Privacy Policy – Valetudo

Last Updated: January 2025

Welcome to Valetudo ("App"), developed and operated by Mattia Puppo ("we", "us", or "our"). This Privacy Policy describes how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR).

1. Who We Are

Data Controller:

Mattia Puppo
Galleria Passarella 2, Milan, Italy
📧 puppo.mattia@gmail.com

2. What This App Does

Valetudo is a health-focused iOS app that helps users understand how their lifestyle impacts their biological health. By reading HealthKit data and combining it with user-provided information, the app provides personalized scores and recommendations, such as sleep quality, recovery level, or optimal sleep timing.

3. What Data We Collect and Why

3.1 HealthKit Data (Stored Locally Only)

We read the following HealthKit data from your device:

  • Respiratory rate
  • Resting heart rate
  • Heart rate variability
  • Blood oxygen saturation (SpO2)
  • Body temperature
  • Sleep data

🛑 Important:

This data is only accessed and stored locally on your device. It is never uploaded to our servers.

3.2 Manually Provided Data (Stored Securely on Our Servers)

During onboarding, we collect:

  • Name, Age, Biological Sex, Ethnicity
  • Height, Weight, Weekly activity level
  • Sleep habits, stress levels, sitting hours
  • Diet quality, food intake (meals, fruits, ultra-processed foods)
  • Smoking and alcohol habits
  • Family and personal disease history (with age of diagnosis)
  • Blood testing and health screening history
  • Blood biomarker data (e.g., blood glucose)

This data is used solely to:

  • Estimate your biological age
  • Generate personalized lifestyle recommendations
  • Display trends and historical values over time

3.3 Authentication Data

We use Apple or Google Sign-In. We do not access or store your email address or login credentials. We generate a random UUID to associate your data anonymously in our database.

4. Use of AI and Third Parties

4.1 OpenAI API (Biological Age & Recommendations)

We send a limited subset of your onboarding and health data to the OpenAI API to:

  • Estimate your biological age
  • Generate tailored health recommendations

⚠️ OpenAI may process this data outside of the EU, subject to their own privacy policies and safeguards. We only send necessary, pseudonymized data to perform these functions.

4.2 Supabase (Data Hosting)

Your onboarding data, UUID, and biological age results are stored securely on Supabase, a third-party backend provider.

5. Your Rights Under GDPR

As an EU citizen, you have the right to:

  • Access your data
  • Request correction or deletion
  • Withdraw consent at any time
  • Request data portability
  • Lodge a complaint with your local Data Protection Authority

You can request access or deletion of your data via our website or directly in the app (coming soon).

6. Data Security

We use industry-standard security measures to protect your data, including encrypted transmission (HTTPS), strict access controls, and secure third-party hosting. HealthKit data is never uploaded and remains local to your device.

7. Retention

We retain your data as long as your account remains active. If you delete your account, your data will be permanently deleted from our servers within 30 days.

8. Children's Privacy

Valetudo is not intended for children under 16. We do not knowingly collect data from minors without parental consent.

9. Changes to This Privacy Policy

We may update this policy to reflect changes in legal, technical, or business practices. You'll be notified via the app or email when we make significant changes.

10. Contact Us

For questions, complaints, or data requests, contact:

Mattia Puppo

📍 Galleria Passarella 2, Milan, Italy

📧 puppo.mattia@gmail.com