delete your account, we will delete or anonymise your sensitive health data subject to any legally mandated retention obligations (e.g., retention of medical records under applicable Indian law).
5. Legal bases (where applicable)
If the GDPR, India's Digital Personal Data Protection Act 2023 (DPDPA), or similar laws apply, we rely on one or more of: contract (providing the Service), legitimate interests (security, improvement, subject to your rights), consent (where required, e.g., certain health data processing or optional features), or legal obligation. For special category health data, we rely on your explicit consent or a recognised legal basis for health data processing under applicable law.
6. Sharing of information
We may share information with:
- Service providers who assist us (e.g., cloud hosting, authentication, analytics, payment processing, email delivery), under contractual obligations consistent with this Policy.
- Your care team when you use features that explicitly involve licensed clinicians or coordinators, as designed in the Service and as required to provide you with clinical services.
- Licensed pharmacy partners solely to the extent required to fulfil a prescription issued by a clinician on or through the Service, as authorised by you.
- Authorities when required by law or to protect rights, safety, and security.
We may use Google Firebase, Google Cloud, and AI features that process prompts or content you submit; such processing is subject to our agreements with providers and this Policy. We do not use health data to train third-party AI models without your explicit consent.
7. International transfers
Our primary data processing takes place within India. Where data is processed by third-party service providers outside India (e.g., cloud infrastructure), we ensure appropriate contractual safeguards are in place consistent with applicable Indian data protection law.
8. Retention
We retain information as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Clinical health records may be subject to minimum retention requirements under applicable Indian medical law. Retention periods differ by data category and will be applied in accordance with our internal data retention schedule.
9. Security
We implement reasonable technical and organisational measures to protect information, including encryption in transit and at rest for sensitive health data, access controls, and security monitoring. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
10. Your rights and choices
Depending on your location and applicable law, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may also have the right to complain to a supervisory authority (in India: the Data Protection Board of India under the DPDPA 2023).
To exercise rights: contact <thevitalifeco@gmail.com>. We will acknowledge your request within 72 hours and respond substantively within 30 days. We may need to verify your identity before processing your request.
Withdrawing consent (DPDPA 2023)
You may withdraw consent for any processing that is consent-based at any time. You can do this by:
- Using the account settings within the Vita application to disable specific data-sharing or integration permissions.
- Emailing <thevitalifeco@gmail.com> with a request to withdraw consent, specifying the processing activity.
- Revoking Google OAuth permissions from your Google Account's third-party permissions page.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Withdrawing consent for processing that is essential to the Service (e.g., clinical data sharing with your care team) may mean that some or all features of the Service can no longer be provided to you.
Marketing: We do not send marketing material based on your health information. Service-related communications necessary to operate your programme (e.g., appointment reminders, prescription status notifications) are not marketing communications.
11. Children's privacy
The Service is not directed to children under 18 years old. We do not knowingly collect personal information from children. GLP-1 therapy requires clinical assessment and is appropriate only for adults. If you believe we have collected data from a minor, contact us and we will take appropriate steps.
12. Third-party links and services
The Service may link to third-party sites or services. Their practices are governed by their own policies. Review Google's policies for OAuth and account data. We are not responsible for the privacy practices of third-party sites.
13. Changes to this policy
We may update this Privacy Policy. We will post the new version with an updated "Last updated" date and, where required, provide additional notice. Continued use after changes constitutes acceptance unless applicable law requires otherwise.
14. Grievance Officer (DPDPA 2023)
In accordance with the Digital Personal Data Protection Act, 2023, if you have any questions or grievances regarding the processing of your personal data, you may contact our Grievance Officer:
- Name: Prashanth Ramamurthy
- Designation: Grievance Officer, Data Protection
- Email: <thevitalifeco@gmail.com>
- Address: 66 2nd floor 4th T Block, 27th Cross Road KV Layout, Jayanagar III Block, Bangalore South, Bangalore- 560011, Karnataka
The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days from the date of receipt. If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India.
15. Contact
DREAMBIG AI INFOLABS PRIVATE LIMITED
66 2nd floor 4th T Block, 27th Cross Road KV Layout, Jayanagar III Block, Bangalore South, Bangalore- 560011, Karnataka
Email: <thevitalifeco@gmail.com>