This Privacy Policy explains how Vitaledger (referred to as "we", "us", "our") collects, uses, stores, shares, and protects your personal information when you use our mobile application, web platform, and related services (collectively, the "Services")—an AI-powered nutrition guidance and verifiable food trust ledger platform focused on family health, including personalized meal planning, food scoring, and blockchain-backed food trust verification.
By accessing or using the Services, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy. If you do not agree with the terms of this Policy, do not use our Services.
1. Information We Collect
We collect personal information that you provide to us, information we automatically collect through your use of the Services, and third-party information we obtain with your permission, all to deliver and improve our personalized, trust-focused nutrition services. We categorize collected information as follows:
1.1 Personal Information You Provide Voluntarily
- Account & Profile Data: Name, email address, password, household/family details (e.g., number of family members, ages—including infants/toddlers 0-3 years old, relationship to family members), and contact preferences.
- Health & Nutrition Profile Data: Health conditions, dietary restrictions, allergies, food intolerances, nutritional goals (e.g., low sugar, low purine, calcium boost), medical needs, and choking risk considerations for young children—critical for our personalized meal planning and AI nutrition recommendations.
- Usage Preferences: Favorite foods, disliked ingredients, meal planning preferences, and saved grocery lists or meal templates.
- Submission Data: Barcode scans of food products, manual food item entries, and feedback on our Services or food product scores.
- Payment Information (if applicable): Billing details, credit/debit card information (processed through third-party payment processors—we do not store raw payment data) for premium subscription plans, brand verification services, or other paid features.
1.2 Information Automatically Collected
- Usage Data: How you interact with the Services (e.g., features used, food items scanned, meal plans generated, time spent on the platform), device information (e.g., device model, operating system, unique device identifiers, IP address), and geolocation data (only if you enable location services, used to provide region-specific food recall alerts and local grocery recommendations).
- Technical Data: Log data (e.g., access times, error messages, page views), network information, and data about your connection to the Services.
- Blockchain-Related Data: Hashed (non-identifiable) trust signals, verification results, and record change timestamps that we anchor to the Cardano blockchain. No personal or sensitive user data is stored on the blockchain—all on-chain data is anonymized and used solely for verifiable trust and auditability.
1.3 Third-Party Information
- Authorized Third-Party Integrations: Information from third-party food databases, nutrition APIs, and government food safety agencies (e.g., recall alerts, food safety data) to power our food scoring and trust verification.
- Partner Retailer Data (if applicable): Anonymized purchase data (with your permission) from partner retailers to track recommended product purchases and deliver affiliate-related benefits (e.g., Swap & Save alternatives).
- Verifier Data: Ingredient reports, lab test results, and certification data from external food verifiers/certifiers to generate our Trust Scores—this data is hashed and anchored to the blockchain for verification.
2. How We Use Your Information
We use the collected information for the primary purpose of providing, maintaining, and improving the Vitaledger Services, with a core focus on personalized family nutrition guidance and verifiable food trust. We only use your information for the purposes stated in this Policy or as otherwise disclosed to you at the time of collection. Key uses include:
- Deliver Personalized Services: Generate AI-powered meal plans for individuals and families (including 0-3 year old infants/toddlers), calculate personalized food/nutrition scores, and provide tailored dietary recommendations based on your health profile and household needs.
- Provide Verifiable Food Trust: Validate food product information, generate Trust Scores, and deliver real-time food recall alerts and safety notifications.
- Improve Our Services: Analyze usage data to enhance platform functionality, optimize AI algorithms, and develop new features aligned with user needs (e.g., family meal planning, grocery list generation).
- Process Transactions: Fulfill premium subscription plans (freemium), process payments for brand verification services, and deliver affiliate revenue-related benefits for recommended product purchases.
- Communicate With You: Send service updates, food recall alerts, personalized nutrition tips, billing notifications, and respond to your inquiries or support requests.
- Ensure Platform Security: Monitor for fraudulent activity, protect against unauthorized access, and maintain the integrity of our blockchain-backed trust ledger.
- Comply With Legal Obligations: Fulfill regulatory requirements, respond to lawful government requests, and resolve disputes.
We will never use your health profile or family data to send unsolicited marketing from third parties without your explicit opt-in consent.
3. Sharing of Your Information
We do not sell, rent, or lease your personal information to third parties for commercial purposes. We only share your information in the limited circumstances outlined below, and all third-party recipients are bound by strict confidentiality obligations to protect your data:
3.1 Service Providers & Third-Party Partners
We share information with trusted third-party service providers who perform functions on our behalf to deliver the Services, including:
- Cloud computing providers (AWS) for data processing, storage, and hosting our serverless backend.
- Blockchain service providers (Cardano/Blockfrost) for anchoring hashed trust signals to the public ledger (no personal data is shared).
- Payment processors for processing subscription and payment transactions (they only receive the minimum data needed to process payments).
- Food nutrition databases, government food safety agencies, and external verifiers for food product data and trust verification.
- Affiliate retail partners (anonymized data only) to track recommended product purchases and deliver Swap & Save benefits.
3.2 Legal & Regulatory Requirements
We may disclose your information if required to do so by law (e.g., a court order, subpoena, or government request) or to protect our legal rights, the safety of our users, or the public (e.g., responding to food safety emergencies).
