Consumer health data

Consumer Health Data Privacy Policy.

A standalone notice about the health-related data Vyra collects, why, who processes it, and the rights you have over it — separate from, and in addition to, our general Privacy Policy.

Effective July 13, 2026

This is Vyra’s Consumer Health Data Privacy Policy. It is a standalone notice about the health-related data Vyra collects, why, who processes it, and the rights you have over it. It exists separately from, and in addition to, our general Privacy Policy because Washington’s My Health My Data Act (MHMDA) and several other state laws require a dedicated consumer-health-data notice reachable by its own distinct link.

Not medical advice. Vyra is a nutrition and wellness companion, not a medical device. It does not diagnose, treat, cure, or prevent any medical condition, and it is not a substitute for a licensed professional. This section is a reminder only; it is not the consent this policy describes.

Which laws protect this data. Vyra is a direct-to-consumer wellness app. We are not a HIPAA “covered entity” or “business associate,” and this data is not governed by HIPAA. Instead, your consumer health data is protected under this policy and under consumer-privacy laws — including Washington’s My Health My Data Act (MHMDA), California’s CCPA/CPRA, Connecticut’s Data Privacy Act, and Nevada’s Consumer Health Data Privacy Law (SB370) — plus the FTC Act and the FTC Health Breach Notification Rule.


1. MHMDA compliance at a glance (for reviewers)

MHMDA / state-law requirementHow Vyra meets itSection
Standalone Consumer Health Data Privacy Policy, distinct homepage linkThis document, linked separately from the general policyHeader, §13
Categories of consumer health data (CHD) collected + sourcesEnumerated, mapped to actual app features§3, §4
Purposes of collection / how CHD is usedEnumerated; only to provide features you use§5
Categories of CHD shared + who we share withProcessors only; no advertisers, no data brokers§6
No sale of CHD (would require separate written authorization)We do not sell CHD, and have no mechanism to§6, §7
Opt-in consent to collect/share CHD beyond what’s necessaryCore logging on a necessity basis (no consent wall); affirmative, unbundled per-module opt-in for meds/conditions/labs and any beyond-necessity use§7
Right to confirm/access CHDIn-app + email request§8
Right to delete CHDIn-app account deletion + right to erasure§8, §9
Right to withdraw consentPer-module opt-out + account deletion§7, §8
Right to appeal a denied requestAppeal path + regulator escalation§8
Data-level security controls for CHDEncryption at rest/in transit, per-user RLS isolation, least-privilege access§10
Retention & deletion scheduleKept while account active; deletion → 30-day grace → hard purge§9

2. What counts as “consumer health data” here

“Consumer health data” (CHD) means personal information linked to you that identifies your past, present, or future physical or mental health status. Under Washington’s MHMDA and comparable laws, this is read broadly — it includes information about your diet, nutrition, body measurements, and health goals, not only clinical records.

For Vyra, your CHD is in scope from your first use, including your food and diet logs. We treat the data described in §3 as CHD and apply this policy to it.

Inferences count too. Values we derive from your inputs — such as BMI, your steps-to-goal activity ratio, and your non-clinical “momentum”/consistency signal — are themselves treated as consumer health data and are covered by this policy, the same as data you enter directly.


3. Consumer health data we collect

We collect only what the features you use require. Depending on which parts of Vyra you use, this includes:

Core (collected for every user, because the core product is a food/nutrition loop):

  • Food and diet logs — meals you describe or photograph, the recognized food items, portions, and the resulting nutrition/macro values (calories, protein, carbs, fat, fiber, sugar, sodium).
  • Body and profile measurements — weight and weigh-in history, height, sex, activity level, unit preference, and time zone.
  • Goals — your calorie, macro, water, and step targets; target weight; goal direction; and pacing preference.
  • Hydration — daily water/glass counts.
  • Self-declared dietary preferences — diet style, eating pattern, intermittent-fasting window, and any allergies you enter (allergy matching happens on your device; it is not sent on the food-parsing path).
  • Derived activity signal — a single computed ratio of your day’s steps to your step goal. Raw step counts and raw health-platform readings never leave your device (see §4).
  • Behavioral progress signals — a non-clinical “momentum”/consistency score and cached insight summaries derived from your logging behavior.
  • Reminders you set, and the device push token used to deliver them.

