Privacy Policy
Last updated: 18 April 2026
VitalMetrics AI is committed to protecting your health data. We are GDPR compliant and never sell your personal information to third parties.
1. Who We Are
VitalMetrics AI ("we," "us," "our") is a health intelligence service operated from the United Kingdom. Our registered contact address is: support@vitalmetricsai.com.
2. What Data We Collect
Account Data
When you create an account, we collect your name, email address, and chosen password (stored as a secure hash).
Health Data
When you upload a blood panel or lab report, we process the document to extract biomarker values. This is classified as sensitive health data under GDPR and is handled with the highest level of care.
Usage Data
We collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used for security and service improvement only.
3. How We Use Your Data
- To provide AI-powered analysis of your blood panel results
- To store and display your historical results and trend charts
- To send transactional emails (account verification, magic links)
- To improve the accuracy and performance of our AI models (anonymised, aggregated data only)
- To comply with legal obligations
4. Legal Basis for Processing (GDPR)
We process your data under the following lawful bases:
- Contract performance — to deliver the service you signed up for
- Explicit consent — for processing sensitive health data (Article 9 GDPR). You provide this consent when you upload your blood panel.
- Legitimate interests — for fraud prevention and security monitoring
5. Your GDPR Rights
Under GDPR, you have the right to:
- Access — request a copy of all data we hold about you
- Rectification — correct inaccurate data
- Erasure ("right to be forgotten") — delete your account and all associated data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Restrict processing — limit how we use your data
To exercise any of these rights, email us at support@vitalmetricsai.com. We will respond within 30 days.
6. Data Retention
We retain your account and health data for as long as your account is active. When you delete your account, all personal and health data is permanently deleted within 30 days.
7. Data Security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use Firebase (Google Cloud) infrastructure, which operates to ISO 27001, SOC 2, and other security standards. Access to your health data is restricted to the systems required to deliver your analysis.
8. Third Parties
We use the following third-party services:
- Firebase (Google) — authentication, database, and cloud infrastructure
- OpenAI / AI providers — for processing uploaded documents (data is not used for AI model training)
- Stripe — for payment processing (we never store card details ourselves)
We do not sell your data to advertisers, data brokers, or any other third parties.
9. Cookies
We use essential cookies to maintain your login session. See our Cookie Policy for full details.
10. Changes to This Policy
We may update this policy from time to time. Significant changes will be notified by email. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact
For privacy-related enquiries, contact our Data Controller at: support@vitalmetricsai.com
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.