1. Data Controller

LLC "VITAMETRIA" (TOV "Vitametriia")

EDRPOU: 45663900

Address: 2D Slavy Blvd., apt. 29, Dnipro, 49100, Dnipropetrovsk region, Ukraine

2. Scope

This Privacy Policy applies to the Vitametria mobile application (iOS and Android) and the website https://vitametria.com/ (together — the "Service").

Important Medical and Legal Notice

Vitametria is an informational digital service for storing, recognizing, structuring, and explaining laboratory data. Vitametria is not a healthcare provider, medical service, laboratory, insurer, telemedicine provider, or emergency service.

The mobile application, website, automated document recognition, reference ranges, and AI-generated materials are provided for informational purposes only. They are not a diagnosis, medical opinion, prescription, treatment order, or substitute for professional medical advice, and they do not create a doctor-patient or clinic-patient relationship.

Do not use Vitametria for urgent or emergency medical decisions. If you have symptoms, suspect an acute condition, need diagnosis or treatment guidance, or face any health risk, promptly contact a qualified healthcare professional or emergency services.

Availability of Vitametria through the Apple App Store or Google Play only means that the service is distributed through those platforms. It does not change the informational nature of Vitametria and does not mean that the service undertakes to provide medical opinions, clinical guarantees, treatment directions, or responsibility for medical decisions made by a user without consultation with a qualified healthcare professional.

3. What Data We Collect

Vitametria follows the principle of data minimization (Article 5(1)(c) GDPR). We do not require your real name — you may use any pseudonym or nickname. Additional profile data (sex, age, blood type) is entirely optional and used solely to improve the quality of reports and recommendations.

Account data — email, display name (pseudonym — real name not required), interface language. Legal basis: Art. 6(1)(b) GDPR — contract performance.

Health data — lab test results, biomarker values, reference ranges. Legal basis: Art. 9(2)(a) GDPR — explicit consent.

Documents — uploaded PDF/images of lab reports. Legal basis: Art. 9(2)(a) GDPR — explicit consent.

Sub-user profiles — display name (pseudonym), optional fields: date of birth, sex, blood type (used only to improve report quality). Legal basis: Art. 6(1)(a) GDPR — consent.

Usage data — app opens, feature usage, crash reports. Legal basis: Art. 6(1)(f) GDPR — legitimate interest.

Device data — device model, OS version, app version. Legal basis: Art. 6(1)(f) GDPR — legitimate interest.

Payment data — subscription status, purchase history (processed by Apple/Google, we never see card numbers). Legal basis: Art. 6(1)(b) GDPR — contract performance.

We do NOT collect: precise geolocation, contacts, call logs, SMS, advertising identifiers.

4. How We Use Your Data

Provide the service: store and display lab results, track biomarker trends, generate health reports.
Document recognition: process uploaded images/PDFs through our OCR/NER system to extract biomarker data.
Report generation: when you order a paid report, your biomarker data is processed by our RAG model and structured via OpenAI API (see Section 6).
Improve the service: aggregate anonymized statistics (error rates, recognition accuracy) — never individual health data.
Communication: service notifications, support responses.

5. Health Data — Special Protection

Lab results and biomarker values are special category data under GDPR Article 9. We process this data only with your explicit consent, which you provide through the in-app Consent Screen before any health data is collected.

You may withdraw consent at any time: Settings → Privacy → Withdraw Consent. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

6. Sub-Processors

Contabo GmbH — server hosting (VPS). All app data (encrypted). Location: Germany (EU).

Google LLC (Firebase) — authentication, push notifications, crash reporting. Email, device tokens, crash logs. Location: EU (Frankfurt).

OpenAI, Inc. — health report generation. Anonymized biomarker values (no names, emails, identifying data). Location: USA.

Apple Inc. — payment processing (iOS). Subscription status (no card data shared with us). Location: USA.

Google LLC (Play Billing) — payment processing (Android). Subscription status (no card data shared with us). Location: USA.

OpenAI data handling: When generating reports, we send only numerical biomarker values, reference ranges, and dates — never your name, email, or any personally identifiable information. OpenAI API data is not used for training per their Business Terms.

7. Data Storage and Security

Location: dedicated server in Germany (EU), Contabo GmbH.
Encryption in transit: TLS 1.3 for all API communications.
Encryption at rest: database on encrypted volume.
Access control: Firebase Authentication (JWT tokens), role-based API access.
Document storage: uploaded files stored on the server with signed URLs (time-limited access).
Backups: automated daily backups, encrypted, retained for 30 days.

8. Data Retention

Account data — until you delete your account.
Health data (biomarkers, documents) — until you delete them or delete your account.
Sub-user profiles — until you delete them or delete your account.
Generated health reports — 12 months after generation.
Server logs — 90 days.
Crash reports (Firebase Crashlytics) — 90 days.

After account deletion, all your data is permanently erased within 30 days.

9. Your Rights (GDPR Articles 15–22)

Access your data — Settings → Privacy → Export My Data.
Rectify inaccurate data — edit directly in the app.
Erase your data — Settings → Privacy → Delete All My Data.
Restrict processing — email privacy@vitametria.com.
Data portability — Settings → Privacy → Export My Data (JSON format).
Object to processing — email privacy@vitametria.com.
Withdraw consent — Settings → Privacy → Withdraw Consent.
Lodge a complaint — Ukrainian Parliament Commissioner for Human Rights or your local EU DPA.

We respond to all requests within 30 days.

10. Children's Privacy

Vitametria is available to users aged 18 and older. Users under 18 may not create an account.

Sub-user profiles for children (e.g., a parent tracking a child's lab results) are created and managed exclusively by the parent/guardian account holder. The child does not have independent access to the app.

11. International Data Transfers

Your data is stored and processed in the European Union (Germany). When generating health reports, anonymized biomarker data may be processed by OpenAI in the USA under Standard Contractual Clauses (SCCs) as approved by the European Commission.

12. Cookies and Tracking

The Vitametria mobile app does not use cookies. We use Firebase Analytics for aggregate usage statistics (screen views, crash reports). No advertising identifiers are collected. You can opt out of analytics in Settings → Privacy.

The vitametria.com website may use cookies for analytics (Google Analytics) and language preference storage. You can configure your browser to disable cookies.

13. Camera and Photo Library Access

Our application requires access to your device's camera and photo library strictly for the purpose of uploading and recognizing medical test results (e.g., PDF reports or photos of laboratory blanks). The images captured or uploaded are processed securely to extract biomarker data for your personal health dashboard.

We do not use your camera for any other purpose, and your medical images are not shared with third-party advertisers or used to train public AI models.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notification at least 14 days before they take effect. Continued use of the app after the effective date constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related questions:

Email: privacy@vitametria.com

Підтримка: support@vitametria.com

Address: LLC "VITAMETRIA", 2D Slavy Blvd., apt. 29, Dnipro, 49100, Ukraine