Optional (collected only if you turn on the relevant module and give consent — see §7):

  • Medications — drug name, optional normalized code, dose, unit, frequency, route, schedule, dose logs, and any side-effect notes you add.
  • Conditions — a condition label and optional normalized code you choose to store.

Not currently collected in the released app. Some parts of Vyra are built but turned off in the public release and do not collect or process your data unless and until we enable them, update this policy, and (where required) obtain your consent:

  • Lab and blood-test document ingestion (uploading and extracting lab results) is disabled in production.
  • The food ↔ medications ↔ labs correlation/insights engine is disabled in production.
  • Personalized clinical guidance (“caution”-tier) behaviors are disabled in production.

4. Where the data comes from

  • You — everything you type, log, photograph, or set in the app.
  • Apple HealthKit / Android Health Connect — only if you grant access. By default, raw values (e.g., your step readings) stay on your device. Only explicitly-typed, derived/aggregated signals (currently the steps-to-goal activity ratio) are sent to our servers. We do not receive your raw HealthKit/Health Connect data.
  • RevenueCat (subscription processor) — commercial subscription metadata (trial/active/lapsed status, plan) tied to an opaque account identifier, so we know your entitlement. This is not health data and carries no health information.

Meal photos: a meal photo you take is sent transiently to our AI processor for food recognition (see §6) and is not stored on our servers. The raw image remains in an encrypted store on your device; we persist only the derived food entry.


5. Why we collect it (purposes)

We use your CHD solely to provide and improve the features you use:

  • Recognize and log your meals and compute their nutrition values.
  • Track your intake against your goals and show your progress and trends.
  • Store your optional medications/conditions so you can see them alongside your food and habits.
  • Deliver the reminders you set.
  • Maintain your account, sync your data across your own devices, and restore it if you reinstall.
  • Keep the service secure, debug crashes (without health content — see §6), and understand feature usage in aggregate (without health content).

We do not use your CHD for advertising, and we do not use it to train AI models (see §6–§7).


6. Who processes your data (service providers)

We share data only with vetted processors who act on our instructions under contract. We do not share CHD with advertisers, data brokers, or any third party for their own purposes. Vyra ships with no advertising or attribution SDKs.

ProcessorWhat it handlesHealth data?Safeguards
Amazon Web Services (RDS Postgres, S3, Lambda; US region)Primary data storage and computeYes — your data lives hereAWS Data Processing Addendum (incorporated in the AWS Customer Agreement); HIPAA-eligible services with a BAA executed via AWS Artifact; encryption with our customer-managed key; per-user access isolation
AWS Bedrock (Claude models)Food recognition + text parsing (and meal-photo vision, transiently)Processes food inputs in-requestZero-retention, no-training configuration; BAA-eligible; outputs validated before use; inputs are not retained
RevenueCatSubscription/billing statusNo — opaque ID + commercial metadata onlyCard numbers never reach our servers (Apple/Google are the merchants of record); identified only by an opaque account ID
PostHog (EU Cloud)Product analyticsNo — PHI-free events only, enforced by an allow-list and a server-side scrubEU-hosted; standard DPA
Sentry (EU Cloud)Crash/error reportingNo — known health field names scrubbed before sendEU-hosted; standard DPA
Expo PushDelivering reminder notificationsNo — device token + generic reminder text (no dose/clinical content)Delivery identifier only

Our internal analytics and error tooling receive PHI-free data by construction — your food, meds, conditions, weights, and other health values never reach them.

We may also disclose data if required by law (e.g., a valid legal request), or in connection with a merger or acquisition — in which case this policy, including its no-sale commitment, continues to govern.


7. Consent, and our commitments

Core logging: collected on a necessity basis, no consent wall. When you use Vyra’s core food and nutrition loop, we collect the consumer health data that loop needs (your meals, macros, weight, goals, hydration, and the other Core categories in §3) because it is necessary to provide the service you asked for. MHMDA and comparable laws do not require separate consent for collection that is necessary to deliver a feature you are actively using, so we do not put a consent gate in front of core logging. This mirrors how other consumer nutrition and wellness apps (e.g., MacroFactor, Function Health, SiPhox) treat the data you enter to make the product work. You are always in control: you can edit or delete any entry, or delete your whole account (§8–§9).

