Privacy Policy

Controller / Provider: LoomVital Inc. ("LoomVital", "we", "us").

Contact: legal@loomvital.app

Data Protection / Privacy Contact: Privacy Officer

Scope: This Policy applies to the LoomVital mobile app, website (www.loomvital.app), and related services (collectively, the "Services").

We collect the following categories of information:

• Account & Profile: name, email, password (hashed), time zone, preferences.
• Health & Activity Data (you add): exercise logs, diet/food entries, weight, sleep, symptoms, notes, vitals (e.g., blood pressure, blood glucose), custom trackers.
• Connected Devices & Apps (if you connect): step counts, heart rate, workouts, calories, sleep stages, etc., imported from wearables or third-party apps via permissions you grant.
• Reports & Insights: weekly summaries, charts, goal progress, and (for Pro) AI-generated insights.
• Usage & Device Info: app version, device model/OS, language, IP address, diagnostic logs, cookies/web beacons on our site, crash reports, and analytics events.
• Support & Communications: messages you send us, survey responses, and marketing preferences.

We do NOT intentionally collect information from children under 13.

• Provide the Services: create and secure accounts, sync entries, generate charts/reports, and deliver features you request.
• Improve & Debug: monitor performance, fix bugs, develop new features.
• Communications: send service emails (e.g., backups, security alerts). With your consent, send weekly progress emails and product updates. You can unsubscribe anytime.
• Safety & Compliance: prevent abuse, enforce Terms, and meet legal obligations.

• Canada (PIPEDA): we follow the 10 Fair Information Principles (accountability, identifying purposes, consent, limiting collection/use/retention, accuracy, safeguards, openness, individual access, challenging compliance).
• EU/EEA & UK (GDPR/UK GDPR): processing bases may include consent (health data/features, marketing), contract (to deliver the app), and legitimate interests (security, basic analytics). You can withdraw consent at any time.
• USA: for non-HIPAA health apps, we comply with the FTC Health Breach Notification Rule for qualifying breaches of unsecured health information.

Depending on your location, you may have the right to:

• Access a copy of your personal information.
• Correct inaccurate or incomplete data.
• Delete your data (subject to legal/operational limits).
• Export/Port a machine-readable copy.
• Object/Restrict certain processing (e.g., analytics) and withdraw consent (e.g., marketing, device integrations) at any time.

How: In-app settings or by contacting us at privacy@loomvital.app. EU/UK residents may also complain to their data protection authority. In Canada, you may contact the Office of the Privacy Commissioner of Canada; in Saskatchewan, the Office of the Information and Privacy Commissioner.

We do NOT sell personal data.

We share information only with:

• Processors/Service Providers: e.g., cloud hosting, analytics, email delivery, crash reporting—bound by contract to protect your information and act only on our instructions.
• Integrations you enable: when you connect a wearable or a third-party app, we exchange data necessary for the integration.
• Legal & Safety: to comply with law, enforce our Terms, or protect rights, safety, or security.
• Business Transfers: if we are involved in a merger, acquisition, or asset sale, we will notify you and honor this Policy (or seek your consent where required).

We may process data in countries other than yours (e.g., the U.S. or Canada). Where required, we use safeguards such as standard contractual clauses and vendor due diligence.

We use administrative, technical, and physical safeguards (e.g., encryption in transit, role-based access, least-privilege, audit logs). No method is 100% secure; we continuously improve our protections.

We keep personal data for as long as your account is active or as needed to provide Services and meet legal obligations. You can delete entries or your account in the app; backups may persist for a limited period.

We obtain consent before sending commercial electronic messages to Canadian users and include clear unsubscribe mechanisms. You can adjust preferences in-app or via email footer links.

On our website, we use necessary cookies and (if you consent) analytics cookies. You can manage cookies via your browser and our cookie banner where available.

If you enable AI insights, we use your logs and settings to generate summaries and recommendations. We do NOT use your personal data to train public models. We may use de-identified or aggregated data to improve model quality. Automated outputs do NOT constitute medical advice (see Terms).

The Services are not directed to children under 13 (or higher age as required in your region). If you believe a child has provided data, contact us to delete it.

• Canada: We follow PIPEDA principles. For health system "trustees" under Saskatchewan HIPA, obligations apply to custodians of personal health information. LoomVital is not a health-system trustee unless specifically engaged as such.
• EU/UK: You may have additional rights under GDPR/UK GDPR, including data portability and objection to automated decision-making.
• California: We do not "sell" personal information as defined under the CCPA/CPRA. California residents may request disclosure/deletion and limit the use of sensitive information where applicable.
• United States (non-HIPAA apps): We comply with the FTC Health Breach Notification Rule for qualifying breaches.

We may update this Policy. We will post the new version and update the effective date. Material changes will be notified through the app or email.

Questions or requests: privacy@loomvital.app

Postal: LoomVital Inc.