Privacy Policy

This Privacy Policy ("Policy") describes how Vital Health International, LLC ("Vital Health," "Company," "we," "us," or "our") collects, uses, processes, stores, shares, and protects information obtained through the VH Scanner mobile application ("App"), website, and related services (collectively, the "Services").

By downloading, installing, or using the VH Scanner App, you ("User," "you," or "your") acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, please do not use the Services.

This Policy applies to all users worldwide and is designed to comply with applicable data protection laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission Health Breach Notification Rule, the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), the Children's Online Privacy Protection Act (COPPA), and applicable state biometric data laws in Texas, Washington, and other jurisdictions.

We collect the following categories of information when you use the VH Scanner App. For each category, we explain what is collected, why it is needed, and the legal basis for processing.

2.1 Account Data

2.2 Profile Data

2.3 Medical History Data

You may optionally provide the following to improve the accuracy and relevance of your scan results:

• Pre-existing conditions — diabetes, hypertension, asthma, heart disease, and other chronic conditions
• Current medications — prescription and over-the-counter medications that may affect vital signs
• Fitness level — self-reported activity level for resting heart rate calibration
• Neurological conditions — epilepsy, migraine disorders, and similar conditions that affect autonomic function
• Pregnancy status — pregnancy alters cardiovascular baselines and reference ranges
• Head injury history — traumatic brain injuries can affect autonomic nervous system readings

2.4 Per-Session Intake Data

Before each scan session, the App may ask you about temporary factors that affect your current physiological state:

• Smoking status — recent tobacco or nicotine use affects SpO2 and heart rate
• Caffeine consumption — caffeine elevates heart rate and blood pressure temporarily
• Alcohol consumption — alcohol affects heart rate variability and blood pressure
• Current emotional state — stress and anxiety directly impact cardiovascular readings
• Pain level — pain triggers autonomic responses that alter vital signs
• Eye drops usage — certain eye drops (mydriatics, vasoconstrictors) affect pupil and sclera measurements

2.5 Biometric Scan Data

During a scan, the App captures the following raw sensor data:

• Facial video capture — camera captures of the face to extract rPPG signals from skin color fluctuations
• Eye close-up capture — images of the sclera and iris for jaundice screening, redness detection, and pupil response
• Fingertip capture — camera placed over the fingertip with flash for PPG signal extraction
• Palm capture — palm images for nail bed color analysis and peripheral circulation assessment
• Skin area capture — targeted skin images for lesion analysis, hydration assessment, and Fitzpatrick skin type detection
• Voice recordings — short audio captures analyzed for respiratory patterns, vocal tremor, and stress biomarkers
• Motion / accelerometer data — device motion data used for tremor detection, gait analysis, and movement artifact filtering

2.6 rPPG Signal Data

Remote photoplethysmography (rPPG) is the core technology behind VH Scanner. From the raw camera data, we extract:

• Heart rate (HR) — beats per minute derived from facial blood flow oscillations
• Blood pressure (BP) — systolic and diastolic estimates from pulse wave analysis
• Blood oxygen saturation (SpO2) — estimated from color channel ratio analysis
• Heart rate variability (HRV) — time-domain and frequency-domain metrics indicating autonomic function

2.7 Derived Health Markers

The App processes raw signals through proprietary algorithms to produce up to 346 derived biomarkers spanning the following categories:

• Cardiovascular — cardiac output, stroke volume, vascular age, arterial stiffness, arrhythmia risk
• Respiratory — respiratory rate, breath pattern regularity, predicted lung function
• Metabolic — estimated BMR, glucose risk indicators, cholesterol risk markers
• Dermatological — skin hydration score, UV damage indicators, lesion risk classification
• Neurological / Mental Health — stress index, cognitive load indicators, fatigue markers, anxiety indicators
• Hematological — estimated hemoglobin, anemia risk, bilirubin indicators
• General wellness — overall health score, biological age estimate, recovery readiness

2.8 Scan History & Trend Data

The App retains a history of your scan results over time to provide:

• Longitudinal trend analysis (how your markers change over days, weeks, months)
• Baseline establishment for personalized reference ranges
• Anomaly detection (significant deviations from your personal baseline)
• Progress tracking for health and wellness goals

2.9 Multi-Profile Data

VH Scanner allows you to create additional profiles to scan friends, family members, or other individuals. For each additional profile, the same data categories (2.2 through 2.8) may be collected. See Section 9 for consent requirements when scanning others.

