VVital30

Privacy policy

This is a working template. Attorney review is recommended before public launch.

ATTORNEY REVIEW REQUIRED: This document is a working template for the Vital30 launch. It does not constitute legal advice. Have a qualified attorney review and adapt it to the jurisdictions you operate in (e.g. GDPR/UK GDPR, CCPA/CPRA and other US state laws, Washington My Health My Data Act, PIPEDA, etc.) before public commercial deployment. Items in [BRACKETS] are placeholders you must complete.

Last Updated: May 28, 2026

Welcome to Vital30, a service operated by Prodigi Solutions LLC ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Vital30 mobile app and the website at challenge.charangudla.com (together, the "Service").

Vital30 is a general wellness and habit-tracking service. It is not a medical service and does not provide medical advice (see our Health Disclaimer). By using the Service you agree to this Policy.

Data controller: Prodigi Solutions LLC, [REGISTERED ADDRESS]. EU/UK representative (if required under GDPR Art. 27 / UK GDPR): [NAME / ADDRESS, or "not yet appointed"].

1. Information We Collect

A. Account data

  • Name, email address, and a password (stored only as a salted hash — we never see or store your plaintext password).
  • Optionally, a username and phone number if you choose to add them. (These fields exist in the system but may be disabled in the current app version.)

B. Personal details you choose to provide (all optional)

Collected through the skippable onboarding flow and editable or removable any time from your Profile:

  • Gender
  • Year of birth — we store only the year, never your full date of birth.
  • Height and weight
  • Unit preference (metric/imperial)

C. Goals & preferences

  • Your primary wellness goal (e.g. "get fitter," "sleep better"), interests (challenge categories), and the daily time you can commit. We use these to recommend challenges.

D. Challenge activity

  • The challenges you join, your daily check-ins (Completed / Missed / Skipped) and any notes you add, plus progress, streaks, and completion history.
  • Custom challenges you create and invites you send or receive.

E. Social features

  • Challenge friends — friend requests, acceptances, declines, and blocks (this includes the identity of the other person, which is also their data).
  • Community chat — Vital30's per-challenge chat is preset-only (you pick from a fixed list of phrases; there is no free-text entry), plus emoji reactions. We store the preset/reaction you sent and when.
  • Referrals — your referral code and who joined using it.

F. Technical & security data

  • Device information (device type, OS version, app/browser, language).
  • IP address and user-agent, recorded in a security audit log for sign-in, sign-up, and password events (used to protect accounts and investigate abuse).

G. Cookies

  • The website uses a single, strictly necessary session cookie to keep you signed in. We do not use advertising cookies, analytics, or third-party trackers, so no cookie-consent banner is required. If this changes, we will update this Policy and request consent where the law requires it.

2. A Note on Health-Related Information

Some of the data above (e.g. weight, a goal such as "lose weight," or a "mental wellness" interest) may be considered health-related or sensitive under some laws (including the EU GDPR and US state laws such as the Washington My Health My Data Act). We treat it accordingly:

  • It is always optional — you can use Vital30 without providing it, and you can edit or delete it at any time.
  • We process it only to personalise your experience and recommendations — never to make medical decisions, and never sold or shared for advertising.
  • Where the law requires opt-in consent for this category of data, your choice to provide it (and you can withdraw it any time by deleting it) is the basis for that processing.

Vital30 is a wellness tool, not a medical device, and is not a HIPAA-covered entity.

3. How We Use Your Information & Legal Bases (GDPR)

Purpose Legal basis (GDPR)
Create and operate your account; deliver core features (challenges, check-ins, chat, friends) Performance of a contract
Personalise challenge recommendations using your goals/interests/optional details Consent (you provide optional details voluntarily)
Secure accounts, prevent abuse/fraud, maintain audit logs Legitimate interests
Send service emails (verification, password reset) Performance of a contract
Comply with legal obligations and respond to lawful requests Legal obligation

We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. We Do Not Sell or "Share" Your Data

We do not sell, rent, or trade your personal data, and we do not "share" it for cross-context behavioural advertising (as those terms are defined under the CCPA/CPRA). We disclose data only to the service providers in Section 5, or where required by law.

5. Service Providers (Sub-processors)

We use a small number of vetted providers who process data on our behalf under contract:

  • Hosting/infrastructure: Hostinger (servers located in [SPECIFY REGION/COUNTRY]).
  • Transactional email: Resend (delivers verification and password-reset emails).

We do not permit these providers to use your data for their own purposes.

6. International Data Transfers

We operate the Service from servers located in [SPECIFY REGION/COUNTRY]. If you access Vital30 from another country, your information will be transferred to and processed there. Where required (e.g. transfers out of the EEA/UK), we rely on appropriate safeguards such as the Standard Contractual Clauses. Contact us for details.

7. Data Retention

  • We keep your account data for as long as your account is active.
  • Security audit logs (which may include your email and IP) are retained for a limited period for security and legal-compliance purposes, even after account deletion.
  • Community chat messages you posted are retained as part of the shared challenge history but are anonymised (disassociated from your account) when you delete your account.
  • On account deletion we remove or anonymise your data within 30 days, subject to legal holds.

8. Children's Privacy

  • You must be at least 13 years old to use Vital30. We ask for your year of birth at signup and block accounts that do not meet the minimum age.
  • In the EU/EEA and other regions, the "age of digital consent" may be higher (up to 16). Where a higher age applies, you must have parental/guardian consent to use the Service.
  • We do not knowingly collect data from children under 13 (US COPPA). If you believe a child under 13 has provided us data, contact us and we will delete it.

9. Your Rights & Choices

Depending on where you live, you may have the right to:

  • Access a copy of your data and port it elsewhere. You can download a full machine-readable copy yourself: Profile → Data & privacy → Download my data.
  • Rectify inaccurate data — edit your details any time in Profile.
  • Erase your data — Profile → Delete account permanently removes your account, challenges, check-ins, achievements, and share/activity logs (subject to Section 7).
  • Restrict or object to processing, and withdraw consent for any optional data (by deleting it).
  • Lodge a complaint with your local data-protection authority (e.g. your EU supervisory authority, the UK ICO, or your US state Attorney General).

To exercise any right not available in-app, email us (Section 11). We will not discriminate against you for exercising your rights.

10. Security

Passwords are stored using industry-standard hashing. Access to the Service is protected by authenticated sessions and rate limiting, and traffic is encrypted in transit (TLS). No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.

11. Contact Us

12. Future AI Features

We may later add AI/ML features to recommend challenges or analyse wellness habits. We will update this Policy and obtain any required consent before introducing AI-driven processing of your personal information.

13. Changes to This Policy

We may revise this Policy from time to time. Material changes will be signalled by updating the "Last Updated" date and, where appropriate, an in-app notice. Continued use after changes take effect constitutes acceptance.