Affirmative, unbundled opt-in for the optional modules and any use beyond necessity. Anything beyond what core logging strictly needs requires your separate, specific, opt-in consent:

  • The medications, conditions, and (when enabled) lab/blood-test modules are off until you turn them on. Turning a module on is a distinct, unbundled choice — its own affirmative control, never pre-checked and never bundled with account signup or with another module. That act is your module-specific opt-in to collect that category.
  • Any use of your CHD beyond the necessity of the feature you requested (were we ever to introduce one) would likewise require its own affirmative opt-in first.
  • Consent is versioned and withdrawable: we record which policy version you consented to, and you can withdraw at any time (§8), after which we stop collecting that category and you can delete what’s stored. If this policy changes materially, we re-request consent against the new version.

No third-party sharing or sale — so no separate share/sale consent is needed. We do not share your CHD with any third party for that third party’s own purposes, and we do not sell it. The only parties that touch your CHD are the vetted processors in §6, acting on our instructions under contract — which is not “sharing” under MHMDA. Because there is no sharing-for-others and no sale, there is no separate share-consent or sale-authorization to collect.

No sale of consumer health data (monetary-value floor). We do not sell your consumer health data. Under no circumstances do we disclose your CHD in exchange for monetary or other valuable consideration. MHMDA permits a sale of consumer health data only under a signed, valid written authorization — we have no such mechanism and no business arrangement to sell. If this ever changed, we would obtain that separate authorization before any such activity.

No sharing with advertisers. We do not share your CHD for advertising or with data brokers. Vyra ships with no advertising or attribution SDKs (§6).

No training on your data. We do not train AI models on your data, and our AI processor is contractually configured for zero retention and no training.

No location tracking, no health-facility geofencing. We do not collect precise geolocation, and we do not track your location. We do not use a geofence around any health-care facility, pharmacy, or other location to infer or collect health data about you.

The onboarding “not medical advice” disclaimer is not this consent. That disclaimer covers the nature of the product; it does not authorize data collection or sharing. This policy and the in-app module opt-ins are the consent mechanism.


8. Your rights and how to exercise them

Regardless of where you live, you can exercise the following with respect to your CHD. Residents of Washington (MHMDA), California (CCPA/CPRA, including sensitive personal information), Connecticut, Nevada (SB370), and other states with comparable laws have these rights by statute; we extend them to all users.

  • Confirm / access — confirm whether we collect, share, or sell your consumer health data, and get a copy plus a list of all third parties and affiliates it has been shared with or sold to. We have no affiliates with whom we share CHD, and we do not sell CHD, so that list is limited to the processors in §6 acting on our instructions.
  • Data portability — receive a copy of your CHD in a portable, structured, commonly used, machine-readable format so you can move it elsewhere. We fulfill this on request today (we assemble and send the export manually within the statutory window).
  • Delete — have your CHD deleted (see §9 for how deletion propagates).
  • Withdraw consent — turn off an optional module and/or delete the data it collected; you may withdraw consent for any collection that relied on it.
  • Correct — correct inaccurate information (most profile and log data is directly editable in the app).
  • Non-discrimination — we will not deny you service or charge you differently for exercising these rights.
  • Appeal — if we deny a request, you may appeal by replying to our decision or writing [email protected]. We will respond with our decision and reasoning within the timeframe the applicable law requires.

Authorized agents. You may use an authorized agent to submit a request on your behalf. We will ask the agent for proof of your written authorization and will separately verify your identity (and, where the law allows, may contact you directly to confirm) before acting.

How to exercise:

  • In app: edit or delete individual entries directly; delete your entire account under Settings (this triggers the erasure in §9).
  • By email: contact [email protected]. We will verify your request against your account and respond within the timeframe the applicable law requires — generally within 45 days (extendable once where permitted). For Connecticut residents, we will inform you of any action on an appeal within 60 days of receipt.

California — your right to limit use of sensitive personal information. California treats health data as sensitive personal information (SPI). Vyra uses your SPI solely to provide the features you requested and for the purposes in §5 — we never use it to infer characteristics about you, for advertising or cross-context behavioral advertising, or for any purpose that would trigger California’s right to limit. Because we do not sell or share your personal information and do not use SPI beyond those permitted purposes, there is nothing to opt out of, and no “Your Privacy Choices” / “Do Not Sell or Share” control is required or presented. If that ever changed, we would add one.

