Privacy Policy

How Vesta protects wellness data, Apple Health access, AI processing, analytics consent, export, and deletion.

Download on the App Store

Effective date

Last updated: 5 July 2026. Privacy policy version: 2026-07-05.

This policy explains how Vesta processes personal data in the Vesta iOS app, Apple Watch experience, widgets, website, and private analytics dashboard, and how you can manage privacy choices, export data, withdraw consent, or delete your account.

Data controller

The data controller is Andrea Luciani, Via Talete 56, 00124 Rome, Italy, operating Vesta in the European Union. Privacy, account, and support requests can be sent to andrealuciani87@gmail.com. If controller details change, this policy will be updated.

What Vesta is

Vesta is a wellness planning and reflection app. It is not a medical device, does not diagnose or treat conditions, and does not replace professional medical advice. AI output is an estimate and should be reviewed by you before use.

Privacy by purpose

Analytics, AI Processing, Apple Health read, Apple Health write, meal photos, and push notifications are separate choices. Changing one permission does not silently authorize another.

No tracking or ads

Vesta does not use third-party advertising SDKs, data brokers, cross-app tracking, or Health data for advertising. Anonymous operational analytics use no user id or persistent install id; enhanced first-party analytics are used only when Analytics consent is on.

Data Vesta may process

Account and identity data: Supabase Auth identifiers, email address when available, Sign in with Apple identifiers, subscription status, app version, build number, platform, and support messages.

Wellness and app content: display name for in-app personalization, goals, preferences, meal plans, meal logs, recipes, hydration, weight logs, biomarker entries, weekly insights, shopping-list context, and other app content you choose to create.

Apple Health and fitness data: only after Apple Health permission, Vesta may read or write the specific data types you authorize, such as daily activity, workouts, weight, hydration, nutrition, sleep, and other summaries supported by the app. Raw Apple Health samples are not sent to product analytics.

Meal photos, audio, and user content: photos, voice input, barcode/search interactions, custom notes, and other content are processed only to provide the app feature you requested and only under the relevant consent or system permission.

Anonymous operational analytics: Vesta may process low-cardinality onboarding, reliability, deep-link, and paywall events with an ephemeral session id, app version, build number, platform, screen, and safe event properties. These events do not include user id, persistent install id, Health values, meal names, transcripts, images, notes, uploaded files, or free text, and are not later joined to your identity.

Consent and compliance data: Vesta keeps append-only consent records with purpose, granted or revoked state, policy version, and timestamps. These records help prove and respect your choices.

App functionality

Legal bases: performance of the service you request, consent for sensitive features, and explicit consent where health-related data is processed. Purpose: plan, log, sync, display, and improve your wellness routine inside Vesta.

AI Processing

Legal basis: your separate AI Processing consent. Purpose: generate plans, insights, recipe help, meal interpretation, movement parsing, grocery lists, and other smart features. If enabled, Vesta may send only the content needed for the requested feature to the OpenAI API through Vesta's backend. Your display name is excluded from OpenAI requests. Vesta does not use AI Processing consent as Analytics consent, and you can revoke AI Processing anytime in the app settings under Profile > Consent Center.

Apple Health

Legal basis: explicit Apple Health permission and, where applicable, explicit consent for health-related processing. Purpose: read summaries for plans, insights, and widgets; write meals, water, or weight only after you confirm.

First-party analytics

Legal basis: legitimate interest for anonymous operational onboarding and reliability metrics, and Analytics consent for enhanced user-linked product analytics. Purpose: understand onboarding, consent friction, feature adoption, plan reliability, paywall conversion, retention, errors, and aggregate product performance.

Security and compliance

Legal basis: legitimate interest and legal obligation where applicable. Purpose: authentication, abuse prevention, rate limiting, audit logs, consent proof, export, deletion, and incident investigation.

Subscriptions

Legal basis: performance of a contract and legitimate interest. Purpose: manage entitlement, trial, purchase, renewal, cancellation, and support. Payment and App Store billing are handled by Apple where applicable.

Analytics rules

If Analytics consent is off, Vesta still may send anonymous operational events for onboarding, reliability, deep links, and paywall funnel measurement. These events use only an ephemeral session id and are stored separately from user-linked analytics. Vesta clears unsent enhanced analytics events when Analytics consent is off.

Enhanced analytics after consent may include app status such as subscription state, consent state, anonymous/Apple identity status, install id, and session id. Vesta does not backfill, enrich, or later join anonymous operational events to a user identity.

Analytics events are intentionally synthetic. They must not include raw Apple Health values, raw nutrition values, meal names, photos, transcripts, free-text notes, uploaded files, or sensitive body data. User-linked enhanced analytics retained by Vesta are included in export where applicable and deleted during account deletion.

Apple Health and sensitive data

Apple Health permissions are managed by iOS and can be changed in Apple Health or Settings. Vesta may show an app-level consent record so your Vesta choices stay transparent, but Apple remains the system authority for Apple Health access.

Raw Apple Health samples do not leave the device for analytics. When server sync is enabled, Vesta sends only the daily summaries needed for app functionality. Vesta does not use Apple Health data, meal photos, or sensitive wellness content for advertising or cross-app tracking.

Storage, processors, and transfers

Vesta stores backend data in Supabase. The website and private analytics dashboard are hosted on Vercel. AI Processing features may send only the content required for the requested feature to OpenAI API through Supabase Edge Functions, excluding the user's display name from OpenAI requests, so secret keys are never embedded in the client.

Processors may include Supabase for authentication, database, storage, and Edge Functions; Vercel for hosting and serverless execution; Apple for App Store, Sign in with Apple, Apple Health, and purchase flows; and OpenAI for AI Processing features. Vesta requires processors to provide appropriate contractual, technical, and organizational protections for the personal data they process. Where international transfers occur, Vesta uses appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or equivalent protections.

Retention

Account, plans, logs, saved recipes, health summaries, and subscription records are retained while your account is active and then deleted or anonymized during account deletion, unless a limited record must be kept for legal, security, or dispute reasons.

Consent records are append-only and may be retained as compliance evidence. Export files are generated as JSON and stored behind a signed URL that expires after 24 hours. Server logs and rate-limit/audit records are retained only for operational security and compliance periods appropriate to the risk.

Your GDPR rights

You can request access, correction, deletion, restriction, portability, objection, and withdrawal of consent. The app includes GDPR-style export and account deletion flows; sensitive actions may require authentication or biometric confirmation.

Withdrawing consent does not affect processing that already happened lawfully before withdrawal. You also have the right to lodge a complaint with your local supervisory authority, including the Italian Data Protection Authority if you are in Italy.

Security

Vesta uses Supabase Row Level Security, server-side Edge Functions, rate limiting, audit logs, local Keychain storage for sensitive tokens, and no secret LLM keys in the client. Vesta avoids sensitive data in logs and uses iOS privacy protections for views that display health-related information.

No system can be guaranteed perfectly secure. If Vesta becomes aware of a personal data breach requiring notification, Vesta will follow applicable GDPR notification duties.

Changes

When this policy changes materially, Vesta updates the privacy policy version and, where required, asks for renewed consent before new processing starts. Vesta will not use old consent to authorize a materially different purpose.