Privacy Policy

Vytel is built by Vytel Inc., a Delaware C-Corporation based in New York. We are a standalone, founder-owned company. We are not affiliated with Apple, any hospital system, any insurance company, or any data broker.

For all privacy-related inquiries, you can reach us at contact@vytel.app.

Vytel is an iOS app that connects to Apple HealthKit and uses AI to help you understand your health data — your sleep, your heart rate, your recovery, your trends. When you ask a question, Vytel generates a personalized answer based on your actual Apple Watch data and your personal baseline, not generic population averages.

Vytel is not a medical device, not a diagnostic tool, and not a substitute for medical advice. If you have a health concern, talk to a qualified healthcare provider. Anything Vytel tells you is informational — a starting point for a conversation with your doctor, never a replacement for one.

When the app launches, Vytel will collect the minimum information needed to operate the service. Our full policy will itemize everything, but at a high level you can expect three categories:

1. Information you provide directly
The email address you use for early access. If you create an account, your Apple ID identifier (via Sign in with Apple). Any message you type into the Vytel assistant.

2. Health data from Apple HealthKit
Only the HealthKit categories you explicitly authorize, and only while you have the app installed and permissions granted. Examples include heart rate, heart rate variability (HRV), sleep analysis, step count, distance, active energy, and respiratory rate. Vytel will never write data back to HealthKit — only read it.

3. Technical and usage information
Things like your iOS version, app version, device model, crash reports, and anonymized usage events (which screens you open, whether you complete onboarding). None of this includes the values of your health data.

We will not collect: your precise location, your contacts, your photos, your social connections, advertising identifiers, or any biometric data beyond what Apple HealthKit provides.

Vytel has exactly one reason to collect your data: to make Vytel useful to you.

Your HealthKit data powers the personalized explanations, baselines, and answers you get inside the app. Your conversation history is saved so you can return to past discussions. Technical and usage data helps us fix crashes and understand which features are actually useful.

We will not use your data for advertising. We will not profile you for marketing. We will not sell, rent, share, or trade your data with advertisers, data brokers, insurers, employers, or anyone else outside of the limited, contract-bound service providers listed in our full policy (see Section 05).

For users in jurisdictions where legal bases matter (the EU, UK, and California), we will rely on: your consent (for HealthKit data and clinical records), performance of a contract (to deliver the service you signed up for), and our legitimate interests (to detect crashes, prevent abuse, and secure the service).

We will only share data with a small number of infrastructure partners who help Vytel run. Every partner will be bound by a contractual data processing agreement that restricts what they can do with the data. Our full launch policy will list each one individually, explain what it receives, and link to its own privacy policy.

The short version:

• An AI model provider (currently OpenAI) will receive a short summary of your health metrics relevant to your question, plus your question text — never your name, email, Apple ID, or device identifiers, and never raw HealthKit samples. Our contract prohibits them from training models on your data.
• Apple is involved through the App Store, HealthKit, and Sign in with Apple. Their handling is governed by Apple's privacy policy.
• A small set of infrastructure providers (hosting, analytics, crash reporting) will receive anonymized technical data only — never your health values and never your conversation content.

We will never share your data with advertisers, data brokers, insurers, employers, or government agencies, except when required by a valid legal process (subpoena, warrant, or court order). Where legally permitted, we will notify you if we receive such a request.

When you ask Vytel a question, here is what will happen at launch:

1. The Vytel app, on your device, assembles a short summary of the health metrics relevant to your question.
2. That summary plus your question text is sent over an encrypted connection to our backend.
3. Our backend forwards the request to our AI provider to generate a response.
4. The response is sent back to you.

• ·Your data is never used to train AI models. Our contract with our AI provider expressly prohibits this.
• ·No identifiers are sent. Your name, email, Apple ID, and device identifiers are never included in what we send to the AI provider.
• ·Your conversation history lives on your device, encrypted at rest using iOS file protection. Requests pass through our backend only in transit.
• ·AI responses are informational, not medical advice. Vytel is not a doctor, and nothing it tells you should replace professional medical consultation.

When our full policy publishes, it will specify exact retention periods for every category of data. The commitments we can make now:

• ·Your HealthKit data will live on your device. We will not persist it on our servers.
• ·Your conversation history will live on your device, encrypted, until you delete it.
• ·Crash reports and anonymized analytics will be kept for limited, specified periods — measured in days or months, not years.
• ·Your account record (email, Apple ID) will be kept only as long as you have an active account.

When you delete your account (through Settings → Privacy → Delete My Data in the app, or by emailing contact@vytel.app), we will immediately delete all data on your device and, within 30 days, purge any server-side logs associated with your account.