Global Privacy Control (GPC). On our website we honor browser-based opt-out preference signals, including Global Privacy Control (GPC). Because we do not sell or share consumer health data, a GPC signal has nothing to opt out of — but we still treat any GPC signal we receive as a valid opt-out request.

If you’re unsatisfied after appealing:

  • Washington residents may contact the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.
  • California residents may contact the California Privacy Protection Agency or the California Attorney General.
  • Nevada residents may contact the Nevada Attorney General at https://ag.nv.gov/ under Nevada’s Consumer Health Data Privacy Law (SB370).
  • Residents of other states may contact their state Attorney General.

9. Retention and deletion

Active-account retention. We keep your CHD only while your account is active and for as long as needed to provide the service. We do not retain your CHD after your account is deleted except for the minimal, health-data-free records described below.

When you delete your account:

  1. Your account is soft-deleted immediately and a 30-day grace period begins (signing back in during that window cancels the deletion).
  2. After the grace period, a hard purge permanently removes your data across every user-scoped data store — including your food logs, weights, goals, optional medications and conditions, reminders, and any stored documents — plus your authentication records.
  3. We retain only a health-data-free deletion record confirming that the deletion occurred (no health content), and any minimal records we are legally required to keep.

Deletion propagates to our processors. On deletion we also direct our processors (§6) to delete your data, except where a processor is legally required to retain it. In practice this is largely already true by design: our AI processor runs under a zero-retention configuration (it keeps nothing to delete), and our analytics and error tools receive PHI-free data only, so they hold no CHD to begin with.

How to request deletion. You can delete your account in-app under Settings, or email [email protected]. You can also request deletion from the web, without installing or opening the app, at getvyra.ai/delete-account.

We delete or de-identify CHD when it is no longer needed for the purpose it was collected.


10. How we protect your data

  • Encryption in transit (TLS) and at rest (storage encrypted with our customer-managed key; stored documents use server-side KMS encryption).
  • Per-user isolation enforced at the database layer (row-level security), so one account cannot read another’s data.
  • Least-privilege access for our systems and staff; production access is scoped and monitored.
  • Health data is kept out of logs and analytics by design, with a server-side scrub as a backstop.
  • On-device minimization — raw health-platform readings and raw meal photos stay on your device (§4).
  • No location data — we do not collect precise geolocation, do not track your location, and do not geofence health-care facilities or pharmacies (§7).

No system is perfectly secure, but we work to protect your data in line with its sensitivity.

Breach notification. As a non-HIPAA health-app vendor, if a breach affects your identifiable health information, we will notify you and the appropriate authorities as required by the FTC Health Breach Notification Rule and applicable state law.


11. Cookies and tracking technologies

This section covers our website (getvyra.ai), not the app. The app contains no advertising or attribution SDKs and no cross-site trackers (§6).

Our website uses privacy-preserving, cookieless, EU-hosted product analytics (PostHog) to understand aggregate site usage — page-visit counts only, with no cookies, no cross-site tracking, and no personal data, so there is nothing to consent to and no cookie banner is needed. We do not use advertising or cross-site behavioral-tracking cookies, we do not sell or share data collected on the website, and we honor Global Privacy Control signals (§8).


12. Children

Vyra is intended for adults 18 and older. We do not knowingly collect data from anyone under 18. If we learn we have, we will delete it.


13. How this connects to our general Privacy Policy

This Consumer Health Data Privacy Policy governs your health-related data specifically and is reachable by its own distinct link (https://getvyra.ai/consumer-health-privacy), separate from our general Privacy Policy. Where the two overlap, this policy controls for consumer health data. The general policy covers non-health information (e.g., account and device basics) in more detail.


14. Changes to this policy

If we materially change how we handle your CHD — including enabling any of the currently-disabled features in §3 — we will update this policy, revise the effective date, and, where the change requires it, seek your consent before the new processing begins.


15. Contact

Questions or requests: [email protected]

Vyra Health Inc., 2810 N Church St, STE 88042, Wilmington, DE 19802