2.10 Referral Program Data

If you participate in the VH Scanner referral program, we collect:

• fsDealerID — a unique identifier linking you to the referral network
• Referral codes you generate and share
• Referral codes you redeem
• Referral reward status and history

2.11 Device & Technical Data

• Camera specifications — resolution, frame rate, flash capability (needed for scan quality assessment)
• Device sensors — accelerometer, gyroscope availability and capabilities
• Operating system — OS type and version (for compatibility and debugging)
• Device model — hardware model (for camera calibration profiles)
• App version — for feature availability and bug tracking
• Unique device identifier — anonymized device ID for session management (not advertising ID)

2.12 Fitzpatrick Skin Type

3.1 Biometric Data We Collect

3.2 Consent Requirement

Before the App performs its first biometric scan, you will be presented with a clear, separate consent screen that:

1. Identifies Vital Health International, LLC as the entity collecting biometric data
2. Describes the specific biometric data being collected (as listed in Section 3.1)
3. States the purpose for collection (health marker extraction and wellness assessment)
4. Discloses the retention schedule (see Section 11)
5. Requires your affirmative, written (electronic) consent before any biometric capture occurs

You may withdraw your consent at any time by navigating to Settings > Privacy > Biometric Consent in the App, or by contacting our Data Protection Officer. Withdrawal of consent will prevent future biometric scans but will not affect the lawfulness of processing based on consent before its withdrawal.

3.3 Biometric Data Handling

• Raw biometric data (video, audio, images) is processed in real-time and permanently deleted within 60 seconds of scan completion. Raw captures are never stored on our servers.
• Derived biometric signals (heart rate values, blood pressure readings, etc.) are stored as numerical values only. These numerical results cannot be used to reconstruct the original biometric identifiers (face, voice, fingerprint).
• Biometric data is never used for identification purposes. We do not use facial geometry to identify you; we use it solely to extract health signals.
• Biometric data is never sold, leased, traded, or otherwise disclosed to third parties, except as required by law or with your separate, explicit consent.

3.4 Biometric Data Destruction

We will permanently destroy all biometric identifiers and biometric information when:

• The initial purpose for collecting the data has been satisfied, or
• Within 3 years of the individual's last interaction with VH Scanner, whichever comes first

This destruction schedule meets or exceeds the requirements of BIPA Section 15(a) and applies regardless of the user's jurisdiction.

3.5 Illinois Residents — Additional BIPA Rights

If you are a resident of Illinois, you have the right to:

• Sue for statutory damages if your biometric data is collected, stored, or used in violation of BIPA
• Recover liquidated damages of $1,000 per negligent violation or $5,000 per intentional or reckless violation
• Obtain injunctive relief and reasonable attorneys' fees

4.1 On-Device Processing (Default)

The majority of VH Scanner's data processing occurs locally on your device:

• Camera capture and frame extraction — all video frames are captured and processed in device memory
• rPPG signal extraction — the core algorithm runs on-device using the device's GPU/Neural Engine
• Facial landmark detection — face geometry analysis for ROI (region of interest) selection runs locally
• Fitzpatrick skin type detection — automated classification occurs on-device
• Voice analysis — audio is processed locally; raw recordings are not transmitted
• Motion artifact filtering — accelerometer data is processed and discarded on-device

4.2 Cloud Processing (Opt-In)

Certain features require server-side processing. When you use these features, the following data may be transmitted:

• Derived numerical markers — for cloud-based trend analysis, cross-device sync, and advanced analytics
• Profile metadata — for account management and multi-device access
• Anonymized aggregate data — for algorithm improvement (only with your consent; see Section 6)

4.3 What Is Never Transmitted

• Raw facial video or photos
• Raw voice recordings
• Raw fingertip, palm, or skin images
• Facial geometry coordinates or biometric templates
• Any data that could reconstruct your biometric identifiers

5.1 On-Device Storage

• Scan results are stored in the device's encrypted local storage (iOS Keychain / Android EncryptedSharedPreferences or equivalent)
• Profile data is encrypted using AES-256 encryption with device-bound keys
• No health data is stored in plaintext on the device filesystem
• Temporary scan data (camera buffers, intermediate signals) is held in volatile memory only and is zeroed out immediately after processing

5.2 Cloud Storage (When Applicable)

• Encryption in transit: All data transmitted between the App and our servers uses TLS 1.3 with certificate pinning
• Encryption at rest: All data stored on our servers is encrypted using AES-256-GCM encryption
• Database encryption: Database columns containing health data use additional application-level encryption (envelope encryption with customer-managed keys where supported)
• Key management: Encryption keys are managed through a dedicated key management service (KMS) with automatic rotation every 90 days
• Access controls: Server-side data access is restricted via role-based access control (RBAC) with the principle of least privilege
• Audit logging: Every read and write operation on health data is logged in an append-only audit trail with user ID, timestamp, action type, and source IP

5.3 Infrastructure Security

• Cloud infrastructure is hosted in SOC 2 Type II certified data centers within the United States
• Database backups are encrypted and stored in geographically separate regions for disaster recovery
• Network security includes firewalls, intrusion detection systems (IDS), and DDoS protection
• Penetration testing is conducted at least annually by independent third-party security firms
• Vulnerability scanning is performed continuously with automated patch management