You will have the right to:

• Access the data we hold about you
• Correct anything that's wrong
• Delete your data at any time
• Export your data in a portable format (JSON)
• Object to certain processing
• Withdraw consent for any optional data use
• Lodge a complaint with a data protection authority (your state Attorney General in the US, or a supervisory authority in the EU)

When the app launches, you'll be able to exercise most of these rights directly in Settings → Privacy inside the app. For anything else, or in the meantime, email contact@vytel.app. We will respond within 30 days.

We take the security of your health data seriously. Specific measures we commit to:

In transit. Every network connection between the Vytel app and our servers uses TLS 1.2 or higher (effectively TLS 1.3 on modern iOS devices).

On your device. We use iOS Data Protection with complete file protection for stored conversations, and Keychain storage for authentication tokens. Your data is only decryptable while your device is unlocked.

In our infrastructure. Encryption at rest, least-privilege access controls, and security review before any team member gets production access.

No backdoors. We cannot read your HealthKit data outside of the specific requests you initiate inside the app.

Incident response. If Vytel ever suffers a security incident affecting your data, we will notify you promptly, by email and in-app, with honest information about what happened and what you should do.

No security system is perfect. But we promise transparency if something goes wrong, and we will never pretend otherwise.

Vytel is built on Apple HealthKit and follows Apple's strict rules for health-data handling. Specifically, we commit to the following:

• Vytel will not use HealthKit data for advertising or marketing
• Vytel will not sell HealthKit data to anyone, ever
• Vytel will not share HealthKit data with third parties except as strictly necessary to operate the service (as disclosed in Section 05)
• Vytel will not use HealthKit data for any purpose other than providing the service you've signed up for

You will be able to revoke Vytel's access to any HealthKit category at any time, from the iOS Settings app: Settings → Privacy & Security → Health → Vytel.

When you revoke a category, Vytel loses the ability to read data of that type going forward. Any data Vytel previously read remains cached on your device until the app is deleted or you delete it via Settings → Privacy → Delete My Data.

Vytel is not intended for anyone under 13, and we will not knowingly collect personal information from a child under 13. If you believe a child has provided information to Vytel, email contact@vytel.app and we will delete it promptly.

For users in the European Economic Area and the United Kingdom, the minimum age to use Vytel is 16 (or the age of digital consent set by your country, whichever is higher).

Vytel is operated from the United States. If you access Vytel from outside the US, your data will be transferred to, stored, and processed in the United States.

For users in the European Economic Area, the United Kingdom, and Switzerland, we will rely on Standard Contractual Clauses (SCCs) approved by the European Commission for cross-border data transfers. A copy of the applicable SCCs can be requested by emailing contact@vytel.app.

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you specific rights:

• Right to know what personal information we collect, where it comes from, and who we share it with
• Right to delete your personal information
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing — Vytel does not sell or share your personal information, so there is nothing to opt out of
• Right to limit use of sensitive personal information — health data is considered sensitive personal information under CPRA. Vytel uses it only for the purposes described in this policy
• Right to non-discrimination — we will never penalize you for exercising any of these rights

To exercise any of these rights, email contact@vytel.app. We will respond within 45 days (extendable once by an additional 45 days if necessary).

Washington State's My Health My Data Act, and similar laws in Nevada and Connecticut, grant residents specific rights over consumer health data.

Consumer health data we process will include: the HealthKit data you authorize, clinical records you optionally connect, and any health-related content of your conversations with the Vytel assistant.

Your rights under these laws include:

• Confirming whether we collect, share, or sell your consumer health data
• Accessing your consumer health data
• Deleting your consumer health data
• Withdrawing consent for collection and sharing
• Appealing a denial of any of these rights

Vytel does not sell consumer health data.

To exercise any of these rights, email contact@vytel.app.

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation and equivalent laws give you rights over your personal data.

Data controller: Vytel Inc. is the controller of your personal data for the purposes of GDPR. You can reach us at contact@vytel.app.

Your rights include:

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with your national supervisory authority

Legal bases for processing include: your explicit consent (for HealthKit data), contract performance (to provide the service), and our legitimate interests (crash diagnostics and anti-abuse), subject to your rights.

Cross-border transfers will use Standard Contractual Clauses, as described in Section 12.

We may update this policy from time to time. When we make material changes, we will notify you in at least two ways before the changes take effect: a notice inside the Vytel app the next time you open it, and an email to the address on file (if we have one). The "Last updated" date at the top of this page always reflects the most recent version.

Prior versions of this policy are available on request by emailing contact@vytel.app.

We read every message sent to contact@vytel.app. If you have a question, a concern, or a request regarding your data, please reach out — we'd rather hear from you than not.

Email: contact@vytel.app
Company: Vytel Inc., Delaware C-Corporation
Mailing address: Vytel Inc., New York, NY (full address available on request)