Privacy Policy

Summary

• Open Vital is a mobile health and fitness app with account, sync, community, and AI features.
• We do not sell personal data.
• Some data is stored locally on your device and some is stored on Open Vital backend services to operate the app.

Information we collect

Depending on how you use Open Vital, we may collect account information such as your email address, account ID, session information, referral code, and profile details you choose to provide.

We may also process health, wellness, and activity information from supported sources such as Garmin Connect, Apple Health, Strava, device permissions, and data you enter in the app.

How we use data

We use your data to authenticate your account, sync integrations, display dashboards, compute recovery, sleep, healthspan, and related app features, operate communities and leaderboards you choose to join, and provide AI coach responses you request.

Core health processing is part of providing the service. Optional app analytics, where offered, should be controlled separately from that core processing.

Sharing

We do not sell your personal data. We may share information with infrastructure and service providers, integration partners needed to operate the app, AI providers used for coaching functionality, other users through community features you choose to use, and legal authorities where required.

Storage and retention

Open Vital currently uses both device-side storage and backend storage. Current implementation examples include account records, profile data, Garmin session records, community records, leaderboard summary snapshots, and audit log records.

Current backend retention examples include 30-day auth sessions, 30-day leaderboard summaries, 30-day invite lookup records, and 180-day audit logs. Other account, profile, integration, and community records may remain until deleted, disconnected, or removed under an applicable request flow.

More generally, we retain personal data for as long as reasonably necessary to provide the service, operate and secure the product, support the user relationship, or comply with legal obligations. We may retain de-identified or aggregated data that no longer identifies you.

Your choices

You can disconnect supported integrations, leave communities, log out, and request account or data deletion. Privacy and deletion requests can currently be sent to hello@codelio.com.

Health and security notice

Open Vital may process health-related and wellness-related information to provide core product features. Open Vital is not a medical device or emergency service, and its insights and coaching are not a substitute for professional medical advice.

We use reasonable measures to protect the service, including HTTPS in transit, hashed passwords in the current auth service, and server-side handling of integration credentials.

Contact

Questions about this policy can be sent to hello@codelio.com.