6.1 Service Providers

We may share limited data with trusted service providers who assist in operating the Services:

6.2 With Your Explicit Consent

We may share your health data with third parties only when you provide separate, explicit, opt-in consent for each sharing instance:

• Healthcare providers — if you choose to share scan results with your doctor or clinic
• Research institutions — if you opt into contributing anonymized data to health research
• Family members or caregivers — if you grant access to your scan history

6.3 Legal Requirements

We may disclose your information if required by law, including:

• In response to a valid subpoena, court order, or government investigation
• To comply with applicable laws, regulations, or legal processes
• To protect the rights, property, or safety of Vital Health, our users, or the public
• In connection with a merger, acquisition, or sale of assets (with continued privacy protections)

6.4 Algorithm Improvement

With your separate, opt-in consent, we may use de-identified, aggregated scan data to improve our algorithms. This data is:

• Stripped of all personal identifiers (name, email, device ID)
• Aggregated with data from thousands of other users
• Impossible to trace back to any individual
• Used solely to improve scan accuracy for all users

7.1 Coverage Status

VH Scanner is a direct-to-consumer wellness application. As such, Vital Health International may not currently qualify as a "covered entity" or "business associate" under HIPAA (45 CFR Parts 160 and 164). However, we have made the strategic decision to build and operate to HIPAA standards because:

• It protects our users with the highest standard of health data privacy
• It prepares us for partnerships with healthcare providers and insurers
• It exceeds the requirements of other applicable regulations (FTC, state laws)
• It demonstrates our commitment to data protection leadership

7.2 HIPAA-Aligned Safeguards We Implement

Administrative Safeguards:

• Designated Data Protection Officer (Ricardo Tovar) responsible for privacy compliance
• Written privacy and security policies reviewed annually
• Workforce training on handling protected health information
• Risk assessments conducted at least annually
• Incident response and breach notification procedures (see Section 12)
• Business Associate Agreements (BAAs) with all vendors who access health data

Physical Safeguards:

• Cloud infrastructure in physically secured, access-controlled data centers
• No health data stored on employee workstations or portable media
• Device disposal policies ensuring complete data destruction

Technical Safeguards:

• Unique user identification and authentication for all system access
• Automatic session termination after inactivity
• AES-256 encryption at rest, TLS 1.3 encryption in transit
• Audit controls logging all access to health data
• Integrity controls ensuring data has not been altered or destroyed
• Transmission security with end-to-end encryption

7.3 FTC Health Breach Notification Rule

Depending on your jurisdiction, you have some or all of the following rights regarding your personal and health data. We honor all of the following rights for all users, regardless of location, as a matter of policy.

8.1 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
• Right to Delete: You may request deletion of personal information, subject to certain legal exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Health data, biometric data, race/ethnicity, and precise geolocation are "sensitive personal information" under CPRA. You may direct us to limit our use to what is necessary for the Services.
• No Sale or Sharing: We do not sell personal information and do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months.

To exercise CCPA/CPRA rights, submit a verifiable consumer request by emailing rtovar@vitalhealthglobal.com or using the in-app privacy controls. We will respond within 45 days (extendable by an additional 45 days with notice).

8.2 GDPR Rights (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR:

• All rights listed in the table above, plus the right to lodge a complaint with your local Data Protection Authority (DPA)
• The right to obtain information about international data transfers and the safeguards in place (see Section 13)
• The legal basis for processing your health data is explicit consent (GDPR Article 9(2)(a)) and contractual necessity (Article 6(1)(b)) for account data

8.3 Response Timeframes

VH Scanner allows you to create additional profiles to scan other individuals. When you scan someone other than yourself, you assume legal responsibility for the following:

9.1 Consent Requirements

• Adults (18+): You must obtain the individual's direct, informed consent before scanning them. This includes informing them about what data is collected, how it is used, and how they can request deletion.
• Minors (13-17): You must be the minor's parent or legal guardian and consent on their behalf. The minor should be informed in age-appropriate language about the data collection.
• Incapacitated individuals: You must be the individual's legal guardian, healthcare proxy, or authorized representative.

9.2 Biometric Consent for Others

Biometric data laws (BIPA, Texas CUBI, etc.) require consent from the individual whose biometric data is being collected. When you scan another person:

• The App will display a separate biometric consent notice for each new individual scanned
• The scanned individual must view and affirmatively accept the biometric consent notice (e.g., by tapping a consent button while being shown the notice)
• For minors, the parent or legal guardian must accept on their behalf

9.3 Data Rights for Scanned Individuals

Any individual whose data is stored in a multi-profile has the same data rights as the primary account holder (access, deletion, export, correction). They may exercise these rights by:

• Asking the account holder to delete their profile and data through the App
• Contacting our DPO directly at rtovar@vitalhealthglobal.com with proof of identity

10.1 Age Requirement

VH Scanner is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA).

