VIDAH AI
Back

Privacy Policy

Last updated: July 1, 2026

This Privacy Policy describes how VIDAH AI collects, uses, and protects your personal data. We comply with the Brazilian General Data Protection Law (LGPD — Lei nº 13.709/2018) and, where applicable, the GDPR.

1. Data Controller

VIDAH AI acts as the data controller for the personal data you provide. For privacy requests, contact us through the app support channel.

2. Data We Collect

Account data: email, name, preferred language, authentication provider (Google/Apple/email).

Wellness data: profiles you create (yourself, family, pets), supplement lists, dose logs, alerts, lab records and images you upload, and notes you write.

Usage data: feature usage counters, device/session metadata, and error logs.

Payment data: subscription status and Stripe customer ID. Card details are handled directly by Stripe and NEVER touch our servers.

3. Legal Basis (LGPD art. 7 / GDPR art. 6)

Execution of contract: to provide the Service you subscribed to.

Consent: for AI processing of your supplements/labs and for push notifications, which you can revoke at any time.

Legitimate interest: to keep the Service secure, prevent fraud, and improve quality.

Legal obligation: tax and consumer-protection recordkeeping.

4. How We Use Data

To operate the Service, generate AI wellness reviews, deliver alerts, process payments, provide support, and comply with legal obligations. We do NOT sell your personal data.

5. AI Processing

When you use AI features, the relevant content (supplement labels, lab images, textual context) is sent to our AI provider(s) strictly to generate the requested output. No data is used to train third-party models without your explicit consent.

6. Subprocessors

Supabase (hosting/database/storage), Cloudflare (edge runtime), Stripe (payments), Google/Apple (authentication and, if enabled, AI model providers). Each provider is contractually bound to appropriate security and data-protection standards.

7. Data Retention

We retain account and wellness data while your account is active. If you delete your account, personal data is erased within 30 days, except records we must retain to comply with legal obligations (e.g., tax records for 5 years).

8. Security

We apply industry-standard controls: encryption in transit (TLS), Row-Level Security on all database tables, private storage buckets, and least-privilege service accounts. No system is 100% secure, but we take reasonable measures to protect your data.

9. Your Rights (LGPD art. 18)

You may request confirmation of processing, access, correction, anonymization, portability, deletion, information on data sharing, and revocation of consent. Send requests through the app support channel; we respond within 15 days.

10. International Transfers

Some subprocessors may process data outside Brazil. We rely on adequacy decisions or standard contractual safeguards recognized by the ANPD.

11. Children

The Service is not intended for children under 18. We do not knowingly collect data from minors.

12. Changes

We may update this policy. Material changes will be notified in-app or by email at least 15 days before taking effect.