3.3 Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transfer, your personal information may be transferred to the acquiring entity. We will notify you via a prominent notice on our Services and/or email prior to any such transfer and update our Privacy Policy to reflect the new data controller.
3.4 With Your Explicit Consent
We may share your information with third parties if you provide us with explicit written or electronic consent to do so (e.g., sharing your family meal plan with a dietitian or healthcare provider).
3.5 Anonymized & Aggregated Data
We may share anonymized, aggregated, non-identifiable data with third parties (e.g., retailers, researchers, public health organizations) for purposes such as market research, food safety trend analysis, or improving public nutrition outcomes. This data cannot be used to identify you or your family.
4. Data Storage & Security
We take robust technical, administrative, and physical security measures to protect your personal information—including sensitive health and family data—from unauthorized access, use, disclosure, alteration, or destruction. Our security practices align with industry standards and our unique hybrid architecture (off-chain user data, on-chain hashed trust signals):
4.1 Storage
- Off-Chain Storage: All personal, sensitive, and health-related data is stored off the blockchain on secure, encrypted AWS cloud servers (compliant with AWS security standards) with restricted access. We use Amazon RDS (PostgreSQL) for relational user profiles, DynamoDB for food data, and ElastiCache for session caching.
- On-Chain Storage: Only hashed, non-identifiable data (e.g., verification result hashes, record change timestamps, Trust Score metadata) is anchored to the Cardano blockchain. This data is immutable and used solely for verifiable trust and auditability—no personal data can be derived from on-chain records.
- Data Retention: We retain your personal information for as long as your account is active, or as needed to fulfill the purposes for which it was collected (e.g., meal plan history, nutrition score records). If you delete your account, we will permanently delete your personal data (subject to legal retention requirements) and de-link all hashed data from the blockchain where possible.
4.2 Security Measures
- Encryption of data in transit (SSL/TLS) and at rest (AES-256 encryption) for all personal and sensitive data.
- Role-based access control for our internal team and third-party service providers—only authorized personnel have access to your data.
- Regular security audits, vulnerability testing, and updates to our platform and infrastructure.
- Decoupling of our cloud compute layer and blockchain trust layer via Amazon SQS to maintain performance and security under load.
- Secure password hashing (no plain-text password storage) for user accounts.
4.3 Your Security Responsibilities
You are responsible for maintaining the confidentiality of your account credentials (email and password) and for all activities that occur under your account. If you believe your account has been compromised, please contact us immediately at kinson@vitaledger.info.
5. Your Rights Regarding Your Personal Information
Depending on your jurisdiction (e.g., EU/UK GDPR, California CCPA/CPRA, Hong Kong PDPO), you may have the following rights regarding your personal information. We will respond to valid requests in accordance with applicable data protection laws:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information (subject to legal and business retention requirements).
- Data Portability: Request a copy of your personal information in a machine-readable format for transfer to another data controller (e.g., a dietitian's platform).
- Opt-Out: Opt out of non-essential communications (e.g., personalized nutrition tips) or the collection of non-essential usage data.
- Withdraw Consent: Withdraw your consent to our collection, use, or sharing of your information (where we rely on consent as the legal basis for processing).
To exercise any of these rights, please submit a request to amanda@vitaledger.info with the subject line "Vitaledger Data Rights Request" and include your account details for verification. We may request additional information to verify your identity before fulfilling your request, and we will respond to valid requests within the time frame required by applicable law.
Note: Exercising these rights may impact your ability to use certain features of the Services (e.g., deleting your health profile will disable personalized meal planning).
6. Children's Privacy
Our Services include a core focus on families with 0-3 year old infants/toddlers, and we take special care to protect the privacy of children's data. We do not knowingly collect, use, or disclose personal information from children under the age of 13 (or the applicable age of majority in your jurisdiction) without the explicit consent of a parent or legal guardian.
All children's data (e.g., age, choking risk considerations, toddler meal preferences) is collected and used solely for the purpose of providing family-focused meal planning and nutrition guidance and is never shared with third parties for any commercial purpose. Parents/legal guardians have the right to access, correct, or delete any children's data associated with their account at any time by contacting us at amanda@vitaledger.info.
7. Third-Party Links & Services
Our Services may contain links to third-party websites, apps, or services (e.g., partner retailers, food safety agencies). This Privacy Policy does not apply to third-party services, and we are not responsible for the privacy practices or content of such third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the evolution of our Services (e.g., new features, blockchain integrations). We will notify you of any material changes by:
- Posting the updated Privacy Policy on our Services with a new "Last Updated" date.
- Sending a notification to your registered email address (for material changes).
Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically for updates.
9. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or the protection of your personal information, please contact us at:
- Privacy Email: amanda@vitaledger.info
- Support Email: kinson@vitaledger.info
We will respond to your inquiries and resolve any privacy-related concerns in a timely manner.
Vitaledger is committed to protecting your privacy and ensuring that your personal information is used only to deliver the personalized, verifiable nutrition services you trust. Our blockchain-backed architecture and privacy-first design ensure that your sensitive health and family data remains secure while you make smarter, safer food choices for your family.