10.2 Age Verification

• During account creation, users must provide their date of birth
• If the entered date of birth indicates the user is under 13, account creation is blocked
• The App does not collect or store any data from users who fail age verification

10.3 Parental Controls (Ages 13-17)

For users between 13 and 17:

• A parent or legal guardian must create the account and provide consent via the multi-profile feature
• The parent retains full access to the minor's data and can delete it at any time
• We do not serve targeted advertising to minors
• We do not sell or share the personal data of users known to be under 18

10.4 Discovery of Underage Users

If we discover that we have inadvertently collected personal information from a child under 13, we will:

1. Immediately deactivate the account
2. Delete all personal and health data associated with the account within 48 hours
3. Notify the parent or guardian if contact information is available

If you believe we may have collected data from a child under 13, please contact our DPO immediately at rtovar@vitalhealthglobal.com.

Despite our security measures, no system is completely immune to breach. In the event of a security incident involving your personal or health data, we are committed to transparency and swift action.

12.1 Incident Response

1. Detection & Containment: Automated monitoring detects anomalies. Upon detection, the security team isolates affected systems within hours.
2. Assessment: We assess the scope, nature, and severity of the breach, including what data was affected and how many users are impacted.
3. Remediation: We address the vulnerability that caused the breach and implement measures to prevent recurrence.
4. Notification: We notify affected individuals and relevant authorities within the legally required timeframes (see below).
5. Post-Incident Review: We conduct a thorough post-mortem and update our security practices accordingly.

12.2 Notification Timeframes

12.3 What We Will Tell You

Breach notifications will include:

• A description of the breach and when it occurred
• The types of data involved
• Steps we have taken in response
• Steps you can take to protect yourself
• How to contact us for more information
• Contact information for relevant regulatory authorities

Vital Health International is based in the United States. If you use the Services from outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

13.1 Transfer Safeguards

When we transfer personal data internationally, we rely on the following legal mechanisms:

• EU-US Data Privacy Framework: We adhere to the principles of the EU-US Data Privacy Framework for transfers from the EEA to the United States, where applicable
• Standard Contractual Clauses (SCCs): We enter into EU-approved Standard Contractual Clauses with service providers who process EEA/UK personal data
• Supplementary Measures: We implement additional technical measures (encryption, pseudonymization, access controls) to ensure transferred data receives an essentially equivalent level of protection
• Data Processing Agreements: All international data processors are bound by contractual obligations to protect your data

13.2 Data Localization

For users in jurisdictions with data localization requirements:

• On-device processed data remains on your device and is never transferred internationally
• Cloud-stored data is primarily hosted in the United States
• We are working to offer regional data storage options for jurisdictions that require it

VH Scanner integrates with or relies on the following categories of third-party services. Each has its own privacy policy, and we encourage you to review them.

14.1 Categories of Third-Party Services

14.2 Our Requirements for Third Parties

All third-party service providers must:

• Sign a Data Processing Agreement (DPA) that limits their use of your data to the services they provide to us
• Implement security measures at least as protective as those described in this Policy
• Sign a Business Associate Agreement (BAA) if they have any access to health data
• Demonstrate SOC 2 Type II certification or equivalent security standards
• Agree not to use your data for their own purposes, including advertising or profiling
• Delete or return your data upon termination of their relationship with us

14.3 Links to Other Services

The App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policy of any third-party site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 Notification of Changes

• Material changes: For significant changes that affect how we collect, use, or share your health or biometric data, we will notify you via in-app notification, email, or push notification at least 30 days before the changes take effect.
• Minor changes: For non-material updates (e.g., clarifications, formatting), we will update the "Last Updated" date at the top of this Policy.
• Biometric data changes: Any change to how we collect, store, or use biometric data will require renewed explicit consent through the App before the new practices apply to you.

15.2 Your Choices After Changes

After being notified of material changes:

• Continued use of the App after the effective date constitutes acceptance of the updated Policy
• If you do not agree with the changes, you may delete your account and all associated data before the effective date
• For biometric data changes specifically, you must provide new affirmative consent; we will not rely on prior consent for new biometric practices

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authorities

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local Data Protection Authority:

• EU: Find your local DPA at edpb.europa.eu
• UK: Information Commissioner's Office (ICO) at ico.org.uk

If you are a California resident, you may also contact the California Attorney General's office regarding CCPA/CPRA matters at oag.ca.gov.

If you are an Illinois resident with concerns about biometric data handling, you may contact the Illinois Attorney General's office at illinoisattorneygeneral.gov.